github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

mbedtls: make style

Browse source
This commit is contained in:
Philippe Teuwen 2021-05-14 11:00:46 +02:00
commit b1d6eaf2f7
177 changed files with 37224 additions and 41821 deletions
Download patch file Download diff file Expand all files Collapse all files

682
common/mbedtls/aes.c
View file

File diff suppressed because it is too large Load diff

6
common/mbedtls/aes.h
View file

@ -82,8 +82,7 @@ extern "C" {
/**
* \brief The AES context-type definition.
*/
typedef struct mbedtls_aes_context
{
typedef struct mbedtls_aes_context {
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
@ -101,8 +100,7 @@ mbedtls_aes_context;
/**
* \brief The AES XTS context-type definition.
*/
typedef struct mbedtls_aes_xts_context
{
typedef struct mbedtls_aes_xts_context {
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak

48
common/mbedtls/aesni.c
View file

@ -45,13 +45,11 @@
/*
* AES-NI support detection routine
*/
int mbedtls_aesni_has_support( unsigned int what )
{
int mbedtls_aesni_has_support(unsigned int what) {
static int done = 0;
static unsigned int c = 0;
if( ! done )
{
if (! done) {
asm("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c"(c)
@ -95,8 +93,7 @@ int mbedtls_aesni_has_support( unsigned int what )
int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] )
{
unsigned char output[16]) {
asm("movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0
@ -140,14 +137,12 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
*/
void mbedtls_aesni_gcm_mult(unsigned char c[16],
const unsigned char a[16],
const unsigned char b[16] )
{
const unsigned char b[16]) {
unsigned char aa[16], bb[16], cc[16];
size_t i;
/* The inputs are in big-endian order, so byte-reverse them */
for( i = 0; i < 16; i++ )
{
for (i = 0; i < 16; i++) {
aa[i] = a[15 - i];
bb[i] = b[15 - i];
}
@ -250,8 +245,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
* Compute decryption round keys from encryption round keys
*/
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey, int nr )
{
const unsigned char *fwdkey, int nr) {
unsigned char *ik = invkey;
const unsigned char *fk = fwdkey + 16 * nr;
@ -272,8 +266,7 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey,
* Key expansion, 128-bit case
*/
static void aesni_setkey_enc_128(unsigned char *rk,
const unsigned char *key )
{
const unsigned char *key) {
asm("movdqu (%1), %%xmm0 \n\t" // copy the original key
"movdqu %%xmm0, (%0) \n\t" // as round key 0
"jmp 2f \n\t" // skip auxiliary routine
@ -322,8 +315,7 @@ static void aesni_setkey_enc_128( unsigned char *rk,
* Key expansion, 192-bit case
*/
static void aesni_setkey_enc_192(unsigned char *rk,
const unsigned char *key )
{
const unsigned char *key) {
asm("movdqu (%1), %%xmm0 \n\t" // copy original round key
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
@ -379,8 +371,7 @@ static void aesni_setkey_enc_192( unsigned char *rk,
* Key expansion, 256-bit case
*/
static void aesni_setkey_enc_256(unsigned char *rk,
const unsigned char *key )
{
const unsigned char *key) {
asm("movdqu (%1), %%xmm0 \n\t"
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
@ -446,14 +437,19 @@ static void aesni_setkey_enc_256( unsigned char *rk,
*/
int mbedtls_aesni_setkey_enc(unsigned char *rk,
const unsigned char *key,
size_t bits )
{
switch( bits )
{
case 128: aesni_setkey_enc_128( rk, key ); break;
case 192: aesni_setkey_enc_192( rk, key ); break;
case 256: aesni_setkey_enc_256( rk, key ); break;
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
size_t bits) {
switch (bits) {
case 128:
aesni_setkey_enc_128(rk, key);
break;
case 192:
aesni_setkey_enc_192(rk, key);
break;
case 256:
aesni_setkey_enc_256(rk, key);
break;
default :
return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH);
}
return (0);

42
common/mbedtls/arc4.c
View file

@ -42,13 +42,11 @@
#if !defined(MBEDTLS_ARC4_ALT)
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
{
void mbedtls_arc4_init(mbedtls_arc4_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_arc4_context));
}
void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
{
void mbedtls_arc4_free(mbedtls_arc4_context *ctx) {
if (ctx == NULL)
return;
@ -59,8 +57,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
* ARC4 key schedule
*/
void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key,
unsigned int keylen )
{
unsigned int keylen) {
int i, j, a;
unsigned int k;
unsigned char *m;
@ -74,8 +71,7 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
j = k = 0;
for( i = 0; i < 256; i++, k++ )
{
for (i = 0; i < 256; i++, k++) {
if (k >= keylen) k = 0;
a = m[i];
@ -89,8 +85,7 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
* ARC4 cipher function
*/
int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int x, y, a, b;
size_t i;
unsigned char *m;
@ -99,10 +94,11 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
y = ctx->y;
m = ctx->m;
for( i = 0; i < length; i++ )
{
x = ( x + 1 ) & 0xFF; a = m[x];
y = ( y + a ) & 0xFF; b = m[y];
for (i = 0; i < length; i++) {
x = (x + 1) & 0xFF;
a = m[x];
y = (y + a) & 0xFF;
b = m[y];
m[x] = (unsigned char) b;
m[y] = (unsigned char) a;
@ -125,22 +121,19 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
*
* http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
*/
static const unsigned char arc4_test_key[3][8] =
{
static const unsigned char arc4_test_key[3][8] = {
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
};
static const unsigned char arc4_test_pt[3][8] =
{
static const unsigned char arc4_test_pt[3][8] = {
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
};
static const unsigned char arc4_test_ct[3][8] =
{
static const unsigned char arc4_test_ct[3][8] = {
{ 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
{ 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
{ 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
@ -149,8 +142,7 @@ static const unsigned char arc4_test_ct[3][8] =
/*
* Checkup routine
*/
int mbedtls_arc4_self_test( int verbose )
{
int mbedtls_arc4_self_test(int verbose) {
int i, ret = 0;
unsigned char ibuf[8];
unsigned char obuf[8];
@ -158,8 +150,7 @@ int mbedtls_arc4_self_test( int verbose )
mbedtls_arc4_init(&ctx);
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
if (verbose != 0)
mbedtls_printf(" ARC4 test #%d: ", i + 1);
@ -168,8 +159,7 @@ int mbedtls_arc4_self_test( int verbose )
mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8);
mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf);
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
{
if (memcmp(obuf, arc4_test_ct[i], 8) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

3
common/mbedtls/arc4.h
View file

@ -52,8 +52,7 @@ extern "C" {
* security risk. We recommend considering stronger ciphers instead.
*
*/
typedef struct mbedtls_arc4_context
{
typedef struct mbedtls_arc4_context {
int x; /*!< permutation index */
int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */

228
common/mbedtls/aria.c
View file

@ -92,8 +92,7 @@
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
__ARM_ARCH >= 6
static inline uint32_t aria_p1( uint32_t x )
{
static inline uint32_t aria_p1(uint32_t x) {
uint32_t r;
__asm("rev16 %0, %1" : "=l"(r) : "l"(x));
return (r);
@ -101,8 +100,7 @@ static inline uint32_t aria_p1( uint32_t x )
#define ARIA_P1 aria_p1
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
static inline uint32_t aria_p1( uint32_t x )
{
static inline uint32_t aria_p1(uint32_t x) {
uint32_t r;
__asm("rev16 r, x");
return (r);
@ -143,8 +141,7 @@ static inline uint32_t aria_p1( uint32_t x )
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
__ARM_ARCH >= 6
static inline uint32_t aria_p3( uint32_t x )
{
static inline uint32_t aria_p3(uint32_t x) {
uint32_t r;
__asm("rev %0, %1" : "=l"(r) : "l"(x));
return (r);
@ -152,8 +149,7 @@ static inline uint32_t aria_p3( uint32_t x )
#define ARIA_P3 aria_p3
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
static inline uint32_t aria_p3( uint32_t x )
{
static inline uint32_t aria_p3(uint32_t x) {
uint32_t r;
__asm("rev r, x");
return (r);
@ -163,8 +159,7 @@ static inline uint32_t aria_p3( uint32_t x )
#endif /* arm */
#if defined(__GNUC__) && \
defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
static inline uint32_t aria_p3( uint32_t x )
{
static inline uint32_t aria_p3(uint32_t x) {
__asm("bswap %0" : "=r"(x) : "0"(x));
return (x);
}
@ -199,8 +194,7 @@ static inline uint32_t aria_p3( uint32_t x )
* The implementation below uses only P1 and P2 as they are sufficient.
*/
static inline void aria_a(uint32_t *a, uint32_t *b,
uint32_t *c, uint32_t *d )
{
uint32_t *c, uint32_t *d) {
uint32_t ta, tb, tc;
ta = *b; // 4567
*b = *a; // 0123
@ -233,8 +227,7 @@ static inline void aria_a( uint32_t *a, uint32_t *b,
static inline void aria_sl(uint32_t *a, uint32_t *b,
uint32_t *c, uint32_t *d,
const uint8_t sa[256], const uint8_t sb[256],
const uint8_t sc[256], const uint8_t sd[256] )
{
const uint8_t sc[256], const uint8_t sd[256]) {
*a = ((uint32_t) sa[ *a & 0xFF]) ^
(((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^
(((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^
@ -256,8 +249,7 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
/*
* S-Boxes
*/
static const uint8_t aria_sb1[256] =
{
static const uint8_t aria_sb1[256] = {
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B,
0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26,
@ -282,8 +274,7 @@ static const uint8_t aria_sb1[256] =
0xB0, 0x54, 0xBB, 0x16
};
static const uint8_t aria_sb2[256] =
{
static const uint8_t aria_sb2[256] = {
0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46,
0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B,
0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B,
@ -308,8 +299,7 @@ static const uint8_t aria_sb2[256] =
0xAF, 0xBA, 0xB5, 0x81
};
static const uint8_t aria_is1[256] =
{
static const uint8_t aria_is1[256] = {
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E,
0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32,
@ -334,8 +324,7 @@ static const uint8_t aria_is1[256] =
0x55, 0x21, 0x0C, 0x7D
};
static const uint8_t aria_is2[256] =
{
static const uint8_t aria_is2[256] = {
0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1,
0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3,
0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89,
@ -364,8 +353,7 @@ static const uint8_t aria_is2[256] =
* Helper for key schedule: r = FO( p, k ) ^ x
*/
static void aria_fo_xor(uint32_t r[4], const uint32_t p[4],
const uint32_t k[4], const uint32_t x[4] )
{
const uint32_t k[4], const uint32_t x[4]) {
uint32_t a, b, c, d;
a = p[0] ^ k[0];
@ -386,8 +374,7 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4],
* Helper for key schedule: r = FE( p, k ) ^ x
*/
static void aria_fe_xor(uint32_t r[4], const uint32_t p[4],
const uint32_t k[4], const uint32_t x[4] )
{
const uint32_t k[4], const uint32_t x[4]) {
uint32_t a, b, c, d;
a = p[0] ^ k[0];
@ -411,8 +398,7 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
* GET/PUT_UINT32_LE) so we need to reverse bytes here.
*/
static void aria_rot128(uint32_t r[4], const uint32_t a[4],
const uint32_t b[4], uint8_t n )
{
const uint32_t b[4], uint8_t n) {
uint8_t i, j;
uint32_t t, u;
@ -421,8 +407,7 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4],
j = (n / 32) % 4; // initial word offset
t = ARIA_P3(b[j]); // big endian
for( i = 0; i < 4; i++ )
{
for (i = 0; i < 4; i++) {
j = (j + 1) % 4; // get next word, big endian
u = ARIA_P3(b[j]);
t <<= n1; // rotate
@ -437,11 +422,9 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4],
* Set encryption key
*/
int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
const unsigned char *key, unsigned int keybits )
{
const unsigned char *key, unsigned int keybits) {
/* round constant masks */
const uint32_t rc[3][4] =
{
const uint32_t rc[3][4] = {
{ 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA },
{ 0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF },
{ 0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804 }
@ -462,13 +445,11 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
GET_UINT32_LE(w[0][3], key, 12);
memset(w[1], 0, 16);
if( keybits >= 192 )
{
if (keybits >= 192) {
GET_UINT32_LE(w[1][0], key, 16); // 192 bit key
GET_UINT32_LE(w[1][1], key, 20);
}
if( keybits == 256 )
{
if (keybits == 256) {
GET_UINT32_LE(w[1][2], key, 24); // 256 bit key
GET_UINT32_LE(w[1][3], key, 28);
}
@ -482,8 +463,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
i = i < 2 ? i + 1 : 0;
aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1
for( i = 0; i < 4; i++ ) // create round keys
{
for (i = 0; i < 4; i++) { // create round keys
w2 = w[(i + 1) & 3];
aria_rot128(ctx->rk[i ], w[i], w2, 128 - 19);
aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31);
@ -502,8 +482,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
* Set decryption key
*/
int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
const unsigned char *key, unsigned int keybits )
{
const unsigned char *key, unsigned int keybits) {
int i, j, k, ret;
ARIA_VALIDATE_RET(ctx != NULL);
ARIA_VALIDATE_RET(key != NULL);
@ -513,10 +492,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
return (ret);
/* flip the order of round keys */
for( i = 0, j = ctx->nr; i < j; i++, j-- )
{
for( k = 0; k < 4; k++ )
{
for (i = 0, j = ctx->nr; i < j; i++, j--) {
for (k = 0; k < 4; k++) {
uint32_t t = ctx->rk[i][k];
ctx->rk[i][k] = ctx->rk[j][k];
ctx->rk[j][k] = t;
@ -524,8 +501,7 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
}
/* apply affine transform to middle keys */
for( i = 1; i < ctx->nr; i++ )
{
for (i = 1; i < ctx->nr; i++) {
aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
&ctx->rk[i][2], &ctx->rk[i][3]);
}
@ -538,8 +514,7 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
*/
int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] )
{
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]) {
int i;
uint32_t a, b, c, d;
@ -553,8 +528,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
GET_UINT32_LE(d, input, 12);
i = 0;
while( 1 )
{
while (1) {
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
c ^= ctx->rk[i][2];
@ -591,15 +565,13 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
}
/* Initialize context */
void mbedtls_aria_init( mbedtls_aria_context *ctx )
{
void mbedtls_aria_init(mbedtls_aria_context *ctx) {
ARIA_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_aria_context));
}
/* Clear context */
void mbedtls_aria_free( mbedtls_aria_context *ctx )
{
void mbedtls_aria_free(mbedtls_aria_context *ctx) {
if (ctx == NULL)
return;
@ -615,8 +587,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
size_t length,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int i;
unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
@ -630,10 +601,8 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
if (length % MBEDTLS_ARIA_BLOCKSIZE)
return (MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH);
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
mbedtls_aria_crypt_ecb(ctx, input, output);
@ -646,11 +615,8 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
output += MBEDTLS_ARIA_BLOCKSIZE;
length -= MBEDTLS_ARIA_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);
@ -677,8 +643,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
size_t *iv_off,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
unsigned char c;
size_t n;
@ -698,10 +663,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
if (n >= MBEDTLS_ARIA_BLOCKSIZE)
return (MBEDTLS_ERR_ARIA_BAD_INPUT_DATA);
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length-- )
{
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length--) {
if (n == 0)
mbedtls_aria_crypt_ecb(ctx, iv, iv);
@ -711,11 +674,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
} else {
while (length--) {
if (n == 0)
mbedtls_aria_crypt_ecb(ctx, iv, iv);
@ -741,8 +701,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int c, i;
size_t n;
@ -760,8 +719,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
if (n >= MBEDTLS_ARIA_BLOCKSIZE)
return (MBEDTLS_ERR_ARIA_BAD_INPUT_DATA);
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, nonce_counter,
stream_block);
@ -788,28 +746,31 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
/*
* Basic ARIA ECB test vectors from RFC 5794
*/
static const uint8_t aria_test1_ecb_key[32] = // test key
{
static const uint8_t aria_test1_ecb_key[32] = { // test key
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit
};
static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] = // plaintext
{
static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] = { // plaintext
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes
};
static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = // ciphertext
static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = { // ciphertext
{
{ 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit
0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 },
{ 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit
0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 },
{ 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit
0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC }
0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit
0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78
},
{
0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit
0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79
},
{
0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit
0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC
}
};
/*
@ -818,16 +779,14 @@ static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = // c
*/
#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_CTR))
static const uint8_t aria_test2_key[32] =
{
static const uint8_t aria_test2_key[32] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 192 bit
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit
};
static const uint8_t aria_test2_pt[48] =
{
static const uint8_t aria_test2_pt[48] = {
0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all
0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb,
0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc,
@ -838,82 +797,96 @@ static const uint8_t aria_test2_pt[48] =
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB))
static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] =
{
static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] = {
0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for CBC, CFB
0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 // CTR has zero IV
};
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertext
static const uint8_t aria_test2_cbc_ct[3][48] = { // CBC ciphertext
{
{ 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key
0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key
0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34,
0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64,
0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38,
0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c,
0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 },
{ 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key
0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15
},
{
0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key
0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f,
0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1,
0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5,
0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92,
0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e },
{ 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key
0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e
},
{
0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key
0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab,
0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef,
0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52,
0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5,
0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b }
0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b
}
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertext
static const uint8_t aria_test2_cfb_ct[3][48] = { // CFB ciphertext
{
{ 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key
0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key
0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00,
0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a,
0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01,
0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96,
0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b },
{ 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key
0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b
},
{
0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key
0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c,
0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94,
0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59,
0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86,
0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b },
{ 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key
0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b
},
{
0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key
0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35,
0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70,
0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa,
0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c,
0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 }
0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1
}
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
static const uint8_t aria_test2_ctr_ct[3][48] = { // CTR ciphertext
{
{ 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key
0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key
0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1,
0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1,
0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f,
0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71,
0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 },
{ 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key
0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3
},
{
0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key
0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce,
0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde,
0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79,
0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce,
0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf },
{ 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key
0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf
},
{
0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key
0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2,
0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89,
0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f,
0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7,
0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 }
0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1
}
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -930,8 +903,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
/*
* Checkup routine
*/
int mbedtls_aria_self_test( int verbose )
{
int mbedtls_aria_self_test(int verbose) {
int i;
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
@ -949,8 +921,7 @@ int mbedtls_aria_self_test( int verbose )
/*
* Test set 1
*/
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* test ECB encryption */
if (verbose)
mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i);
@ -974,8 +945,7 @@ int mbedtls_aria_self_test( int verbose )
* Test set 2
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CBC encryption */
if (verbose)
mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i);
@ -1004,8 +974,7 @@ int mbedtls_aria_self_test( int verbose )
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CFB encryption */
if (verbose)
mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i);
@ -1035,8 +1004,7 @@ int mbedtls_aria_self_test( int verbose )
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CTR encryption */
if (verbose)
mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i);

3
common/mbedtls/aria.h
View file

@ -72,8 +72,7 @@ extern "C" {
/**
* \brief The ARIA context-type definition.
*/
typedef struct mbedtls_aria_context
{
typedef struct mbedtls_aria_context {
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];

12
common/mbedtls/asn1.h
View file

@ -146,8 +146,7 @@ extern "C" {
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct mbedtls_asn1_buf
{
typedef struct mbedtls_asn1_buf {
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
@ -157,8 +156,7 @@ mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct mbedtls_asn1_bitstring
{
typedef struct mbedtls_asn1_bitstring {
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
@ -168,8 +166,7 @@ mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct mbedtls_asn1_sequence
{
typedef struct mbedtls_asn1_sequence {
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
}
@ -178,8 +175,7 @@ mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct mbedtls_asn1_named_data
{
typedef struct mbedtls_asn1_named_data {
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */

99
common/mbedtls/asn1parse.c
View file

@ -44,17 +44,14 @@
*/
int mbedtls_asn1_get_len(unsigned char **p,
const unsigned char *end,
size_t *len )
{
size_t *len) {
if ((end - *p) < 1)
return (MBEDTLS_ERR_ASN1_OUT_OF_DATA);
if ((**p & 0x80) == 0)
*len = *(*p)++;
else
{
switch( **p & 0x7F )
{
else {
switch (**p & 0x7F) {
case 1:
if ((end - *p) < 2)
return (MBEDTLS_ERR_ASN1_OUT_OF_DATA);
@ -102,8 +99,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag )
{
size_t *len, int tag) {
if ((end - *p) < 1)
return (MBEDTLS_ERR_ASN1_OUT_OF_DATA);
@ -117,8 +113,7 @@ int mbedtls_asn1_get_tag( unsigned char **p,
int mbedtls_asn1_get_bool(unsigned char **p,
const unsigned char *end,
int *val )
{
int *val) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -136,8 +131,7 @@ int mbedtls_asn1_get_bool( unsigned char **p,
static int asn1_get_tagged_int(unsigned char **p,
const unsigned char *end,
int tag, int *val )
{
int tag, int *val) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -155,8 +149,7 @@ static int asn1_get_tagged_int( unsigned char **p,
return (MBEDTLS_ERR_ASN1_INVALID_LENGTH);
/* Skip leading zeros. */
while( len > 0 && **p == 0 )
{
while (len > 0 && **p == 0) {
++(*p);
--len;
}
@ -169,8 +162,7 @@ static int asn1_get_tagged_int( unsigned char **p,
return (MBEDTLS_ERR_ASN1_INVALID_LENGTH);
*val = 0;
while( len-- > 0 )
{
while (len-- > 0) {
*val = (*val << 8) | **p;
(*p)++;
}
@ -180,23 +172,20 @@ static int asn1_get_tagged_int( unsigned char **p,
int mbedtls_asn1_get_int(unsigned char **p,
const unsigned char *end,
int *val )
{
int *val) {
return (asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val));
}
int mbedtls_asn1_get_enum(unsigned char **p,
const unsigned char *end,
int *val )
{
int *val) {
return (asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val));
}
#if defined(MBEDTLS_BIGNUM_C)
int mbedtls_asn1_get_mpi(unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X )
{
mbedtls_mpi *X) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -212,8 +201,7 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
#endif /* MBEDTLS_BIGNUM_C */
int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end,
mbedtls_asn1_bitstring *bs)
{
mbedtls_asn1_bitstring *bs) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Certificate type is a single byte bitstring */
@ -252,23 +240,20 @@ int mbedtls_asn1_traverse_sequence_of(
unsigned char tag_may_mask, unsigned char tag_may_val,
int (*cb)(void *ctx, int tag,
unsigned char *start, size_t len),
void *ctx )
{
void *ctx) {
int ret;
size_t len;
/* Get main sequence tag */
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (ret);
}
if (*p + len != end)
return (MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
while( *p < end )
{
while (*p < end) {
unsigned char const tag = *(*p)++;
if ((tag & tag_must_mask) != tag_must_val)
@ -277,10 +262,8 @@ int mbedtls_asn1_traverse_sequence_of(
if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0)
return (ret);
if( ( tag & tag_may_mask ) == tag_may_val )
{
if( cb != NULL )
{
if ((tag & tag_may_mask) == tag_may_val) {
if (cb != NULL) {
ret = cb(ctx, tag, *p, len);
if (ret != 0)
return (ret);
@ -297,8 +280,7 @@ int mbedtls_asn1_traverse_sequence_of(
* Get a bit string without unused bits
*/
int mbedtls_asn1_get_bitstring_null(unsigned char **p, const unsigned char *end,
size_t *len )
{
size_t *len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0)
@ -315,10 +297,8 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
return (0);
}
void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
{
while( seq != NULL )
{
void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq) {
while (seq != NULL) {
mbedtls_asn1_sequence *next = seq->next;
mbedtls_platform_zeroize(seq, sizeof(*seq));
mbedtls_free(seq);
@ -326,8 +306,7 @@ void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
}
}
typedef struct
{
typedef struct {
int tag;
mbedtls_asn1_sequence *cur;
} asn1_get_sequence_of_cb_ctx_t;
@ -335,15 +314,13 @@ typedef struct
static int asn1_get_sequence_of_cb(void *ctx,
int tag,
unsigned char *start,
size_t len )
{
size_t len) {
asn1_get_sequence_of_cb_ctx_t *cb_ctx =
(asn1_get_sequence_of_cb_ctx_t *) ctx;
mbedtls_asn1_sequence *cur =
cb_ctx->cur;
if( cur->buf.p != NULL )
{
if (cur->buf.p != NULL) {
cur->next =
mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
@ -367,8 +344,7 @@ static int asn1_get_sequence_of_cb( void *ctx,
int mbedtls_asn1_get_sequence_of(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_sequence *cur,
int tag)
{
int tag) {
asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
memset(cur, 0, sizeof(mbedtls_asn1_sequence));
return (mbedtls_asn1_traverse_sequence_of(
@ -378,8 +354,7 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
int mbedtls_asn1_get_alg(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
{
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -399,8 +374,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,
alg->p = *p;
*p += alg->len;
if( *p == end )
{
if (*p == end) {
mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
return (0);
}
@ -422,8 +396,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,
int mbedtls_asn1_get_alg_null(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg )
{
mbedtls_asn1_buf *alg) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf params;
@ -438,8 +411,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
return (0);
}
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
{
void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur) {
if (cur == NULL)
return;
@ -449,12 +421,10 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
mbedtls_platform_zeroize(cur, sizeof(mbedtls_asn1_named_data));
}
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
{
void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head) {
mbedtls_asn1_named_data *cur;
while( ( cur = *head ) != NULL )
{
while ((cur = *head) != NULL) {
*head = cur->next;
mbedtls_asn1_free_named_data(cur);
mbedtls_free(cur);
@ -462,13 +432,10 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
}
mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list,
const char *oid, size_t len )
{
while( list != NULL )
{
const char *oid, size_t len) {
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}

119
common/mbedtls/asn1write.c
View file

@ -34,10 +34,8 @@
#define mbedtls_free free
#endif
int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
{
if( len < 0x80 )
{
int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len) {
if (len < 0x80) {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -45,8 +43,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return (1);
}
if( len <= 0xFF )
{
if (len <= 0xFF) {
if (*p - start < 2)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -55,8 +52,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return (2);
}
if( len <= 0xFFFF )
{
if (len <= 0xFFFF) {
if (*p - start < 3)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -66,8 +62,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return (3);
}
if( len <= 0xFFFFFF )
{
if (len <= 0xFFFFFF) {
if (*p - start < 4)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -98,8 +93,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
#endif
}
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
{
int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag) {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -109,8 +103,7 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned ch
}
int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size )
{
const unsigned char *buf, size_t size) {
size_t len = 0;
if (*p < start || (size_t)(*p - start) < size)
@ -124,8 +117,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
}
#if defined(MBEDTLS_BIGNUM_C)
int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
{
int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, const mbedtls_mpi *X) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -142,8 +134,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
if( X->s ==1 && **p & 0x80 )
{
if (X->s == 1 && **p & 0x80) {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -161,8 +152,7 @@ cleanup:
}
#endif /* MBEDTLS_BIGNUM_C */
int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
{
int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -175,8 +165,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
}
int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len )
{
const char *oid, size_t oid_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -190,8 +179,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
size_t par_len )
{
size_t par_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -209,8 +197,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
return ((int) len);
}
int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
{
int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -226,23 +213,19 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
return ((int) len);
}
static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag )
{
static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do
{
do {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
len += 1;
*--(*p) = val & 0xff;
val >>= 8;
}
while( val > 0 );
} while (val > 0);
if( **p & 0x80 )
{
if (**p & 0x80) {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
*--(*p) = 0x00;
@ -255,19 +238,16 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
return ((int) len);
}
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
{
int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val) {
return (asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER));
}
int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val )
{
int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val) {
return (asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED));
}
int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag,
const char *text, size_t text_len )
{
const char *text, size_t text_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -281,28 +261,24 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, i
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len )
{
const char *text, size_t text_len) {
return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len));
}
int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len )
{
const char *text, size_t text_len) {
return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len));
}
int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len )
{
const char *text, size_t text_len) {
return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len));
}
int mbedtls_asn1_write_named_bitstring(unsigned char **p,
unsigned char *start,
const unsigned char *buf,
size_t bits )
{
size_t bits) {
size_t unused_bits, byte_len;
const unsigned char *cur_byte;
unsigned char cur_byte_shifted;
@ -316,13 +292,11 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
* when encoding this value in the first content octet
*/
if( bits != 0 )
{
if (bits != 0) {
cur_byte = buf + byte_len - 1;
cur_byte_shifted = *cur_byte >> unused_bits;
for( ; ; )
{
for (; ;) {
bit = cur_byte_shifted & 0x1;
cur_byte_shifted >>= 1;
@ -342,8 +316,7 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
}
int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits )
{
const unsigned char *buf, size_t bits) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
@ -357,8 +330,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
len = byte_len + 1;
/* Write the bitstring. Ensure the unused bits are zeroed */
if( byte_len > 0 )
{
if (byte_len > 0) {
byte_len--;
*--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
(*p) -= byte_len;
@ -375,8 +347,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
}
int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size )
{
const unsigned char *buf, size_t size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -393,13 +364,10 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
static mbedtls_asn1_named_data *asn1_find_named_data(
mbedtls_asn1_named_data *list,
const char *oid, size_t len )
{
while( list != NULL )
{
const char *oid, size_t len) {
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}
@ -413,12 +381,10 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
mbedtls_asn1_named_data **head,
const char *oid, size_t oid_len,
const unsigned char *val,
size_t val_len )
{
size_t val_len) {
mbedtls_asn1_named_data *cur;
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
{
if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
// Add new entry if not present yet based on OID
//
cur = (mbedtls_asn1_named_data *)mbedtls_calloc(1,
@ -428,8 +394,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
cur->oid.len = oid_len;
cur->oid.p = mbedtls_calloc(1, oid_len);
if( cur->oid.p == NULL )
{
if (cur->oid.p == NULL) {
mbedtls_free(cur);
return (NULL);
}
@ -437,11 +402,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
memcpy(cur->oid.p, oid, oid_len);
cur->val.len = val_len;
if( val_len != 0 )
{
if (val_len != 0) {
cur->val.p = mbedtls_calloc(1, val_len);
if( cur->val.p == NULL )
{
if (cur->val.p == NULL) {
mbedtls_free(cur->oid.p);
mbedtls_free(cur);
return (NULL);
@ -450,14 +413,10 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
cur->next = *head;
*head = cur;
}
else if( val_len == 0 )
{
} else if (val_len == 0) {
mbedtls_free(cur->val.p);
cur->val.p = NULL;
}
else if( cur->val.len != val_len )
{
} else if (cur->val.len != val_len) {
/*
* Enlarge existing value buffer if needed
* Preserve old data until the allocation succeeded, to leave list in

72
common/mbedtls/base64.c
View file

@ -35,8 +35,7 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
static const unsigned char base64_enc_map[64] =
{
static const unsigned char base64_enc_map[64] = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
@ -46,8 +45,7 @@ static const unsigned char base64_enc_map[64] =
'8', '9', '+', '/'
};
static const unsigned char base64_dec_map[128] =
{
static const unsigned char base64_dec_map[128] = {
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
@ -69,8 +67,7 @@ static const unsigned char base64_dec_map[128] =
* Constant flow conditional assignment to unsigned char
*/
static void mbedtls_base64_cond_assign_uchar(unsigned char *dest, const unsigned char *const src,
unsigned char condition )
{
unsigned char condition) {
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
@ -94,8 +91,7 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsign
* Constant flow conditional assignment to uint_32
*/
static void mbedtls_base64_cond_assign_uint32(uint32_t *dest, const uint32_t src,
uint32_t condition )
{
uint32_t condition) {
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
@ -118,8 +114,7 @@ static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t s
/*
* Constant flow check for equality
*/
static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
{
static unsigned char mbedtls_base64_eq(size_t in_a, size_t in_b) {
size_t difference = in_a ^ in_b;
/* MSVC has a warning about unary minus on unsigned integer types,
@ -145,13 +140,11 @@ static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
* Constant flow lookup into table.
*/
static unsigned char mbedtls_base64_table_lookup(const unsigned char *const table,
const size_t table_size, const size_t table_index )
{
const size_t table_size, const size_t table_index) {
size_t i;
unsigned char result = 0;
for( i = 0; i < table_size; ++i )
{
for (i = 0; i < table_size; ++i) {
mbedtls_base64_cond_assign_uchar(&result, &table[i], mbedtls_base64_eq(i, table_index));
}
@ -162,38 +155,33 @@ static unsigned char mbedtls_base64_table_lookup( const unsigned char * const ta
* Encode a buffer into base64 format
*/
int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen )
{
const unsigned char *src, size_t slen) {
size_t i, n;
int C1, C2, C3;
unsigned char *p;
if( slen == 0 )
{
if (slen == 0) {
*olen = 0;
return (0);
}
n = slen / 3 + (slen % 3 != 0);
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
{
if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
*olen = BASE64_SIZE_T_MAX;
return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
}
n *= 4;
if( ( dlen < n + 1 ) || ( NULL == dst ) )
{
if ((dlen < n + 1) || (NULL == dst)) {
*olen = n + 1;
return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
}
n = (slen / 3) * 3;
for( i = 0, p = dst; i < n; i += 3 )
{
for (i = 0, p = dst; i < n; i += 3) {
C1 = *src++;
C2 = *src++;
C3 = *src++;
@ -211,8 +199,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
(C3 & 0x3F));
}
if( i < slen )
{
if (i < slen) {
C1 = *src++;
C2 = ((i + 1) < slen) ? *src++ : 0;
@ -240,20 +227,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
* Decode a base64-formatted buffer
*/
int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen )
{
const unsigned char *src, size_t slen) {
size_t i, n;
uint32_t j, x;
unsigned char *p;
unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
{
for (i = n = j = 0; i < slen; i++) {
/* Skip spaces before checking for EOL */
x = 0;
while( i < slen && src[i] == ' ' )
{
while (i < slen && src[i] == ' ') {
++i;
++x;
}
@ -287,8 +271,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
n++;
}
if( n == 0 )
{
if (n == 0) {
*olen = 0;
return (0);
}
@ -300,14 +283,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
n -= j;
if( dst == NULL || dlen < n )
{
if (dst == NULL || dlen < n) {
*olen = n;
return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
}
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
{
for (j = 3, n = x = 0, p = dst; i > 0; i--, src++) {
if (*src == '\r' || *src == '\n' || *src == ' ')
continue;
@ -316,8 +297,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
mbedtls_base64_cond_assign_uint32(&j, j - 1, mbedtls_base64_eq(dec_map_lookup, 64));
x = (x << 6) | (dec_map_lookup & 0x3F);
if( ++n == 4 )
{
if (++n == 4) {
n = 0;
if (j > 0) *p++ = (unsigned char)(x >> 16);
if (j > 1) *p++ = (unsigned char)(x >> 8);
@ -332,8 +312,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char base64_test_dec[64] =
{
static const unsigned char base64_test_dec[64] = {
0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
@ -351,8 +330,7 @@ static const unsigned char base64_test_enc[] =
/*
* Checkup routine
*/
int mbedtls_base64_self_test( int verbose )
{
int mbedtls_base64_self_test(int verbose) {
size_t len;
const unsigned char *src;
unsigned char buffer[128];
@ -363,8 +341,7 @@ int mbedtls_base64_self_test( int verbose )
src = base64_test_dec;
if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
memcmp(base64_test_enc, buffer, 88) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -377,8 +354,7 @@ int mbedtls_base64_self_test( int verbose )
src = base64_test_enc;
if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
{
memcmp(base64_test_dec, buffer, 64) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

724
common/mbedtls/bignum.c
View file

File diff suppressed because it is too large Load diff

3
common/mbedtls/bignum.h
View file

@ -181,8 +181,7 @@ extern "C" {
/**
* \brief MPI structure
*/
typedef struct mbedtls_mpi
{
typedef struct mbedtls_mpi {
int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t n; /*!< total # of limbs */
mbedtls_mpi_uint *p; /*!< pointer to limbs */

117
common/mbedtls/blowfish.c
View file

@ -74,8 +74,7 @@ static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
/* declarations of data at the end of this file */
static const uint32_t S[4][256];
static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
{
static uint32_t F(mbedtls_blowfish_context *ctx, uint32_t x) {
unsigned short a, b, c, d;
uint32_t y;
@ -93,16 +92,14 @@ static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
return (y);
}
static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
{
static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) {
uint32_t Xl, Xr, temp;
short i;
Xl = *xl;
Xr = *xr;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -122,16 +119,14 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
*xr = Xr;
}
static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
{
static void blowfish_dec(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) {
uint32_t Xl, Xr, temp;
short i;
Xl = *xl;
Xr = *xr;
for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
{
for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -151,14 +146,12 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
*xr = Xr;
}
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
{
void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx) {
BLOWFISH_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_blowfish_context));
}
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
{
void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx) {
if (ctx == NULL)
return;
@ -170,8 +163,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
*/
int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx,
const unsigned char *key,
unsigned int keybits )
{
unsigned int keybits) {
unsigned int i, j, k;
uint32_t data, datal, datar;
BLOWFISH_VALIDATE_RET(ctx != NULL);
@ -179,25 +171,21 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
keybits % 8 != 0 )
{
keybits % 8 != 0) {
return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA);
}
keybits >>= 3;
for( i = 0; i < 4; i++ )
{
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j++)
ctx->S[i][j] = S[i][j];
}
j = 0;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) {
data = 0x00000000;
for( k = 0; k < 4; ++k )
{
for (k = 0; k < 4; ++k) {
data = (data << 8) | key[j++];
if (j >= keybits)
j = 0;
@ -208,17 +196,14 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
datal = 0x00000000;
datar = 0x00000000;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->P[i] = datal;
ctx->P[i + 1] = datar;
}
for( i = 0; i < 4; i++ )
{
for( j = 0; j < 256; j += 2 )
{
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->S[i][j] = datal;
ctx->S[i][j + 1] = datar;
@ -233,8 +218,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx,
int mode,
const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
{
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]) {
uint32_t X0, X1;
BLOWFISH_VALIDATE_RET(ctx != NULL);
BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT ||
@ -245,12 +229,9 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
GET_UINT32_BE(X0, input, 0);
GET_UINT32_BE(X1, input, 4);
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
blowfish_dec(ctx, &X0, &X1);
}
else /* MBEDTLS_BLOWFISH_ENCRYPT */
{
} else { /* MBEDTLS_BLOWFISH_ENCRYPT */
blowfish_enc(ctx, &X0, &X1);
}
@ -269,8 +250,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
size_t length,
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int i;
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
BLOWFISH_VALIDATE_RET(ctx != NULL);
@ -283,10 +263,8 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
if (length % MBEDTLS_BLOWFISH_BLOCKSIZE)
return (MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH);
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE);
mbedtls_blowfish_crypt_ecb(ctx, mode, input, output);
@ -299,11 +277,8 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);
@ -330,8 +305,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
size_t *iv_off,
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int c;
size_t n;
@ -347,10 +321,8 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
if (n >= 8)
return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA);
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length-- )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length--) {
if (n == 0)
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
@ -360,11 +332,8 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length-- )
{
} else {
while (length--) {
if (n == 0)
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
@ -390,8 +359,7 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int c, i;
size_t n;
BLOWFISH_VALIDATE_RET(ctx != NULL);
@ -405,8 +373,7 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
if (n >= 8)
return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA);
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
stream_block);
@ -428,7 +395,8 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static const uint32_t S[4][256] = {
{ 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
{
0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
@ -491,8 +459,10 @@ static const uint32_t S[4][256] = {
0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL },
{ 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL
},
{
0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
@ -555,8 +525,10 @@ static const uint32_t S[4][256] = {
0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L },
{ 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L
},
{
0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
@ -619,8 +591,10 @@ static const uint32_t S[4][256] = {
0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L },
{ 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L
},
{
0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
@ -683,7 +657,8 @@ static const uint32_t S[4][256] = {
0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L }
0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L
}
};
#endif /* !MBEDTLS_BLOWFISH_ALT */

3
common/mbedtls/blowfish.h
View file

@ -62,8 +62,7 @@ extern "C" {
/**
* \brief Blowfish context structure
*/
typedef struct mbedtls_blowfish_context
{
typedef struct mbedtls_blowfish_context {
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
}

440
common/mbedtls/camellia.c
View file

@ -72,8 +72,7 @@
}
#endif
static const unsigned char SIGMA_CHARS[6][8] =
{
static const unsigned char SIGMA_CHARS[6][8] = {
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
@ -84,8 +83,7 @@ static const unsigned char SIGMA_CHARS[6][8] =
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
static const unsigned char FSb[256] =
{
static const unsigned char FSb[256] = {
112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
@ -111,8 +109,7 @@ static const unsigned char FSb[256] =
#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
static const unsigned char FSb[256] =
{
static const unsigned char FSb[256] = {
112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
@ -131,8 +128,7 @@ static const unsigned char FSb[256] =
64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
};
static const unsigned char FSb2[256] =
{
static const unsigned char FSb2[256] = {
224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
@ -151,8 +147,7 @@ static const unsigned char FSb2[256] =
128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
};
static const unsigned char FSb3[256] =
{
static const unsigned char FSb3[256] = {
56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
@ -171,8 +166,7 @@ static const unsigned char FSb3[256] =
32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
};
static const unsigned char FSb4[256] =
{
static const unsigned char FSb4[256] = {
112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
@ -198,8 +192,7 @@ static const unsigned char FSb4[256] =
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
static const unsigned char shifts[2][4][4] =
{
static const unsigned char shifts[2][4][4] = {
{
{ 1, 1, 1, 1 }, /* KL */
{ 0, 0, 0, 0 }, /* KR */
@ -214,32 +207,46 @@ static const unsigned char shifts[2][4][4] =
}
};
static const signed char indexes[2][4][20] =
static const signed char indexes[2][4][20] = {
{
{
{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
36, 37, 23, 20, 21, 22, 27, -1, -1, 26
}, /* KL -> RK */
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1
}, /* KR -> RK */
{
4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
18, 19, -1, 24, 25, -1, 31, 28, 29, 30
}, /* KA -> RK */
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1
} /* KB -> RK */
},
{
{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
{
0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
-1, -1, 27, 24, 25, 26, 35, 32, 33, 34
}, /* KL -> RK */
{
-1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
18, 19, -1, -1, -1, -1, 39, 36, 37, 38
}, /* KR -> RK */
{
-1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
56, 57, 31, 28, 29, 30, -1, -1, -1, -1
}, /* KA -> RK */
{
4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
22, 23, -1, -1, -1, -1, 43, 40, 41, 42
} /* KB -> RK */
}
};
static const signed char transposes[2][20] =
{
static const signed char transposes[2][20] = {
{
21, 22, 23, 20,
-1, -1, -1, -1,
@ -295,8 +302,7 @@ static const signed char transposes[2][20] =
}
static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
uint32_t z[2])
{
uint32_t z[2]) {
uint32_t I0, I1;
I0 = x[0] ^ k[0];
I1 = x[1] ^ k[1];
@ -319,14 +325,12 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
z[1] ^= I0;
}
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
{
void mbedtls_camellia_init(mbedtls_camellia_context *ctx) {
CAMELLIA_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_camellia_context));
}
void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
{
void mbedtls_camellia_free(mbedtls_camellia_context *ctx) {
if (ctx == NULL)
return;
@ -338,8 +342,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
*/
int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits )
{
unsigned int keybits) {
int idx;
size_t i;
uint32_t *RK;
@ -356,12 +359,18 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
memset(t, 0, 64);
memset(RK, 0, sizeof(ctx->rk));
switch( keybits )
{
case 128: ctx->nr = 3; idx = 0; break;
switch (keybits) {
case 128:
ctx->nr = 3;
idx = 0;
break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
case 256:
ctx->nr = 4;
idx = 1;
break;
default :
return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
}
for (i = 0; i < keybits / 8; ++i)
@ -447,8 +456,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
*/
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits )
{
unsigned int keybits) {
int idx, ret;
size_t i;
mbedtls_camellia_context cty;
@ -474,8 +482,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
*RK++ = *SK++;
*RK++ = *SK++;
for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
{
for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
*RK++ = *SK++;
*RK++ = *SK++;
}
@ -499,8 +506,7 @@ exit:
int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] )
{
unsigned char output[16]) {
int NR;
uint32_t *RK, X[4];
CAMELLIA_VALIDATE_RET(ctx != NULL);
@ -569,8 +575,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int i;
unsigned char temp[16];
CAMELLIA_VALIDATE_RET(ctx != NULL);
@ -583,10 +588,8 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
if (length % 16)
return (MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH);
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, 16);
mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
@ -599,11 +602,8 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
output += 16;
length -= 16;
}
}
else
{
while( length > 0 )
{
} else {
while (length > 0) {
for (i = 0; i < 16; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);
@ -630,8 +630,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int c;
size_t n;
CAMELLIA_VALIDATE_RET(ctx != NULL);
@ -646,10 +645,8 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
if (n >= 16)
return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length-- )
{
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length--) {
if (n == 0)
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
@ -659,11 +656,8 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
} else {
while (length--) {
if (n == 0)
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
@ -689,8 +683,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int c, i;
size_t n;
CAMELLIA_VALIDATE_RET(ctx != NULL);
@ -704,8 +697,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
if (n >= 16)
return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
stream_block);
@ -739,124 +731,178 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
*/
#define CAMELLIA_TESTS_ECB 2
static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = {
{
{
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
},
{
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}
},
{
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
},
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}
},
{
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
},
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}
},
};
static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = {
{
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
},
{
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}
};
static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = {
{
{
{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
},
{
{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31
}
},
{
{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
{
0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
},
{
0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64
}
},
{
{
0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
},
{
0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35
}
}
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#define CAMELLIA_TESTS_CBC 3
static const unsigned char camellia_test_cbc_key[3][32] =
static const unsigned char camellia_test_cbc_key[3][32] = {
{
{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
}
,
{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
{
0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
}
,
{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
{
0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
}
};
static const unsigned char camellia_test_cbc_iv[16] =
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
}
;
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = {
{
{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
},
{
0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
},
{
0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF
}
};
static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = {
{
{
{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
},
{
{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87
},
{
{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54
}
},
{
{
0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
},
{
0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5
},
{
0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49
}
},
{
{
0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
},
{
0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50
},
{
0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83
}
}
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -868,56 +914,76 @@ static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
* http://www.faqs.org/rfcs/rfc5528.html
*/
static const unsigned char camellia_test_ctr_key[3][16] =
static const unsigned char camellia_test_ctr_key[3][16] = {
{
{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E
},
{
0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63
},
{
0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC
}
};
static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
static const unsigned char camellia_test_ctr_nonce_counter[3][16] = {
{
{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
},
{
0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01
},
{
0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01
}
};
static const unsigned char camellia_test_ctr_pt[3][48] =
static const unsigned char camellia_test_ctr_pt[3][48] = {
{
{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
0x20, 0x21, 0x22, 0x23 }
0x20, 0x21, 0x22, 0x23
}
};
static const unsigned char camellia_test_ctr_ct[3][48] =
static const unsigned char camellia_test_ctr_ct[3][48] = {
{
{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F
},
{
0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48
},
{
0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
0xDF, 0x50, 0x86, 0x96 }
0xDF, 0x50, 0x86, 0x96
}
};
static const int camellia_test_ctr_len[3] =
@ -927,8 +993,7 @@ static const int camellia_test_ctr_len[3] =
/*
* Checkup routine
*/
int mbedtls_camellia_self_test( int verbose )
{
int mbedtls_camellia_self_test(int verbose) {
int i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
@ -970,8 +1035,7 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -990,8 +1054,7 @@ int mbedtls_camellia_self_test( int verbose )
/*
* CBC mode
*/
for( j = 0; j < 6; j++ )
{
for (j = 0; j < 6; j++) {
u = j >> 1;
v = j & 1;
@ -1023,8 +1086,7 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -1044,8 +1106,7 @@ int mbedtls_camellia_self_test( int verbose )
/*
* CTR mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
@ -1059,32 +1120,27 @@ int mbedtls_camellia_self_test( int verbose )
offset = 0;
mbedtls_camellia_setkey_enc(&ctx, key, 128);
if( v == MBEDTLS_CAMELLIA_DECRYPT )
{
if (v == MBEDTLS_CAMELLIA_DECRYPT) {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_ct[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
{
if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
return (1);
}
}
else
{
} else {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_pt[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
{
if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

3
common/mbedtls/camellia.h
View file

@ -58,8 +58,7 @@ extern "C" {
/**
* \brief CAMELLIA context structure
*/
typedef struct mbedtls_camellia_context
{
typedef struct mbedtls_camellia_context {
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
}

75
common/mbedtls/ccm.c
View file

@ -58,8 +58,7 @@
/*
* Initialize context
*/
void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
{
void mbedtls_ccm_init(mbedtls_ccm_context *ctx) {
CCM_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_ccm_context));
}
@ -67,8 +66,7 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits )
{
unsigned int keybits) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
@ -89,8 +87,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
return (ret);
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_ENCRYPT)) != 0) {
return (ret);
}
@ -100,8 +97,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
/*
* Free context
*/
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{
void mbedtls_ccm_free(mbedtls_ccm_context *ctx) {
if (ctx == NULL)
return;
mbedtls_cipher_free(&ctx->cipher_ctx);
@ -149,8 +145,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
unsigned char q;
@ -214,8 +209,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
if( add_len > 0 )
{
if (add_len > 0) {
size_t use_len;
len_left = add_len;
src = add;
@ -231,8 +225,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
UPDATE_CBC_MAC;
while( len_left > 0 )
{
while (len_left > 0) {
use_len = len_left > 16 ? 16 : len_left;
memset(b, 0, 16);
@ -269,12 +262,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
src = input;
dst = output;
while( len_left > 0 )
{
while (len_left > 0) {
size_t use_len = len_left > 16 ? 16 : len_left;
if( mode == CCM_ENCRYPT )
{
if (mode == CCM_ENCRYPT) {
memset(b, 0, 16);
memcpy(b, src, use_len);
UPDATE_CBC_MAC;
@ -282,8 +273,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
CTR_CRYPT(dst, src, use_len);
if( mode == CCM_DECRYPT )
{
if (mode == CCM_DECRYPT) {
memset(b, 0, 16);
memcpy(b, dst, use_len);
UPDATE_CBC_MAC;
@ -321,8 +311,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
CCM_VALIDATE_RET(ctx != NULL);
CCM_VALIDATE_RET(iv != NULL);
CCM_VALIDATE_RET(add_len == 0 || add != NULL);
@ -337,8 +326,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
CCM_VALIDATE_RET(ctx != NULL);
CCM_VALIDATE_RET(iv != NULL);
CCM_VALIDATE_RET(add_len == 0 || add != NULL);
@ -359,8 +347,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
const unsigned char *tag, size_t tag_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
unsigned char i;
@ -375,8 +362,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
input, output, check_tag, tag_len)) != 0) {
return (ret);
}
@ -384,8 +370,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
for (diff = 0, i = 0; i < tag_len; i++)
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return (MBEDTLS_ERR_CCM_AUTH_FAILED);
}
@ -397,8 +382,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
const unsigned char *tag, size_t tag_len) {
CCM_VALIDATE_RET(ctx != NULL);
CCM_VALIDATE_RET(iv != NULL);
CCM_VALIDATE_RET(add_len == 0 || add != NULL);
@ -454,17 +438,20 @@ static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 };
static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
{
0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
{ 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd
},
{
0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51
}
};
int mbedtls_ccm_self_test( int verbose )
{
int mbedtls_ccm_self_test(int verbose) {
mbedtls_ccm_context ctx;
/*
* Some hardware accelerators require the input and output buffers
@ -479,16 +466,14 @@ int mbedtls_ccm_self_test( int verbose )
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
8 * sizeof key_test_data ) != 0 )
{
8 * sizeof key_test_data) != 0) {
if (verbose != 0)
mbedtls_printf(" CCM: setup failed");
return (1);
}
for( i = 0; i < NB_TESTS; i++ )
{
for (i = 0; i < NB_TESTS; i++) {
if (verbose != 0)
mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1);
@ -505,8 +490,7 @@ int mbedtls_ccm_self_test( int verbose )
if (ret != 0 ||
memcmp(ciphertext, res_test_data[i],
msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
{
msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -522,8 +506,7 @@ int mbedtls_ccm_self_test( int verbose )
tag_len_test_data[i]);
if (ret != 0 ||
memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
{
memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

3
common/mbedtls/ccm.h
View file

@ -73,8 +73,7 @@ extern "C" {
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
typedef struct mbedtls_ccm_context
{
typedef struct mbedtls_ccm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;

72
common/mbedtls/chacha20.c
View file

@ -87,8 +87,7 @@ static inline void chacha20_quarter_round( uint32_t state[16],
size_t a,
size_t b,
size_t c,
size_t d )
{
size_t d) {
/* a += b; d ^= a; d <<<= 16; */
state[a] += state[b];
state[d] ^= state[a];
@ -118,8 +117,7 @@ static inline void chacha20_quarter_round( uint32_t state[16],
*
* \param state The ChaCha20 state to update.
*/
static void chacha20_inner_block( uint32_t state[16] )
{
static void chacha20_inner_block(uint32_t state[16]) {
chacha20_quarter_round(state, 0, 4, 8, 12);
chacha20_quarter_round(state, 1, 5, 9, 13);
chacha20_quarter_round(state, 2, 6, 10, 14);
@ -138,8 +136,7 @@ static void chacha20_inner_block( uint32_t state[16] )
* \param keystream Generated keystream bytes are written to this buffer.
*/
static void chacha20_block(const uint32_t initial_state[16],
unsigned char keystream[64] )
{
unsigned char keystream[64]) {
uint32_t working_state[16];
size_t i;
@ -167,8 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16],
working_state[14] += initial_state[14];
working_state[15] += initial_state[15];
for( i = 0U; i < 16; i++ )
{
for (i = 0U; i < 16; i++) {
size_t offset = i * 4U;
keystream[offset ] = (unsigned char)(working_state[i]);
@ -180,8 +176,7 @@ static void chacha20_block( const uint32_t initial_state[16],
mbedtls_platform_zeroize(working_state, sizeof(working_state));
}
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx) {
CHACHA20_VALIDATE(ctx != NULL);
mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));
@ -191,17 +186,14 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
}
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
{
if( ctx != NULL )
{
void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx) {
if (ctx != NULL) {
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
}
}
int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
const unsigned char key[32]) {
CHACHA20_VALIDATE_RET(ctx != NULL);
CHACHA20_VALIDATE_RET(key != NULL);
@ -226,8 +218,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
const unsigned char nonce[12],
uint32_t counter )
{
uint32_t counter) {
CHACHA20_VALIDATE_RET(ctx != NULL);
CHACHA20_VALIDATE_RET(nonce != NULL);
@ -250,8 +241,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
size_t size,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
size_t offset = 0U;
size_t i;
@ -260,8 +250,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
CHACHA20_VALIDATE_RET(size == 0 || output != NULL);
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
output[offset] = input[offset]
^ ctx->keystream8[ctx->keystream_bytes_used];
@ -271,14 +260,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Process full blocks */
while( size >= CHACHA20_BLOCK_SIZE_BYTES )
{
while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < 64U; i += 8U )
{
for (i = 0U; i < 64U; i += 8U) {
output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ];
output[offset + i + 1] = input[offset + i + 1] ^ ctx->keystream8[i + 1];
output[offset + i + 2] = input[offset + i + 2] ^ ctx->keystream8[i + 2];
@ -294,14 +281,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Last (partial) block */
if( size > 0U )
{
if (size > 0U) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < size; i++)
{
for (i = 0U; i < size; i++) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
@ -317,8 +302,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
uint32_t counter,
size_t data_len,
const unsigned char *input,
unsigned char* output )
{
unsigned char *output) {
mbedtls_chacha20_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -348,8 +332,7 @@ cleanup:
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char test_keys[2][32] =
{
static const unsigned char test_keys[2][32] = {
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -364,8 +347,7 @@ static const unsigned char test_keys[2][32] =
}
};
static const unsigned char test_nonces[2][12] =
{
static const unsigned char test_nonces[2][12] = {
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00
@ -376,14 +358,12 @@ static const unsigned char test_nonces[2][12] =
}
};
static const uint32_t test_counters[2] =
{
static const uint32_t test_counters[2] = {
0U,
1U
};
static const unsigned char test_input[2][375] =
{
static const unsigned char test_input[2][375] = {
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -445,8 +425,7 @@ static const unsigned char test_input[2][375] =
}
};
static const unsigned char test_output[2][375] =
{
static const unsigned char test_output[2][375] = {
{
0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
@ -508,8 +487,7 @@ static const unsigned char test_output[2][375] =
}
};
static const size_t test_lengths[2] =
{
static const size_t test_lengths[2] = {
64U,
375U
};
@ -530,14 +508,12 @@ static const size_t test_lengths[2] =
} \
while( 0 )
int mbedtls_chacha20_self_test( int verbose )
{
int mbedtls_chacha20_self_test(int verbose) {
unsigned char output[381];
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{
for (i = 0U; i < 2U; i++) {
if (verbose != 0)
mbedtls_printf(" ChaCha20 test %u ", i);

3
common/mbedtls/chacha20.h
View file

@ -57,8 +57,7 @@ extern "C" {
#if !defined(MBEDTLS_CHACHA20_ALT)
typedef struct mbedtls_chacha20_context
{
typedef struct mbedtls_chacha20_context {
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */

98
common/mbedtls/chachapoly.c
View file

@ -55,8 +55,7 @@
*
* \param ctx The ChaCha20-Poly1305 context.
*/
static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
{
static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx) {
uint32_t partial_block_len = (uint32_t)(ctx->aad_len % 16U);
unsigned char zeroes[15];
@ -75,8 +74,7 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
*
* \param ctx The ChaCha20-Poly1305 context.
*/
static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
{
static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx) {
uint32_t partial_block_len = (uint32_t)(ctx->ciphertext_len % 16U);
unsigned char zeroes[15];
@ -89,8 +87,7 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
16U - partial_block_len));
}
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
{
void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx) {
CHACHAPOLY_VALIDATE(ctx != NULL);
mbedtls_chacha20_init(&ctx->chacha20_ctx);
@ -101,8 +98,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
}
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
{
void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx) {
if (ctx == NULL)
return;
@ -115,8 +111,7 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
}
int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
const unsigned char key[32] )
{
const unsigned char key[32]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(key != NULL);
@ -128,8 +123,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
mbedtls_chachapoly_mode_t mode )
{
mbedtls_chachapoly_mode_t mode) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char poly1305_key[64];
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
@ -153,8 +147,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
if( ret == 0 )
{
if (ret == 0) {
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_AAD;
@ -168,8 +161,7 @@ cleanup:
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
const unsigned char *aad,
size_t aad_len )
{
size_t aad_len) {
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
@ -184,21 +176,18 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
size_t len,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(len == 0 || input != NULL);
CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL);
if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
{
(ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
return (MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
ret = chachapoly_pad_aad(ctx);
@ -208,8 +197,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
ctx->ciphertext_len += len;
if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
{
if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
if (ret != 0)
return (ret);
@ -217,9 +205,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
if (ret != 0)
return (ret);
}
else /* DECRYPT */
{
} else { /* DECRYPT */
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
if (ret != 0)
return (ret);
@ -233,26 +219,21 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
}
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
unsigned char mac[16] )
{
unsigned char mac[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char len_block[16];
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(mac != NULL);
if( ctx->state == CHACHAPOLY_STATE_INIT )
{
if (ctx->state == CHACHAPOLY_STATE_INIT) {
return (MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ret = chachapoly_pad_aad(ctx);
if (ret != 0)
return (ret);
}
else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
{
} else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
ret = chachapoly_pad_ciphertext(ctx);
if (ret != 0)
return (ret);
@ -297,8 +278,7 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
unsigned char tag[16] )
{
unsigned char tag[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
@ -326,8 +306,7 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
unsigned char tag[16] )
{
unsigned char tag[16]) {
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(nonce != NULL);
CHACHAPOLY_VALIDATE_RET(tag != NULL);
@ -347,8 +326,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
size_t aad_len,
const unsigned char tag[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
@ -362,8 +340,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
if ((ret = chachapoly_crypt_and_tag(ctx,
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
aad, aad_len, input, output, check_tag ) ) != 0 )
{
aad, aad_len, input, output, check_tag)) != 0) {
return (ret);
}
@ -371,8 +348,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
for (diff = 0, i = 0; i < sizeof(check_tag); i++)
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return (MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED);
}
@ -384,8 +360,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char test_key[1][32] =
{
static const unsigned char test_key[1][32] = {
{
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
@ -394,29 +369,25 @@ static const unsigned char test_key[1][32] =
}
};
static const unsigned char test_nonce[1][12] =
{
static const unsigned char test_nonce[1][12] = {
{
0x07, 0x00, 0x00, 0x00, /* 32-bit common part */
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 /* 64-bit IV */
}
};
static const unsigned char test_aad[1][12] =
{
static const unsigned char test_aad[1][12] = {
{
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7
}
};
static const size_t test_aad_len[1] =
{
static const size_t test_aad_len[1] = {
12U
};
static const unsigned char test_input[1][114] =
{
static const unsigned char test_input[1][114] = {
{
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
@ -436,8 +407,7 @@ static const unsigned char test_input[1][114] =
}
};
static const unsigned char test_output[1][114] =
{
static const unsigned char test_output[1][114] = {
{
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
@ -457,13 +427,11 @@ static const unsigned char test_output[1][114] =
}
};
static const size_t test_input_len[1] =
{
static const size_t test_input_len[1] = {
114U
};
static const unsigned char test_mac[1][16] =
{
static const unsigned char test_mac[1][16] = {
{
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
@ -486,16 +454,14 @@ static const unsigned char test_mac[1][16] =
} \
while( 0 )
int mbedtls_chachapoly_self_test( int verbose )
{
int mbedtls_chachapoly_self_test(int verbose) {
mbedtls_chachapoly_context ctx;
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[200];
unsigned char mac[16];
for( i = 0U; i < 1U; i++ )
{
for (i = 0U; i < 1U; i++) {
if (verbose != 0)
mbedtls_printf(" ChaCha20-Poly1305 test %u ", i);

6
common/mbedtls/chachapoly.h
View file

@ -48,8 +48,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
}
@ -59,8 +58,7 @@ mbedtls_chachapoly_mode_t;
#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
typedef struct mbedtls_chachapoly_context {
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */

347
common/mbedtls/cipher.c
View file

@ -81,8 +81,7 @@
* This is currently only used by GCM and ChaCha20+Poly1305.
*/
static int mbedtls_constant_time_memcmp(const void *v1, const void *v2,
size_t len )
{
size_t len) {
const unsigned char *p1 = (const unsigned char *) v1;
const unsigned char *p2 = (const unsigned char *) v2;
size_t i;
@ -97,13 +96,11 @@ static int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
{
const int *mbedtls_cipher_list(void) {
const mbedtls_cipher_definition_t *def;
int *type;
if( ! supported_init )
{
if (! supported_init) {
def = mbedtls_cipher_definitions;
type = mbedtls_cipher_supported;
@ -119,8 +116,7 @@ const int *mbedtls_cipher_list( void )
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
const mbedtls_cipher_type_t cipher_type )
{
const mbedtls_cipher_type_t cipher_type) {
const mbedtls_cipher_definition_t *def;
for (def = mbedtls_cipher_definitions; def->info != NULL; def++)
@ -131,8 +127,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
const char *cipher_name )
{
const char *cipher_name) {
const mbedtls_cipher_definition_t *def;
if (NULL == cipher_name)
@ -148,8 +143,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
const mbedtls_cipher_mode_t mode )
{
const mbedtls_cipher_mode_t mode) {
const mbedtls_cipher_definition_t *def;
for (def = mbedtls_cipher_definitions; def->info != NULL; def++)
@ -161,27 +155,22 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
return (NULL);
}
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx) {
CIPHER_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
}
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
{
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) {
if (ctx == NULL)
return;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if( ctx->cipher_ctx != NULL )
{
if (ctx->psa_enabled == 1) {
if (ctx->cipher_ctx != NULL) {
mbedtls_cipher_context_psa *const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
{
if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) {
/* xxx_free() doesn't allow to return failures. */
(void) psa_destroy_key(cipher_psa->slot);
}
@ -196,8 +185,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx )
{
if (ctx->cmac_ctx) {
mbedtls_platform_zeroize(ctx->cmac_ctx,
sizeof(mbedtls_cmac_context_t));
mbedtls_free(ctx->cmac_ctx);
@ -211,8 +199,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
}
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
const mbedtls_cipher_info_t *cipher_info) {
CIPHER_VALIDATE_RET(ctx != NULL);
if (cipher_info == NULL)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -241,8 +228,7 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info,
size_t taglen )
{
size_t taglen) {
psa_algorithm_t alg;
mbedtls_cipher_context_psa *cipher_psa;
@ -273,8 +259,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
const mbedtls_operation_t operation )
{
const mbedtls_operation_t operation) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(key != NULL);
CIPHER_VALIDATE_RET(operation == MBEDTLS_ENCRYPT ||
@ -283,8 +268,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
mbedtls_cipher_context_psa *const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
@ -319,8 +303,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
status = psa_import_key(&attributes, key, key_bytelen,
&cipher_psa->slot);
switch( status )
{
switch (status) {
case PSA_SUCCESS:
break;
case PSA_ERROR_INSUFFICIENT_MEMORY:
@ -341,8 +324,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
(int) ctx->cipher_info->key_bitlen != key_bitlen )
{
(int) ctx->cipher_info->key_bitlen != key_bitlen) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -355,8 +337,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
if (MBEDTLS_ENCRYPT == operation ||
MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
{
MBEDTLS_MODE_CTR == ctx->cipher_info->mode) {
return (ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key,
ctx->key_bitlen));
}
@ -370,8 +351,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len )
{
size_t iv_len) {
size_t actual_iv_size;
CIPHER_VALIDATE_RET(ctx != NULL);
@ -379,8 +359,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
if (ctx->cipher_info == NULL)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -394,8 +373,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0)
actual_iv_size = iv_len;
else
{
else {
actual_iv_size = ctx->cipher_info->iv_size;
/* avoid reading past the end of input buffer */
@ -404,19 +382,16 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
}
#if defined(MBEDTLS_CHACHA20_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
{
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) {
if (0 != mbedtls_chacha20_starts((mbedtls_chacha20_context *)ctx->cipher_ctx,
iv,
0U ) ) /* Initial counter value */
{
0U)) { /* Initial counter value */
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
}
#endif
if ( actual_iv_size != 0 )
{
if (actual_iv_size != 0) {
memcpy(ctx->iv, iv, actual_iv_size);
ctx->iv_size = actual_iv_size;
}
@ -424,15 +399,13 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
return (0);
}
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx) {
CIPHER_VALIDATE_RET(ctx != NULL);
if (ctx->cipher_info == NULL)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* We don't support resetting PSA-based
* cipher contexts, yet. */
return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
@ -446,16 +419,14 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
const unsigned char *ad, size_t ad_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
if (ctx->cipher_info == NULL)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -464,16 +435,14 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
return (mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
ctx->iv, ctx->iv_size, ad, ad_len));
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
int result;
mbedtls_chachapoly_mode_t mode;
@ -497,8 +466,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
{
size_t ilen, unsigned char *output, size_t *olen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
@ -510,8 +478,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -521,21 +488,18 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*olen = 0;
block_size = mbedtls_cipher_get_block_size(ctx);
if ( 0 == block_size )
{
if (0 == block_size) {
return (MBEDTLS_ERR_CIPHER_INVALID_CONTEXT);
}
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) {
if (ilen != block_size)
return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
*olen = ilen;
if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx,
ctx->operation, input, output ) ) )
{
ctx->operation, input, output))) {
return (ret);
}
@ -543,8 +507,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
}
#if defined(MBEDTLS_GCM_C)
if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) {
*olen = ilen;
return (mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
output));
@ -552,8 +515,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
{
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
*olen = ilen;
return (mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx,
ilen, input, output));
@ -561,14 +523,12 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif
if (input == output &&
( ctx->unprocessed_len != 0 || ilen % block_size ) )
{
(ctx->unprocessed_len != 0 || ilen % block_size)) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) {
size_t copy_len = 0;
/*
@ -579,8 +539,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
(ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
ilen < block_size - ctx->unprocessed_len) ||
(ctx->operation == MBEDTLS_ENCRYPT &&
ilen < block_size - ctx->unprocessed_len ) )
{
ilen < block_size - ctx->unprocessed_len)) {
memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
ilen);
@ -591,8 +550,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/*
* Process cached data first
*/
if( 0 != ctx->unprocessed_len )
{
if (0 != ctx->unprocessed_len) {
copy_len = block_size - ctx->unprocessed_len;
memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
@ -600,8 +558,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation, block_size, ctx->iv,
ctx->unprocessed_data, output ) ) )
{
ctx->unprocessed_data, output))) {
return (ret);
}
@ -616,8 +573,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/*
* Cache final, incomplete block
*/
if( 0 != ilen )
{
if (0 != ilen) {
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
@ -625,8 +581,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
copy_len = ilen % block_size;
if (copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
NULL != ctx->add_padding)
{
NULL != ctx->add_padding) {
copy_len = block_size;
}
@ -640,11 +595,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/*
* Process remaining full blocks
*/
if( ilen )
{
if (ilen) {
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output ) ) )
{
ctx->operation, ilen, ctx->iv, input, output))) {
return (ret);
}
@ -656,12 +609,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) {
if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx,
ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
input, output ) ) )
{
input, output))) {
return (ret);
}
@ -672,11 +623,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) {
if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
{
ilen, &ctx->unprocessed_len, ctx->iv, input, output))) {
return (ret);
}
@ -687,12 +636,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) {
if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv,
ctx->unprocessed_data, input, output ) ) )
{
ctx->unprocessed_data, input, output))) {
return (ret);
}
@ -703,8 +650,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) {
if (ctx->unprocessed_len > 0) {
/* We can only process an entire data unit at a time. */
return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
@ -712,8 +658,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output);
if( ret != 0 )
{
if (ret != 0) {
return (ret);
}
@ -724,11 +669,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
{
if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) {
if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx,
ilen, input, output ) ) )
{
ilen, input, output))) {
return (ret);
}
@ -747,8 +690,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
* PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
*/
static void add_pkcs_padding(unsigned char *output, size_t output_len,
size_t data_len )
{
size_t data_len) {
size_t padding_len = output_len - data_len;
unsigned char i;
@ -757,8 +699,7 @@ static void add_pkcs_padding( unsigned char *output, size_t output_len,
}
static int get_pkcs_padding(unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t *data_len) {
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
@ -787,8 +728,7 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len,
* One and zeros padding: fill with 80 00 ... 00
*/
static void add_one_and_zeros_padding(unsigned char *output,
size_t output_len, size_t data_len )
{
size_t output_len, size_t data_len) {
size_t padding_len = output_len - data_len;
unsigned char i = 0;
@ -798,8 +738,7 @@ static void add_one_and_zeros_padding( unsigned char *output,
}
static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t *data_len) {
size_t i;
unsigned char done = 0, prev_done, bad;
@ -808,8 +747,7 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
bad = 0x80;
*data_len = 0;
for( i = input_len; i > 0; i-- )
{
for (i = input_len; i > 0; i--) {
prev_done = done;
done |= (input[i - 1] != 0);
*data_len |= (i - 1) * (done != prev_done);
@ -826,8 +764,7 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
* Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
*/
static void add_zeros_and_len_padding(unsigned char *output,
size_t output_len, size_t data_len )
{
size_t output_len, size_t data_len) {
size_t padding_len = output_len - data_len;
unsigned char i = 0;
@ -837,8 +774,7 @@ static void add_zeros_and_len_padding( unsigned char *output,
}
static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t *data_len) {
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
@ -866,8 +802,7 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
* Zero padding: fill with 00 ... 00
*/
static void add_zeros_padding(unsigned char *output,
size_t output_len, size_t data_len )
{
size_t output_len, size_t data_len) {
size_t i;
for (i = data_len; i < output_len; i++)
@ -875,8 +810,7 @@ static void add_zeros_padding( unsigned char *output,
}
static int get_zeros_padding(unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t *data_len) {
size_t i;
unsigned char done = 0, prev_done;
@ -884,8 +818,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len,
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
*data_len = 0;
for( i = input_len; i > 0; i-- )
{
for (i = input_len; i > 0; i--) {
prev_done = done;
done |= (input[i - 1] != 0);
*data_len |= i * (done != prev_done);
@ -902,8 +835,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len,
* but a trivial get_padding function
*/
static int get_no_padding(unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t *data_len) {
if (NULL == input || NULL == data_len)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -914,8 +846,7 @@ static int get_no_padding( unsigned char *input, size_t input_len,
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
unsigned char *output, size_t *olen) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(output != NULL);
CIPHER_VALIDATE_RET(olen != NULL);
@ -923,8 +854,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -939,19 +869,16 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
{
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) {
return (0);
}
if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) ||
( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
{
(MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) {
return (0);
}
if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) {
if (ctx->unprocessed_len != 0)
return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
@ -959,15 +886,12 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) {
int ret = 0;
if( MBEDTLS_ENCRYPT == ctx->operation )
{
if (MBEDTLS_ENCRYPT == ctx->operation) {
/* check for 'no padding' mode */
if( NULL == ctx->add_padding )
{
if (NULL == ctx->add_padding) {
if (0 != ctx->unprocessed_len)
return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
@ -976,9 +900,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
ctx->add_padding(ctx->unprocessed_data, mbedtls_cipher_get_iv_size(ctx),
ctx->unprocessed_len);
}
else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
{
} else if (mbedtls_cipher_get_block_size(ctx) != ctx->unprocessed_len) {
/*
* For decrypt operations, expect a full block,
* or an empty block if no padding
@ -992,8 +914,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
/* cipher block */
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation, mbedtls_cipher_get_block_size(ctx), ctx->iv,
ctx->unprocessed_data, output ) ) )
{
ctx->unprocessed_data, output))) {
return (ret);
}
@ -1015,18 +936,15 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode )
{
mbedtls_cipher_padding_t mode) {
CIPHER_VALIDATE_RET(ctx != NULL);
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto knows about CBC padding
* schemes, we currently don't make them
* accessible through the cipher layer. */
@ -1037,8 +955,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
switch( mode )
{
switch (mode) {
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
case MBEDTLS_PADDING_PKCS7:
ctx->add_padding = add_pkcs_padding;
@ -1078,8 +995,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL);
if (ctx->cipher_info == NULL)
@ -1089,8 +1005,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -1105,8 +1020,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
/* Don't allow truncated MAC for Poly1305 */
if (tag_len != 16U)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -1120,8 +1034,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
}
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len )
{
const unsigned char *tag, size_t tag_len) {
unsigned char check_tag[16];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1130,14 +1043,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
if (ctx->cipher_info == NULL)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
if( MBEDTLS_DECRYPT != ctx->operation )
{
if (MBEDTLS_DECRYPT != ctx->operation) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
@ -1146,15 +1057,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (tag_len > sizeof(check_tag))
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
if (0 != (ret = mbedtls_gcm_finish(
(mbedtls_gcm_context *) ctx->cipher_ctx,
check_tag, tag_len ) ) )
{
check_tag, tag_len))) {
return (ret);
}
@ -1167,16 +1076,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
/* Don't allow truncated MAC for Poly1305 */
if (tag_len != sizeof(check_tag))
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
ret = mbedtls_chachapoly_finish(
(mbedtls_chachapoly_context *) ctx->cipher_ctx, check_tag);
if ( ret != 0 )
{
if (ret != 0) {
return (ret);
}
@ -1198,8 +1105,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
unsigned char *output, size_t *olen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
@ -1210,8 +1116,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
CIPHER_VALIDATE_RET(olen != NULL);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@ -1224,19 +1129,15 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
size_t part_len;
if( ctx->operation == MBEDTLS_DECRYPT )
{
if (ctx->operation == MBEDTLS_DECRYPT) {
status = psa_cipher_decrypt_setup(&cipher_op,
cipher_psa->slot,
cipher_psa->alg);
}
else if( ctx->operation == MBEDTLS_ENCRYPT )
{
} else if (ctx->operation == MBEDTLS_ENCRYPT) {
status = psa_cipher_encrypt_setup(&cipher_op,
cipher_psa->slot,
cipher_psa->alg);
}
else
} else
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
/* In the following, we can immediately return on an error,
@ -1296,11 +1197,9 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@ -1331,8 +1230,7 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
*olen = ilen;
return (mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
ilen, iv, iv_len, ad, ad_len,
@ -1340,8 +1238,7 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
*olen = ilen;
return (mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len, input, output,
@ -1349,12 +1246,10 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ((iv_len != ctx->cipher_info->iv_size) ||
( tag_len != 16U ) )
{
(tag_len != 16U)) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -1376,11 +1271,9 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
const unsigned char *tag, size_t tag_len) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if (ctx->psa_enabled == 1) {
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
@ -1412,8 +1305,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
@ -1428,8 +1320,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
{
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
@ -1444,14 +1335,12 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ((iv_len != ctx->cipher_info->iv_size) ||
( tag_len != 16U ) )
{
(tag_len != 16U)) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -1478,8 +1367,7 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
unsigned char *tag, size_t tag_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
@ -1501,8 +1389,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
const unsigned char *tag, size_t tag_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
@ -1527,8 +1414,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
size_t *olen, size_t tag_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
@ -1542,8 +1428,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
ctx->psa_enabled == 0 &&
#endif
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
{
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
@ -1583,8 +1468,7 @@ int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
size_t *olen, size_t tag_len) {
CIPHER_VALIDATE_RET(ctx != NULL);
CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL);
CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL);
@ -1598,8 +1482,7 @@ int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
ctx->psa_enabled == 0 &&
#endif
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
{
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;

27
common/mbedtls/cipher.h
View file

@ -265,8 +265,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef struct mbedtls_cipher_info_t
{
typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@ -307,8 +306,7 @@ typedef struct mbedtls_cipher_info_t
/**
* Generic cipher context.
*/
typedef struct mbedtls_cipher_context_t
{
typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
@ -495,8 +493,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
* \return \c 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->cipher_info == NULL)
return 0;
@ -514,8 +511,7 @@ static inline unsigned int mbedtls_cipher_get_block_size(
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
if (ctx->cipher_info == NULL)
return MBEDTLS_MODE_NONE;
@ -534,8 +530,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
* \return The actual size if an IV has been set.
*/
static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->cipher_info == NULL)
return 0;
@ -555,8 +550,7 @@ static inline int mbedtls_cipher_get_iv_size(
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE);
if (ctx->cipher_info == NULL)
@ -575,8 +569,7 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
* \return NULL if \p ctx has not been not initialized.
*/
static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->cipher_info == NULL)
return 0;
@ -594,8 +587,7 @@ static inline const char *mbedtls_cipher_get_name(
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
if (ctx->cipher_info == NULL)
@ -613,8 +605,7 @@ static inline int mbedtls_cipher_get_key_bitlen(
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
const mbedtls_cipher_context_t *ctx )
{
const mbedtls_cipher_context_t *ctx) {
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE);
if (ctx->cipher_info == NULL)

12
common/mbedtls/cipher_internal.h
View file

@ -43,8 +43,7 @@ extern "C" {
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct mbedtls_cipher_base_t
{
struct mbedtls_cipher_base_t {
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
@ -110,15 +109,13 @@ struct mbedtls_cipher_base_t
};
typedef struct
{
typedef struct {
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef enum
{
typedef enum {
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
@ -131,8 +128,7 @@ typedef enum
/* destroyed when the context is freed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct
{
typedef struct {
psa_algorithm_t alg;
psa_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;

246
common/mbedtls/cipher_wrap.c
View file

@ -86,8 +86,7 @@
#if defined(MBEDTLS_GCM_C)
/* shared by all GCM ciphers */
static void *gcm_ctx_alloc( void )
{
static void *gcm_ctx_alloc(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
if (ctx != NULL)
@ -96,8 +95,7 @@ static void *gcm_ctx_alloc( void )
return (ctx);
}
static void gcm_ctx_free( void *ctx )
{
static void gcm_ctx_free(void *ctx) {
mbedtls_gcm_free(ctx);
mbedtls_free(ctx);
}
@ -105,8 +103,7 @@ static void gcm_ctx_free( void *ctx )
#if defined(MBEDTLS_CCM_C)
/* shared by all CCM ciphers */
static void *ccm_ctx_alloc( void )
{
static void *ccm_ctx_alloc(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
if (ctx != NULL)
@ -115,8 +112,7 @@ static void *ccm_ctx_alloc( void )
return (ctx);
}
static void ccm_ctx_free( void *ctx )
{
static void ccm_ctx_free(void *ctx) {
mbedtls_ccm_free(ctx);
mbedtls_free(ctx);
}
@ -125,15 +121,13 @@ static void ccm_ctx_free( void *ctx )
#if defined(MBEDTLS_AES_C)
static int aes_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int aes_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
unsigned char *iv, const unsigned char *input, unsigned char *output) {
return mbedtls_aes_crypt_cbc((mbedtls_aes_context *) ctx, operation, length, iv, input,
output);
}
@ -142,8 +136,7 @@ static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int aes_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aes_crypt_cfb128((mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
input, output);
}
@ -151,8 +144,7 @@ static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_OFB)
static int aes_crypt_ofb_wrap(void *ctx, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
unsigned char *iv, const unsigned char *input, unsigned char *output) {
return mbedtls_aes_crypt_ofb((mbedtls_aes_context *) ctx, length, iv_off,
iv, input, output);
}
@ -161,8 +153,7 @@ static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off,
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int aes_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aes_crypt_ctr((mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
stream_block, input, output);
}
@ -173,13 +164,11 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
mbedtls_aes_xts_context *xts_ctx = ctx;
int mode;
switch( operation )
{
switch (operation) {
case MBEDTLS_ENCRYPT:
mode = MBEDTLS_AES_ENCRYPT;
break;
@ -196,19 +185,16 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
#endif /* MBEDTLS_CIPHER_MODE_XTS */
static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen);
}
static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen);
}
static void * aes_ctx_alloc( void )
{
static void *aes_ctx_alloc(void) {
mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
if (aes == NULL)
@ -219,8 +205,7 @@ static void * aes_ctx_alloc( void )
return (aes);
}
static void aes_ctx_free( void *ctx )
{
static void aes_ctx_free(void *ctx) {
mbedtls_aes_free((mbedtls_aes_context *) ctx);
mbedtls_free(ctx);
}
@ -427,21 +412,18 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = {
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int xts_aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
mbedtls_aes_xts_context *xts_ctx = ctx;
return (mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen));
}
static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
mbedtls_aes_xts_context *xts_ctx = ctx;
return (mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen));
}
static void *xts_aes_ctx_alloc( void )
{
static void *xts_aes_ctx_alloc(void) {
mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
if (xts_ctx != NULL)
@ -450,8 +432,7 @@ static void *xts_aes_ctx_alloc( void )
return (xts_ctx);
}
static void xts_aes_ctx_free( void *ctx )
{
static void xts_aes_ctx_free(void *ctx) {
mbedtls_aes_xts_context *xts_ctx = ctx;
if (xts_ctx == NULL)
@ -513,8 +494,7 @@ static const mbedtls_cipher_info_t aes_256_xts_info = {
#if defined(MBEDTLS_GCM_C)
static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen);
}
@ -582,8 +562,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = {
#if defined(MBEDTLS_CCM_C)
static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen);
}
@ -654,8 +633,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
#if defined(MBEDTLS_CAMELLIA_C)
static int camellia_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_camellia_crypt_ecb((mbedtls_camellia_context *) ctx, operation, input,
output);
}
@ -663,8 +641,7 @@ static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int camellia_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_camellia_crypt_cbc((mbedtls_camellia_context *) ctx, operation, length, iv,
input, output);
}
@ -673,8 +650,7 @@ static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int camellia_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_camellia_crypt_cfb128((mbedtls_camellia_context *) ctx, operation, length,
iv_off, iv, input, output);
}
@ -683,27 +659,23 @@ static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_camellia_crypt_ctr((mbedtls_camellia_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen);
}
static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_camellia_setkey_enc((mbedtls_camellia_context *) ctx, key, key_bitlen);
}
static void * camellia_ctx_alloc( void )
{
static void *camellia_ctx_alloc(void) {
mbedtls_camellia_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
@ -715,8 +687,7 @@ static void * camellia_ctx_alloc( void )
return (ctx);
}
static void camellia_ctx_free( void *ctx )
{
static void camellia_ctx_free(void *ctx) {
mbedtls_camellia_free((mbedtls_camellia_context *) ctx);
mbedtls_free(ctx);
}
@ -888,8 +859,7 @@ static const mbedtls_cipher_info_t camellia_256_ctr_info = {
#if defined(MBEDTLS_GCM_C)
static int gcm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
key, key_bitlen);
}
@ -957,8 +927,7 @@ static const mbedtls_cipher_info_t camellia_256_gcm_info = {
#if defined(MBEDTLS_CCM_C)
static int ccm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
key, key_bitlen);
}
@ -1029,8 +998,7 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
#if defined(MBEDTLS_ARIA_C)
static int aria_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
(void) operation;
return mbedtls_aria_crypt_ecb((mbedtls_aria_context *) ctx, input,
output);
@ -1039,8 +1007,7 @@ static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int aria_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aria_crypt_cbc((mbedtls_aria_context *) ctx, operation, length, iv,
input, output);
}
@ -1049,8 +1016,7 @@ static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int aria_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aria_crypt_cfb128((mbedtls_aria_context *) ctx, operation, length,
iv_off, iv, input, output);
}
@ -1059,27 +1025,23 @@ static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_aria_crypt_ctr((mbedtls_aria_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen);
}
static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_aria_setkey_enc((mbedtls_aria_context *) ctx, key, key_bitlen);
}
static void * aria_ctx_alloc( void )
{
static void *aria_ctx_alloc(void) {
mbedtls_aria_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
@ -1091,8 +1053,7 @@ static void * aria_ctx_alloc( void )
return (ctx);
}
static void aria_ctx_free( void *ctx )
{
static void aria_ctx_free(void *ctx) {
mbedtls_aria_free((mbedtls_aria_context *) ctx);
mbedtls_free(ctx);
}
@ -1264,8 +1225,7 @@ static const mbedtls_cipher_info_t aria_256_ctr_info = {
#if defined(MBEDTLS_GCM_C)
static int gcm_aria_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen);
}
@ -1333,8 +1293,7 @@ static const mbedtls_cipher_info_t aria_256_gcm_info = {
#if defined(MBEDTLS_CCM_C)
static int ccm_aria_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen);
}
@ -1405,23 +1364,20 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = {
#if defined(MBEDTLS_DES_C)
static int des_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
((void) operation);
return mbedtls_des_crypt_ecb((mbedtls_des_context *) ctx, input, output);
}
static int des3_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
((void) operation);
return mbedtls_des3_crypt_ecb((mbedtls_des3_context *) ctx, input, output);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int des_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
unsigned char *iv, const unsigned char *input, unsigned char *output) {
return mbedtls_des_crypt_cbc((mbedtls_des_context *) ctx, operation, length, iv, input,
output);
}
@ -1429,63 +1385,55 @@ static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
unsigned char *iv, const unsigned char *input, unsigned char *output) {
return mbedtls_des3_crypt_cbc((mbedtls_des3_context *) ctx, operation, length, iv, input,
output);
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
static int des_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key);
}
static int des_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key);
}
static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key);
}
static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key);
}
static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key);
}
static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) key_bitlen);
return mbedtls_des3_set3key_enc((mbedtls_des3_context *) ctx, key);
}
static void * des_ctx_alloc( void )
{
static void *des_ctx_alloc(void) {
mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
if (des == NULL)
@ -1496,14 +1444,12 @@ static void * des_ctx_alloc( void )
return (des);
}
static void des_ctx_free( void *ctx )
{
static void des_ctx_free(void *ctx) {
mbedtls_des_free((mbedtls_des_context *) ctx);
mbedtls_free(ctx);
}
static void * des3_ctx_alloc( void )
{
static void *des3_ctx_alloc(void) {
mbedtls_des3_context *des3;
des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
@ -1515,8 +1461,7 @@ static void * des3_ctx_alloc( void )
return (des3);
}
static void des3_ctx_free( void *ctx )
{
static void des3_ctx_free(void *ctx) {
mbedtls_des3_free((mbedtls_des3_context *) ctx);
mbedtls_free(ctx);
}
@ -1677,8 +1622,7 @@ static const mbedtls_cipher_info_t des_ede3_cbc_info = {
#if defined(MBEDTLS_BLOWFISH_C)
static int blowfish_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_blowfish_crypt_ecb((mbedtls_blowfish_context *) ctx, operation, input,
output);
}
@ -1686,8 +1630,7 @@ static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int blowfish_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv, const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
return mbedtls_blowfish_crypt_cbc((mbedtls_blowfish_context *) ctx, operation, length, iv,
input, output);
}
@ -1696,8 +1639,7 @@ static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int blowfish_crypt_cfb64_wrap(void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_blowfish_crypt_cfb64((mbedtls_blowfish_context *) ctx, operation, length,
iv_off, iv, input, output);
}
@ -1706,21 +1648,18 @@ static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int blowfish_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
const unsigned char *input, unsigned char *output) {
return mbedtls_blowfish_crypt_ctr((mbedtls_blowfish_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output);
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int blowfish_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_blowfish_setkey((mbedtls_blowfish_context *) ctx, key, key_bitlen);
}
static void * blowfish_ctx_alloc( void )
{
static void *blowfish_ctx_alloc(void) {
mbedtls_blowfish_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context));
@ -1732,8 +1671,7 @@ static void * blowfish_ctx_alloc( void )
return (ctx);
}
static void blowfish_ctx_free( void *ctx )
{
static void blowfish_ctx_free(void *ctx) {
mbedtls_blowfish_free((mbedtls_blowfish_context *) ctx);
mbedtls_free(ctx);
}
@ -1819,14 +1757,12 @@ static const mbedtls_cipher_info_t blowfish_ctr_info = {
#if defined(MBEDTLS_ARC4_C)
static int arc4_crypt_stream_wrap(void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
return (mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output));
}
static int arc4_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
/* we get key_bitlen in bits, arc4 expects it in bytes */
if (key_bitlen % 8 != 0)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -1835,8 +1771,7 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
return (0);
}
static void * arc4_ctx_alloc( void )
{
static void *arc4_ctx_alloc(void) {
mbedtls_arc4_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context));
@ -1848,8 +1783,7 @@ static void * arc4_ctx_alloc( void )
return (ctx);
}
static void arc4_ctx_free( void *ctx )
{
static void arc4_ctx_free(void *ctx) {
mbedtls_arc4_free((mbedtls_arc4_context *) ctx);
mbedtls_free(ctx);
}
@ -1896,8 +1830,7 @@ static const mbedtls_cipher_info_t arc4_128_info = {
#if defined(MBEDTLS_CHACHA20_C)
static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
if (key_bitlen != 256U)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -1909,8 +1842,7 @@ static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
static int chacha20_stream_wrap(void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chacha20_update(ctx, length, input, output);
@ -1920,8 +1852,7 @@ static int chacha20_stream_wrap( void *ctx, size_t length,
return (ret);
}
static void * chacha20_ctx_alloc( void )
{
static void *chacha20_ctx_alloc(void) {
mbedtls_chacha20_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
@ -1933,8 +1864,7 @@ static void * chacha20_ctx_alloc( void )
return (ctx);
}
static void chacha20_ctx_free( void *ctx )
{
static void chacha20_ctx_free(void *ctx) {
mbedtls_chacha20_free((mbedtls_chacha20_context *) ctx);
mbedtls_free(ctx);
}
@ -1981,8 +1911,7 @@ static const mbedtls_cipher_info_t chacha20_info = {
static int chachapoly_setkey_wrap(void *ctx,
const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
if (key_bitlen != 256U)
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
@ -1992,8 +1921,7 @@ static int chachapoly_setkey_wrap( void *ctx,
return (0);
}
static void * chachapoly_ctx_alloc( void )
{
static void *chachapoly_ctx_alloc(void) {
mbedtls_chachapoly_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
@ -2005,8 +1933,7 @@ static void * chachapoly_ctx_alloc( void )
return (ctx);
}
static void chachapoly_ctx_free( void *ctx )
{
static void chachapoly_ctx_free(void *ctx) {
mbedtls_chachapoly_free((mbedtls_chachapoly_context *) ctx);
mbedtls_free(ctx);
}
@ -2052,16 +1979,14 @@ static const mbedtls_cipher_info_t chachapoly_info = {
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
static int null_crypt_stream(void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
((void) ctx);
memmove(output, input, length);
return (0);
}
static int null_setkey(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
((void) ctx);
((void) key);
((void) key_bitlen);
@ -2069,13 +1994,11 @@ static int null_setkey( void *ctx, const unsigned char *key,
return (0);
}
static void * null_ctx_alloc( void )
{
static void *null_ctx_alloc(void) {
return ((void *) 1);
}
static void null_ctx_free( void *ctx )
{
static void null_ctx_free(void *ctx) {
((void) ctx);
}
@ -2119,8 +2042,7 @@ static const mbedtls_cipher_info_t null_cipher_info = {
#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
#if defined(MBEDTLS_NIST_KW_C)
static void *kw_ctx_alloc( void )
{
static void *kw_ctx_alloc(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
if (ctx != NULL)
@ -2129,22 +2051,19 @@ static void *kw_ctx_alloc( void )
return (ctx);
}
static void kw_ctx_free( void *ctx )
{
static void kw_ctx_free(void *ctx) {
mbedtls_nist_kw_free(ctx);
mbedtls_free(ctx);
}
static int kw_aes_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1);
}
static int kw_aes_setkey_unwrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
unsigned int key_bitlen) {
return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0);
}
@ -2243,8 +2162,7 @@ static const mbedtls_cipher_info_t aes_256_nist_kwp_info = {
};
#endif /* MBEDTLS_NIST_KW_C */
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
{
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = {
#if defined(MBEDTLS_AES_C)
{ MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info },
{ MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info },

164
common/mbedtls/cmac.c
View file

@ -65,29 +65,22 @@
*/
static int cmac_multiply_by_u(unsigned char *output,
const unsigned char *input,
size_t blocksize )
{
size_t blocksize) {
const unsigned char R_128 = 0x87;
const unsigned char R_64 = 0x1B;
unsigned char R_n, mask;
unsigned char overflow = 0x00;
int i;
if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
{
if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
R_n = R_128;
}
else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
{
} else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
R_n = R_64;
}
else
{
} else {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
for( i = (int)blocksize - 1; i >= 0; i-- )
{
for (i = (int)blocksize - 1; i >= 0; i--) {
output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7;
}
@ -117,8 +110,7 @@ static int cmac_multiply_by_u( unsigned char *output,
* - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
*/
static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
unsigned char* K1, unsigned char* K2 )
{
unsigned char *K1, unsigned char *K2) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size;
@ -150,8 +142,7 @@ exit:
#if !defined(MBEDTLS_CMAC_ALT)
static void cmac_xor_block(unsigned char *output, const unsigned char *input1,
const unsigned char *input2,
const size_t block_size )
{
const size_t block_size) {
size_t idx;
for (idx = 0; idx < block_size; idx++)
@ -167,12 +158,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
size_t padded_block_len,
const unsigned char *last_block,
size_t last_block_len )
{
size_t last_block_len) {
size_t j;
for( j = 0; j < padded_block_len; j++ )
{
for (j = 0; j < padded_block_len; j++) {
if (j < last_block_len)
padded_block[j] = last_block[j];
else if (j == last_block_len)
@ -183,8 +172,7 @@ static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
}
int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits )
{
const unsigned char *key, size_t keybits) {
mbedtls_cipher_type_t type;
mbedtls_cmac_context_t *cmac_ctx;
int retval;
@ -198,8 +186,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
type = ctx->cipher_info->type;
switch( type )
{
switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
@ -223,8 +210,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
}
int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen )
{
const unsigned char *input, size_t ilen) {
mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state;
int ret = 0;
@ -241,8 +227,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Is there data still to process from the last call, that's greater in
* size than a block? */
if (cmac_ctx->unprocessed_len > 0 &&
ilen > block_size - cmac_ctx->unprocessed_len )
{
ilen > block_size - cmac_ctx->unprocessed_len) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
block_size - cmac_ctx->unprocessed_len);
@ -250,8 +235,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -265,8 +249,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Iterate across the input data in block sized chunks, excluding any
* final partial or complete block */
for( j = 1; j < n; j++ )
{
for (j = 1; j < n; j++) {
cmac_xor_block(state, input, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
@ -278,8 +261,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
}
/* If there is data left over that wasn't aligned to a block */
if( ilen > 0 )
{
if (ilen > 0) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
ilen);
@ -291,8 +273,7 @@ exit:
}
int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
unsigned char *output )
{
unsigned char *output) {
mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state, *last_block;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
@ -316,13 +297,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
last_block = cmac_ctx->unprocessed_block;
/* Calculate last block */
if( cmac_ctx->unprocessed_len < block_size )
{
if (cmac_ctx->unprocessed_len < block_size) {
cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
cmac_xor_block(M_last, M_last, K2, block_size);
}
else
{
} else {
/* Last block is complete block */
cmac_xor_block(M_last, last_block, K1, block_size);
}
@ -330,8 +308,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, M_last, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -351,8 +328,7 @@ exit:
return (ret);
}
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
{
int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx) {
mbedtls_cmac_context_t *cmac_ctx;
if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL)
@ -373,8 +349,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
{
unsigned char *output) {
mbedtls_cipher_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -408,8 +383,7 @@ exit:
*/
int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_length,
const unsigned char *input, size_t in_len,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
@ -419,20 +393,16 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
if( key_length == MBEDTLS_AES_BLOCK_SIZE )
{
if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
/* Use key as is */
memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
}
else
{
} else {
memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
@ -748,8 +718,7 @@ static int cmac_test_subkeys( int verbose,
const unsigned char *subkeys,
mbedtls_cipher_type_t cipher_type,
int block_size,
int num_tests )
{
int num_tests) {
int i, ret = 0;
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
@ -757,21 +726,18 @@ static int cmac_test_subkeys( int verbose,
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
}
for( i = 0; i < num_tests; i++ )
{
for (i = 0; i < num_tests; i++) {
if (verbose != 0)
mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1);
mbedtls_cipher_init(&ctx);
if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
{
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
if (verbose != 0)
mbedtls_printf("test execution failed\n");
@ -779,8 +745,7 @@ static int cmac_test_subkeys( int verbose,
}
if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_ENCRYPT)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 may be unavailable. This should not cause the selftest
@ -800,8 +765,7 @@ static int cmac_test_subkeys( int verbose,
}
ret = cmac_generate_subkeys(&ctx, K1, K2);
if( ret != 0 )
{
if (ret != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -809,8 +773,7 @@ static int cmac_test_subkeys( int verbose,
}
if ((ret = memcmp(K1, subkeys, block_size)) != 0 ||
( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
{
(ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -843,28 +806,24 @@ static int cmac_test_wth_cipher( int verbose,
const unsigned char *expected_result,
mbedtls_cipher_type_t cipher_type,
int block_size,
int num_tests )
{
int num_tests) {
const mbedtls_cipher_info_t *cipher_info;
int i, ret = 0;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
for( i = 0; i < num_tests; i++ )
{
for (i = 0; i < num_tests; i++) {
if (verbose != 0)
mbedtls_printf(" %s CMAC #%d: ", testname, i + 1);
if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
message_lengths[i], output ) ) != 0 )
{
message_lengths[i], output)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 may be unavailable. This should not cause the selftest
@ -882,8 +841,7 @@ static int cmac_test_wth_cipher( int verbose,
goto exit;
}
if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
{
if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
goto exit;
@ -899,27 +857,22 @@ exit:
}
#if defined(MBEDTLS_AES_C)
static int test_aes128_cmac_prf( int verbose )
{
static int test_aes128_cmac_prf(int verbose) {
int i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
for( i = 0; i < NB_PRF_TESTS; i++ )
{
for (i = 0; i < NB_PRF_TESTS; i++) {
mbedtls_printf(" AES CMAC 128 PRF #%d: ", i);
ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
if (ret != 0 ||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
{
memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
return (ret);
}
else if( verbose != 0 )
{
} else if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
@ -927,8 +880,7 @@ static int test_aes128_cmac_prf( int verbose )
}
#endif /* MBEDTLS_AES_C */
int mbedtls_cmac_self_test( int verbose )
{
int mbedtls_cmac_self_test(int verbose) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_AES_C)
@ -940,8 +892,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_128_subkeys,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -954,8 +905,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_128_expected_result,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -967,8 +917,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_192_subkeys,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -981,8 +930,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_192_expected_result,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -994,8 +942,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_256_subkeys,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -1008,8 +955,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)aes_256_expected_result,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
#endif /* MBEDTLS_AES_C */
@ -1023,8 +969,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)des3_2key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -1037,8 +982,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)des3_2key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -1050,8 +994,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)des3_3key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
@ -1064,8 +1007,7 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *)des3_3key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
NB_CMAC_TESTS_PER_KEY)) != 0) {
return (ret);
}
#endif /* MBEDTLS_DES_C */

3
common/mbedtls/cmac.h
View file

@ -55,8 +55,7 @@ extern "C" {
/**
* The CMAC context structure.
*/
struct mbedtls_cmac_context_t
{
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];

223
common/mbedtls/ctr_drbg.c
View file

@ -48,8 +48,7 @@
/*
* CTR_DRBG context initialization
*/
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
{
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));
/* Indicate that the entropy nonce length is not set explicitly.
* See mbedtls_ctr_drbg_set_nonce_len(). */
@ -62,8 +61,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
* This function resets CTR_DRBG context to the state immediately
* after initial call of mbedtls_ctr_drbg_init().
*/
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
{
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) {
if (ctx == NULL)
return;
@ -79,20 +77,17 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
}
void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
int resistance )
{
int resistance) {
ctx->prediction_resistance = resistance;
}
void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
size_t len )
{
size_t len) {
ctx->entropy_len = len;
}
int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,
size_t len )
{
size_t len) {
/* If mbedtls_ctr_drbg_seed() has already been called, it's
* too late. Return the error code that's closest to making sense. */
if (ctx->f_entropy != NULL)
@ -117,14 +112,12 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
}
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
int interval )
{
int interval) {
ctx->reseed_interval = interval;
}
static int block_cipher_df(unsigned char *output,
const unsigned char *data, size_t data_len )
{
const unsigned char *data, size_t data_len) {
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
@ -167,22 +160,19 @@ static int block_cipher_df( unsigned char *output,
key[i] = i;
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
/*
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
*/
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
p = buf;
memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
use_len = buf_len;
while( use_len > 0 )
{
while (use_len > 0) {
for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++)
chain[i] ^= p[i];
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
@ -190,8 +180,7 @@ static int block_cipher_df( unsigned char *output,
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
chain, chain ) ) != 0 )
{
chain, chain)) != 0) {
goto exit;
}
}
@ -208,18 +197,15 @@ static int block_cipher_df( unsigned char *output,
* Do final encryption with reduced data
*/
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
p = output;
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
iv, iv ) ) != 0 )
{
iv, iv)) != 0) {
goto exit;
}
memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
@ -234,8 +220,7 @@ exit:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(chain, sizeof(chain));
if( 0 != ret )
{
if (0 != ret) {
/*
* wipe partial seed from memory
*/
@ -254,8 +239,7 @@ exit:
* ctx->counter = V
*/
static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
{
const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN]) {
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
unsigned char *p = tmp;
int i, j;
@ -263,8 +247,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
/*
* Increase counter
*/
@ -276,8 +259,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, p ) ) != 0 )
{
ctx->counter, p)) != 0) {
goto exit;
}
@ -291,8 +273,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
* Update key and counter
*/
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
@ -317,8 +298,7 @@ exit:
*/
int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
size_t add_len) {
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -338,8 +318,7 @@ exit:
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
size_t add_len) {
/* MAX_INPUT would be more logical here, but we have to match
* block_cipher_df()'s limits since we can't propagate errors */
if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
@ -364,8 +343,7 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t len,
size_t nonce_len )
{
size_t nonce_len) {
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -380,25 +358,21 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
/* Gather entropy_len bytes of entropy to seed state. */
if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
{
if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
return (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED);
}
seedlen += ctx->entropy_len;
/* Gather entropy for a nonce if requested. */
if( nonce_len != 0 )
{
if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
{
if (nonce_len != 0) {
if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
return (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED);
}
seedlen += nonce_len;
}
/* Add additional data if provided. */
if( additional != NULL && len != 0 )
{
if (additional != NULL && len != 0) {
memcpy(seed + seedlen, additional, len);
seedlen += len;
}
@ -418,8 +392,7 @@ exit:
}
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len )
{
const unsigned char *additional, size_t len) {
return (mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0));
}
@ -428,8 +401,7 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
* size and entropy length. If there is enough entropy in the initial
* call to the entropy function to serve as both the entropy input and
* the nonce, don't make a second call to get a nonce. */
static size_t good_nonce_len( size_t entropy_len )
{
static size_t good_nonce_len(size_t entropy_len) {
if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2)
return (0);
else
@ -451,8 +423,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
size_t nonce_len;
@ -481,15 +452,13 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
/* Initialize with an empty key. */
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
return (ret);
}
/* Do the initial seeding. */
if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
nonce_len ) ) != 0 )
{
nonce_len)) != 0) {
return (ret);
}
return (0);
@ -516,8 +485,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
*/
int mbedtls_ctr_drbg_random_with_add(void *p_rng,
unsigned char *output, size_t output_len,
const unsigned char *additional, size_t add_len )
{
const unsigned char *additional, size_t add_len) {
int ret = 0;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
@ -535,25 +503,21 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
if (ctx->reseed_counter > ctx->reseed_interval ||
ctx->prediction_resistance )
{
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
{
ctx->prediction_resistance) {
if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
return (ret);
}
add_len = 0;
}
if( add_len > 0 )
{
if (add_len > 0) {
if ((ret = block_cipher_df(add_input, additional, add_len)) != 0)
goto exit;
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0)
goto exit;
}
while( output_len > 0 )
{
while (output_len > 0) {
/*
* Increase counter
*/
@ -565,8 +529,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, tmp ) ) != 0 )
{
ctx->counter, tmp)) != 0) {
goto exit;
}
@ -592,8 +555,7 @@ exit:
}
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
size_t output_len )
{
size_t output_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
@ -614,8 +576,7 @@ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
#if defined(MBEDTLS_FS_IO)
int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
const char *path )
{
const char *path) {
int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
FILE *f;
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
@ -628,12 +589,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
goto exit;
if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
MBEDTLS_CTR_DRBG_MAX_INPUT )
{
MBEDTLS_CTR_DRBG_MAX_INPUT) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
else
{
} else {
ret = 0;
}
@ -645,8 +603,7 @@ exit:
}
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
const char *path )
{
const char *path) {
int ret = 0;
FILE *f = NULL;
size_t n;
@ -657,13 +614,11 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
return (MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR);
n = fread(buf, 1, sizeof(buf), f);
if( fread( &c, 1, 1, f ) != 0 )
{
if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
goto exit;
}
if( n == 0 || ferror( f ) )
{
if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;
}
@ -708,53 +663,59 @@ exit:
*/
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
static const unsigned char entropy_source_pr[] =
{ 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
static const unsigned char entropy_source_pr[] = {
0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8
};
static const unsigned char entropy_source_nopr[] =
{ 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
static const unsigned char entropy_source_nopr[] = {
0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c
};
static const unsigned char pers_pr[] =
{ 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
static const unsigned char pers_pr[] = {
0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad
};
static const unsigned char pers_nopr[] =
{ 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
static const unsigned char pers_nopr[] = {
0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f
};
static const unsigned char result_pr[] =
{ 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
static const unsigned char result_pr[] = {
0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf
};
static const unsigned char result_nopr[] =
{ 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
static const unsigned char result_nopr[] = {
0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8
};
#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static const unsigned char entropy_source_pr[] =
{ 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
static const unsigned char entropy_source_pr[] = {
0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
@ -767,10 +728,11 @@ static const unsigned char entropy_source_pr[] =
0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe
};
static const unsigned char entropy_source_nopr[] =
{ 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
static const unsigned char entropy_source_nopr[] = {
0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
@ -779,45 +741,49 @@ static const unsigned char entropy_source_nopr[] =
0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7
};
static const unsigned char pers_pr[] =
{ 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
static const unsigned char pers_pr[] = {
0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9
};
static const unsigned char pers_nopr[] =
{ 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
static const unsigned char pers_nopr[] = {
0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b
};
static const unsigned char result_pr[] =
{ 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
static const unsigned char result_pr[] = {
0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43
};
static const unsigned char result_nopr[] =
{ 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
static const unsigned char result_nopr[] = {
0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98
};
#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static size_t test_offset;
static int ctr_drbg_self_test_entropy(void *data, unsigned char *buf,
size_t len )
{
size_t len) {
const unsigned char *p = data;
memcpy(buf, p + test_offset, len);
test_offset += len;
@ -836,8 +802,7 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
/*
* Checkup routine
*/
int mbedtls_ctr_drbg_self_test( int verbose )
{
int mbedtls_ctr_drbg_self_test(int verbose) {
mbedtls_ctr_drbg_context ctx;
unsigned char buf[ sizeof(result_pr) ];

3
common/mbedtls/ctr_drbg.h
View file

@ -166,8 +166,7 @@ extern "C" {
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
typedef struct mbedtls_ctr_drbg_context {
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter.
* This is the number of requests that have

102
common/mbedtls/debug.c
View file

@ -48,8 +48,7 @@
static int debug_threshold = 0;
void mbedtls_debug_set_threshold( int threshold )
{
void mbedtls_debug_set_threshold(int threshold) {
debug_threshold = threshold;
}
@ -58,8 +57,7 @@ void mbedtls_debug_set_threshold( int threshold )
*/
static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *str )
{
const char *str) {
/*
* If in a threaded environment, we need a thread identifier.
* Since there is no portable way to get one, use the address of the ssl
@ -77,8 +75,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... )
{
const char *format, ...) {
va_list argp;
char str[DEBUG_BUF_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -86,8 +83,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -95,8 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
{
if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
str[ret] = '\n';
str[ret + 1] = '\0';
}
@ -106,15 +101,13 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, int ret )
{
const char *text, int ret) {
char str[DEBUG_BUF_SIZE];
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -134,8 +127,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len )
{
const unsigned char *buf, size_t len) {
char str[DEBUG_BUF_SIZE];
char txt[17];
size_t i, idx = 0;
@ -143,8 +135,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -155,15 +146,12 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx = 0;
memset(txt, 0, sizeof(txt));
for( i = 0; i < len; i++ )
{
for (i = 0; i < len; i++) {
if (i >= 4096)
break;
if( i % 16 == 0 )
{
if( i > 0 )
{
if (i % 16 == 0) {
if (i > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
@ -181,8 +169,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.' ;
}
if( len > 0 )
{
if (len > 0) {
for (/* i = i */; i % 16 != 0; i++)
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
@ -194,15 +181,13 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
#if defined(MBEDTLS_ECP_C)
void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_ecp_point *X )
{
const char *text, const mbedtls_ecp_point *X) {
char str[DEBUG_BUF_SIZE];
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -217,8 +202,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
#if defined(MBEDTLS_BIGNUM_C)
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X )
{
const char *text, const mbedtls_mpi *X) {
char str[DEBUG_BUF_SIZE];
int j, k, zeros = 1;
size_t i, n, idx = 0;
@ -227,8 +211,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -246,22 +229,18 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
debug_send_line(ssl, level, file, line, str);
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
{
for (i = n + 1, j = 0; i > 0; i--) {
if (zeros && X->p[i - 1] == 0)
continue;
for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- )
{
for (k = sizeof(mbedtls_mpi_uint) - 1; k >= 0; k--) {
if (zeros && ((X->p[i - 1] >> (k << 3)) & 0xFF) == 0)
continue;
else
zeros = 0;
if( j % 16 == 0 )
{
if( j > 0 )
{
if (j % 16 == 0) {
if (j > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
idx = 0;
@ -287,23 +266,20 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk )
{
const char *text, const mbedtls_pk_context *pk) {
size_t i;
mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
char name[16];
memset(items, 0, sizeof(items));
if( mbedtls_pk_debug( pk, items ) != 0 )
{
if (mbedtls_pk_debug(pk, items) != 0) {
debug_send_line(ssl, level, file, line,
"invalid PK context\n");
return;
}
for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
{
for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
if (items[i].type == MBEDTLS_PK_DEBUG_NONE)
return;
@ -324,16 +300,13 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
}
static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text )
{
const char *file, int line, const char *text) {
char str[DEBUG_BUF_SIZE];
const char *start, *cur;
start = text;
for( cur = text; *cur != '\0'; cur++ )
{
if( *cur == '\n' )
{
for (cur = text; *cur != '\0'; cur++) {
if (*cur == '\n') {
size_t len = cur - start + 1;
if (len > DEBUG_BUF_SIZE - 1)
len = DEBUG_BUF_SIZE - 1;
@ -350,8 +323,7 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_x509_crt *crt )
{
const char *text, const mbedtls_x509_crt *crt) {
char str[DEBUG_BUF_SIZE];
int i = 0;
@ -359,13 +331,11 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == crt ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
while( crt != NULL )
{
while (crt != NULL) {
char buf[1024];
mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
@ -386,16 +356,14 @@ static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
int level, const char *file,
int line,
const mbedtls_ecdh_context *ecdh,
mbedtls_debug_ecdh_attr attr )
{
mbedtls_debug_ecdh_attr attr) {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
const mbedtls_ecdh_context *ctx = ecdh;
#else
const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
#endif
switch( attr )
{
switch (attr) {
case MBEDTLS_DEBUG_ECDH_Q:
mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
&ctx->Q);
@ -416,13 +384,11 @@ static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const mbedtls_ecdh_context *ecdh,
mbedtls_debug_ecdh_attr attr )
{
mbedtls_debug_ecdh_attr attr) {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
#else
switch( ecdh->var )
{
switch (ecdh->var) {
default:
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
attr);

3
common/mbedtls/debug.h
View file

@ -270,8 +270,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
#endif
#if defined(MBEDTLS_ECDH_C)
typedef enum
{
typedef enum {
MBEDTLS_DEBUG_ECDH_Q,
MBEDTLS_DEBUG_ECDH_QP,
MBEDTLS_DEBUG_ECDH_Z,

219
common/mbedtls/des.c
View file

@ -69,8 +69,7 @@
/*
* Expanded DES S-boxes
*/
static const uint32_t SB1[64] =
{
static const uint32_t SB1[64] = {
0x01010400, 0x00000000, 0x00010000, 0x01010404,
0x01010004, 0x00010404, 0x00000004, 0x00010000,
0x00000400, 0x01010400, 0x01010404, 0x00000400,
@ -89,8 +88,7 @@ static const uint32_t SB1[64] =
0x00010004, 0x00010400, 0x00000000, 0x01010004
};
static const uint32_t SB2[64] =
{
static const uint32_t SB2[64] = {
0x80108020, 0x80008000, 0x00008000, 0x00108020,
0x00100000, 0x00000020, 0x80100020, 0x80008020,
0x80000020, 0x80108020, 0x80108000, 0x80000000,
@ -109,8 +107,7 @@ static const uint32_t SB2[64] =
0x80000000, 0x80100020, 0x80108020, 0x00108000
};
static const uint32_t SB3[64] =
{
static const uint32_t SB3[64] = {
0x00000208, 0x08020200, 0x00000000, 0x08020008,
0x08000200, 0x00000000, 0x00020208, 0x08000200,
0x00020008, 0x08000008, 0x08000008, 0x00020000,
@ -129,8 +126,7 @@ static const uint32_t SB3[64] =
0x00020208, 0x00000008, 0x08020008, 0x00020200
};
static const uint32_t SB4[64] =
{
static const uint32_t SB4[64] = {
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802080, 0x00800081, 0x00800001, 0x00002001,
0x00000000, 0x00802000, 0x00802000, 0x00802081,
@ -149,8 +145,7 @@ static const uint32_t SB4[64] =
0x00000080, 0x00800000, 0x00002000, 0x00802080
};
static const uint32_t SB5[64] =
{
static const uint32_t SB5[64] = {
0x00000100, 0x02080100, 0x02080000, 0x42000100,
0x00080000, 0x00000100, 0x40000000, 0x02080000,
0x40080100, 0x00080000, 0x02000100, 0x40080100,
@ -169,8 +164,7 @@ static const uint32_t SB5[64] =
0x00000000, 0x40080000, 0x02080100, 0x40000100
};
static const uint32_t SB6[64] =
{
static const uint32_t SB6[64] = {
0x20000010, 0x20400000, 0x00004000, 0x20404010,
0x20400000, 0x00000010, 0x20404010, 0x00400000,
0x20004000, 0x00404010, 0x00400000, 0x20000010,
@ -189,8 +183,7 @@ static const uint32_t SB6[64] =
0x20404000, 0x20000000, 0x00400010, 0x20004010
};
static const uint32_t SB7[64] =
{
static const uint32_t SB7[64] = {
0x00200000, 0x04200002, 0x04000802, 0x00000000,
0x00000800, 0x04000802, 0x00200802, 0x04200800,
0x04200802, 0x00200000, 0x00000000, 0x04000002,
@ -209,8 +202,7 @@ static const uint32_t SB7[64] =
0x04000002, 0x04000800, 0x00000800, 0x00200002
};
static const uint32_t SB8[64] =
{
static const uint32_t SB8[64] = {
0x10001040, 0x00001000, 0x00040000, 0x10041040,
0x10000000, 0x10001040, 0x00000040, 0x10000000,
0x00040040, 0x10040000, 0x10041040, 0x00041000,
@ -232,16 +224,14 @@ static const uint32_t SB8[64] =
/*
* PC1: left and right halves bit-swap
*/
static const uint32_t LHs[16] =
{
static const uint32_t LHs[16] = {
0x00000000, 0x00000001, 0x00000100, 0x00000101,
0x00010000, 0x00010001, 0x00010100, 0x00010101,
0x01000000, 0x01000001, 0x01000100, 0x01000101,
0x01010000, 0x01010001, 0x01010100, 0x01010101
};
static const uint32_t RHs[16] =
{
static const uint32_t RHs[16] = {
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100,
0x00000001, 0x01000001, 0x00010001, 0x01010001,
@ -303,26 +293,22 @@ static const uint32_t RHs[16] =
uint32_t t = (a); (a) = (b); (b) = t; t = 0; \
} while( 0 )
void mbedtls_des_init( mbedtls_des_context *ctx )
{
void mbedtls_des_init(mbedtls_des_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_des_context));
}
void mbedtls_des_free( mbedtls_des_context *ctx )
{
void mbedtls_des_free(mbedtls_des_context *ctx) {
if (ctx == NULL)
return;
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
}
void mbedtls_des3_init( mbedtls_des3_context *ctx )
{
void mbedtls_des3_init(mbedtls_des3_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_des3_context));
}
void mbedtls_des3_free( mbedtls_des3_context *ctx )
{
void mbedtls_des3_free(mbedtls_des3_context *ctx) {
if (ctx == NULL)
return;
@ -338,10 +324,10 @@ static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
254 };
254
};
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
int i;
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++)
@ -351,8 +337,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
/*
* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
*/
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
int i;
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++)
@ -385,8 +370,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
#define WEAK_KEY_COUNT 16
static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
{
static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = {
{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
@ -406,8 +390,7 @@ static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE]
{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
};
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
int i;
for (i = 0; i < WEAK_KEY_COUNT; i++)
@ -418,8 +401,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
}
#if !defined(MBEDTLS_DES_SETKEY_ALT)
void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
int i;
uint32_t X, Y, T;
@ -429,8 +411,12 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
/*
* Permuted Choice 1
*/
T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
T = ((Y >> 4) ^ X) & 0x0F0F0F0F;
X ^= T;
Y ^= (T << 4);
T = ((Y) ^ X) & 0x10101010;
X ^= T;
Y ^= (T);
X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF ] << 2)
| (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF ])
@ -448,15 +434,11 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
/*
* calculate subkeys
*/
for( i = 0; i < 16; i++ )
{
if( i < 2 || i == 8 || i == 15 )
{
for (i = 0; i < 16; i++) {
if (i < 2 || i == 8 || i == 15) {
X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
}
else
{
} else {
X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
}
@ -491,8 +473,7 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
/*
* DES key schedule (56-bit, encryption)
*/
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
mbedtls_des_setkey(ctx->sk, key);
return (0);
@ -501,14 +482,12 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
/*
* DES key schedule (56-bit, decryption)
*/
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) {
int i;
mbedtls_des_setkey(ctx->sk, key);
for( i = 0; i < 16; i += 2 )
{
for (i = 0; i < 16; i += 2) {
SWAP(ctx->sk[i ], ctx->sk[30 - i]);
SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
}
@ -518,15 +497,13 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
static void des3_set2key(uint32_t esk[96],
uint32_t dsk[96],
const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
{
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) {
int i;
mbedtls_des_setkey(esk, key);
mbedtls_des_setkey(dsk + 32, key + 8);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i ] = esk[30 - i];
dsk[i + 1] = esk[31 - i];
@ -545,8 +522,7 @@ static void des3_set2key( uint32_t esk[96],
* Triple-DES key schedule (112-bit, encryption)
*/
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
{
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) {
uint32_t sk[96];
des3_set2key(ctx->sk, sk, key);
@ -559,8 +535,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
* Triple-DES key schedule (112-bit, decryption)
*/
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
{
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) {
uint32_t sk[96];
des3_set2key(sk, ctx->sk, key);
@ -571,16 +546,14 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
static void des3_set3key(uint32_t esk[96],
uint32_t dsk[96],
const unsigned char key[24] )
{
const unsigned char key[24]) {
int i;
mbedtls_des_setkey(esk, key);
mbedtls_des_setkey(dsk + 32, key + 8);
mbedtls_des_setkey(esk + 64, key + 16);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i ] = esk[94 - i];
dsk[i + 1] = esk[95 - i];
@ -596,8 +569,7 @@ static void des3_set3key( uint32_t esk[96],
* Triple-DES key schedule (168-bit, encryption)
*/
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
{
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) {
uint32_t sk[96];
des3_set3key(ctx->sk, sk, key);
@ -610,8 +582,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
* Triple-DES key schedule (168-bit, decryption)
*/
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
{
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) {
uint32_t sk[96];
des3_set3key(sk, ctx->sk, key);
@ -626,8 +597,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
const unsigned char input[8],
unsigned char output[8] )
{
unsigned char output[8]) {
int i;
uint32_t X, Y, T, *SK;
@ -638,8 +608,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -662,18 +631,15 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int i;
unsigned char temp[8];
if (length % 8)
return (MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH);
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);
@ -684,11 +650,8 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
mbedtls_des_crypt_ecb(ctx, input, output);
@ -713,8 +676,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
const unsigned char input[8],
unsigned char output[8] )
{
unsigned char output[8]) {
int i;
uint32_t X, Y, T, *SK;
@ -725,20 +687,17 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(X, Y);
DES_ROUND(Y, X);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -761,18 +720,15 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int i;
unsigned char temp[8];
if (length % 8)
return (MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH);
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);
@ -783,11 +739,8 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
mbedtls_des3_crypt_ecb(ctx, input, output);
@ -814,47 +767,40 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
*
* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
*/
static const unsigned char des3_test_keys[24] =
{
static const unsigned char des3_test_keys[24] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
};
static const unsigned char des3_test_buf[8] =
{
static const unsigned char des3_test_buf[8] = {
0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
};
static const unsigned char des3_test_ecb_dec[3][8] =
{
static const unsigned char des3_test_ecb_dec[3][8] = {
{ 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 },
{ 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 },
{ 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D }
};
static const unsigned char des3_test_ecb_enc[3][8] =
{
static const unsigned char des3_test_ecb_enc[3][8] = {
{ 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB },
{ 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 },
{ 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F }
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const unsigned char des3_test_iv[8] =
{
static const unsigned char des3_test_iv[8] = {
0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
};
static const unsigned char des3_test_cbc_dec[3][8] =
{
static const unsigned char des3_test_cbc_dec[3][8] = {
{ 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A },
{ 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 },
{ 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF }
};
static const unsigned char des3_test_cbc_enc[3][8] =
{
static const unsigned char des3_test_cbc_enc[3][8] = {
{ 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D },
{ 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 },
{ 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 }
@ -864,8 +810,7 @@ static const unsigned char des3_test_cbc_enc[3][8] =
/*
* Checkup routine
*/
int mbedtls_des_self_test( int verbose )
{
int mbedtls_des_self_test(int verbose) {
int i, j, u, v, ret = 0;
mbedtls_des_context ctx;
mbedtls_des3_context ctx3;
@ -880,8 +825,7 @@ int mbedtls_des_self_test( int verbose )
/*
* ECB mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
@ -892,8 +836,7 @@ int mbedtls_des_self_test( int verbose )
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -922,8 +865,7 @@ int mbedtls_des_self_test( int verbose )
return (1);
}
for( j = 0; j < 100; j++ )
{
for (j = 0; j < 100; j++) {
if (u == 0)
mbedtls_des_crypt_ecb(&ctx, buf, buf);
else
@ -933,8 +875,7 @@ int mbedtls_des_self_test( int verbose )
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
{
memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -953,8 +894,7 @@ int mbedtls_des_self_test( int verbose )
/*
* CBC mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
@ -967,8 +907,7 @@ int mbedtls_des_self_test( int verbose )
memcpy(prv, des3_test_iv, 8);
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -997,20 +936,15 @@ int mbedtls_des_self_test( int verbose )
return (1);
}
if( v == MBEDTLS_DES_DECRYPT )
{
for( j = 0; j < 100; j++ )
{
if (v == MBEDTLS_DES_DECRYPT) {
for (j = 0; j < 100; j++) {
if (u == 0)
mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
else
mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
}
}
else
{
for( j = 0; j < 100; j++ )
{
} else {
for (j = 0; j < 100; j++) {
unsigned char tmp[8];
if (u == 0)
@ -1029,8 +963,7 @@ int mbedtls_des_self_test( int verbose )
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
{
memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
if (verbose != 0)
mbedtls_printf("failed\n");

6
common/mbedtls/des.h
View file

@ -61,8 +61,7 @@ extern "C" {
* security risk. We recommend considering stronger ciphers
* instead.
*/
typedef struct mbedtls_des_context
{
typedef struct mbedtls_des_context {
uint32_t sk[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@ -70,8 +69,7 @@ mbedtls_des_context;
/**
* \brief Triple-DES context structure
*/
typedef struct mbedtls_des3_context
{
typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;

129
common/mbedtls/dhm.c
View file

@ -65,8 +65,7 @@
*/
static int dhm_read_bignum(mbedtls_mpi *X,
unsigned char **p,
const unsigned char *end )
{
const unsigned char *end) {
int ret, n;
if (end - *p < 2)
@ -98,29 +97,28 @@ static int dhm_read_bignum( mbedtls_mpi *X,
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
*/
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{
static int dhm_check_range(const mbedtls_mpi *param, const mbedtls_mpi *P) {
mbedtls_mpi L, U;
int ret = 0;
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
mbedtls_mpi_init(&L);
mbedtls_mpi_init(&U);
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&L, 2));
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
if (mbedtls_mpi_cmp_mpi(param, &L) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
mbedtls_mpi_cmp_mpi(param, &U) > 0) {
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
mbedtls_mpi_free(&L);
mbedtls_mpi_free(&U);
return (ret);
}
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
{
void mbedtls_dhm_init(mbedtls_dhm_context *ctx) {
DHM_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_dhm_context));
}
@ -130,8 +128,7 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
*/
int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
unsigned char **p,
const unsigned char *end )
{
const unsigned char *end) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(p != NULL && *p != NULL);
@ -156,8 +153,7 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret, count = 0;
size_t n1, n2, n3;
unsigned char *p;
@ -172,8 +168,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
/*
* Generate X as large as possible ( < P )
*/
do
{
do {
MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
while (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->P) >= 0)
@ -181,8 +176,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
if (count++ > 10)
return (MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED);
}
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
} while (dhm_check_range(&ctx->X, &ctx->P) != 0);
/*
* Calculate GX = G^X mod P
@ -232,16 +226,14 @@ cleanup:
*/
int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G )
{
const mbedtls_mpi *G) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(P != NULL);
DHM_VALIDATE_RET(G != NULL);
if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
{
(ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
return (MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret);
}
@ -253,8 +245,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
* Import the peer's public value G^Y
*/
int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen )
{
const unsigned char *input, size_t ilen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(input != NULL);
@ -274,8 +265,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret, count = 0;
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(output != NULL);
@ -290,8 +280,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
/*
* generate X and calculate GX = G^X mod P
*/
do
{
do {
MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
while (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->P) >= 0)
@ -299,8 +288,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
if (count++ > 10)
return (MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED);
}
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
} while (dhm_check_range(&ctx->X, &ctx->P) != 0);
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
&ctx->P, &ctx->RP));
@ -322,13 +310,11 @@ cleanup:
* Pick a random R in the range [2, M) for blinding purposes
*/
static int dhm_random_below(mbedtls_mpi *R, const mbedtls_mpi *M,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
int ret, count;
count = 0;
do
{
do {
MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(R, mbedtls_mpi_size(M), f_rng, p_rng));
while (mbedtls_mpi_cmp_mpi(R, M) >= 0)
@ -336,8 +322,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
if (count++ > 10)
return (MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
}
while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
} while (mbedtls_mpi_cmp_int(R, 1) <= 0);
cleanup:
return (ret);
@ -351,8 +336,7 @@ cleanup:
* Berlin Heidelberg, 1996. p. 104-113.
*/
static int dhm_update_blinding(mbedtls_dhm_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
int ret;
mbedtls_mpi R;
@ -362,8 +346,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* Don't use any blinding the first time a particular X is used,
* but remember it to use blinding next time.
*/
if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
@ -375,8 +358,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* Ok, we need blinding. Can we re-use existing values?
* If yes, just update them by squaring them.
*/
if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
{
if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
@ -417,8 +399,7 @@ cleanup:
int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
unsigned char *output, size_t output_size, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GYb;
DHM_VALIDATE_RET(ctx != NULL);
@ -434,13 +415,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
mbedtls_mpi_init(&GYb);
/* Blind peer's value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));
}
else
} else
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY));
/* Do modular exponentiation */
@ -448,8 +427,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
&ctx->P, &ctx->RP));
/* Unblind secret value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));
}
@ -470,8 +448,7 @@ cleanup:
/*
* Free the components of a DHM key
*/
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
{
void mbedtls_dhm_free(mbedtls_dhm_context *ctx) {
if (ctx == NULL)
return;
@ -494,8 +471,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
* Parse DHM parameters
*/
int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen )
{
size_t dhminlen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *p, *end;
@ -518,14 +494,12 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
"-----END DH PARAMETERS-----",
dhmin, NULL, 0, &dhminlen);
if( ret == 0 )
{
if (ret == 0) {
/*
* Was PEM encoded
*/
dhminlen = pem.buflen;
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT)
goto exit;
p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
@ -542,8 +516,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
* }
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
goto exit;
}
@ -551,27 +524,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
end = p + len;
if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
goto exit;
}
if( p != end )
{
if (p != end) {
/* This might be the optional privateValueLength.
* If so, we can cleanly discard it */
mbedtls_mpi rec;
mbedtls_mpi_init(&rec);
ret = mbedtls_asn1_get_mpi(&p, end, &rec);
mbedtls_mpi_free(&rec);
if ( ret != 0 )
{
if (ret != 0) {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
goto exit;
}
if ( p != end )
{
if (p != end) {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
goto exit;
@ -600,8 +569,7 @@ exit:
* A terminating null byte is always appended. It is included in the announced
* length only if the data looks like it is PEM encoded.
*/
static int load_file( const char *path, unsigned char **buf, size_t *n )
{
static int load_file(const char *path, unsigned char **buf, size_t *n) {
FILE *f;
long size;
@ -609,8 +577,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
return (MBEDTLS_ERR_DHM_FILE_IO_ERROR);
fseek(f, 0, SEEK_END);
if( ( size = ftell( f ) ) == -1 )
{
if ((size = ftell(f)) == -1) {
fclose(f);
return (MBEDTLS_ERR_DHM_FILE_IO_ERROR);
}
@ -619,14 +586,12 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
*n = (size_t) size;
if (*n + 1 == 0 ||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
{
(*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
fclose(f);
return (MBEDTLS_ERR_DHM_ALLOC_FAILED);
}
if( fread( *buf, 1, *n, f ) != *n )
{
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
mbedtls_platform_zeroize(*buf, *n + 1);
@ -648,8 +613,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
/*
* Load and parse DHM parameters
*/
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
{
int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
@ -692,7 +656,8 @@ static const char mbedtls_test_dhm_params[] = {
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
};
#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
@ -700,8 +665,7 @@ static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_param
/*
* Checkup routine
*/
int mbedtls_dhm_self_test( int verbose )
{
int mbedtls_dhm_self_test(int verbose) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_dhm_context dhm;
@ -712,8 +676,7 @@ int mbedtls_dhm_self_test( int verbose )
if ((ret = mbedtls_dhm_parse_dhm(&dhm,
(const unsigned char *) mbedtls_test_dhm_params,
mbedtls_test_dhm_params_len ) ) != 0 )
{
mbedtls_test_dhm_params_len)) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

3
common/mbedtls/dhm.h
View file

@ -97,8 +97,7 @@ extern "C" {
/**
* \brief The DHM context structure.
*/
typedef struct mbedtls_dhm_context
{
typedef struct mbedtls_dhm_context {
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */

121
common/mbedtls/ecdh.c
View file

@ -45,8 +45,7 @@ typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx )
{
const mbedtls_ecdh_context *ctx) {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return (ctx->grp.id);
#else
@ -54,8 +53,7 @@ static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
#endif
}
int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
{
int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid) {
/* At this time, all groups support ECDH. */
(void) gid;
return (1);
@ -73,8 +71,7 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
mbedtls_ecp_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If multiplication is in progress, we already generated a privkey */
@ -95,8 +92,7 @@ cleanup:
*/
int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
ECDH_VALIDATE_RET(grp != NULL);
ECDH_VALIDATE_RET(d != NULL);
ECDH_VALIDATE_RET(Q != NULL);
@ -114,8 +110,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
mbedtls_ecp_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point P;
@ -124,8 +119,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
f_rng, p_rng, rs_ctx));
if( mbedtls_ecp_is_zero( &P ) )
{
if (mbedtls_ecp_is_zero(&P)) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -144,8 +138,7 @@ cleanup:
int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
ECDH_VALIDATE_RET(grp != NULL);
ECDH_VALIDATE_RET(Q != NULL);
ECDH_VALIDATE_RET(d != NULL);
@ -155,8 +148,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
}
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
{
static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) {
mbedtls_ecp_group_init(&ctx->grp);
mbedtls_mpi_init(&ctx->d);
mbedtls_ecp_point_init(&ctx->Q);
@ -171,8 +163,7 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
/*
* Initialize context
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
{
void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) {
ECDH_VALIDATE(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
@ -192,13 +183,11 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
}
static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_group_id grp_id )
{
mbedtls_ecp_group_id grp_id) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
if( ret != 0 )
{
if (ret != 0) {
return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE);
}
@ -208,15 +197,13 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
/*
* Setup context
*/
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
{
int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id) {
ECDH_VALIDATE_RET(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return (ecdh_setup_internal(ctx, grp_id));
#else
switch( grp_id )
{
switch (grp_id) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
@ -234,8 +221,7 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
#endif
}
static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
{
static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx) {
mbedtls_ecp_group_free(&ctx->grp);
mbedtls_mpi_free(&ctx->d);
mbedtls_ecp_point_free(&ctx->Q);
@ -251,8 +237,7 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
/*
* Enable restartable operations for context
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
{
void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx) {
ECDH_VALIDATE(ctx != NULL);
ctx->restart_enabled = 1;
@ -262,8 +247,7 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
/*
* Free context
*/
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
{
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) {
if (ctx == NULL)
return;
@ -273,8 +257,7 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
mbedtls_mpi_free(&ctx->_d);
ecdh_free_internal(ctx);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
mbedtls_everest_free(&ctx->ctx.everest_ecdh);
@ -300,8 +283,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
unsigned char *,
size_t),
void *p_rng,
int restart_enabled )
{
int restart_enabled) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t grp_len, pt_len;
#if defined(MBEDTLS_ECP_RESTARTABLE)
@ -354,8 +336,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int restart_enabled = 0;
ECDH_VALIDATE_RET(ctx != NULL);
ECDH_VALIDATE_RET(olen != NULL);
@ -372,8 +353,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
return (ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return (mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
@ -392,8 +372,7 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx,
const unsigned char **buf,
const unsigned char *end )
{
const unsigned char *end) {
return (mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
end - *buf));
}
@ -407,8 +386,7 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
*/
int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
const unsigned char **buf,
const unsigned char *end )
{
const unsigned char *end) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
ECDH_VALIDATE_RET(ctx != NULL);
@ -426,8 +404,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return (ecdh_read_params_internal(ctx, buf, end));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return (mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
@ -444,8 +421,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side )
{
mbedtls_ecdh_side side) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If it's not our key, just import the public part as Qp */
@ -468,23 +444,19 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
*/
int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side )
{
mbedtls_ecdh_side side) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECDH_VALIDATE_RET(ctx != NULL);
ECDH_VALIDATE_RET(key != NULL);
ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS);
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0)
return (ret);
}
else
{
} else {
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
@ -495,11 +467,9 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return (ecdh_get_params_internal(ctx, key, side));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
{
case MBEDTLS_ECDH_VARIANT_EVEREST: {
mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
MBEDTLS_EVEREST_ECDH_OURS :
MBEDTLS_EVEREST_ECDH_THEIRS;
@ -523,8 +493,7 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
unsigned char *,
size_t),
void *p_rng,
int restart_enabled )
{
int restart_enabled) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
@ -560,8 +529,7 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int restart_enabled = 0;
ECDH_VALIDATE_RET(ctx != NULL);
ECDH_VALIDATE_RET(olen != NULL);
@ -576,8 +544,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
return (ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return (mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
@ -595,8 +562,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
}
static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx,
const unsigned char *buf, size_t blen )
{
const unsigned char *buf, size_t blen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
@ -614,16 +580,14 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
* Parse and import the client's public value
*/
int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen )
{
const unsigned char *buf, size_t blen) {
ECDH_VALIDATE_RET(ctx != NULL);
ECDH_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return (ecdh_read_public_internal(ctx, buf, blen));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return (mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
@ -645,8 +609,7 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
unsigned char *,
size_t),
void *p_rng,
int restart_enabled )
{
int restart_enabled) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
@ -665,14 +628,12 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng,
rs_ctx ) ) != 0 )
{
rs_ctx)) != 0) {
return (ret);
}
#else
if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng ) ) != 0 )
{
&ctx->d, f_rng, p_rng)) != 0) {
return (ret);
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
@ -694,8 +655,7 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int restart_enabled = 0;
ECDH_VALIDATE_RET(ctx != NULL);
ECDH_VALIDATE_RET(olen != NULL);
@ -709,8 +669,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
return (ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
restart_enabled));
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return (mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,

15
common/mbedtls/ecdh.h
View file

@ -52,8 +52,7 @@ extern "C" {
/**
* Defines the source of the imported EC key.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@ -65,8 +64,7 @@ typedef enum
* Later versions of the library may add new variants, therefore users should
* not make any assumptions about them.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
@ -81,8 +79,7 @@ typedef enum
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
typedef struct mbedtls_ecdh_context_mbed
{
typedef struct mbedtls_ecdh_context_mbed {
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
@ -101,8 +98,7 @@ typedef struct mbedtls_ecdh_context_mbed
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
typedef struct mbedtls_ecdh_context
{
typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
@ -122,8 +118,7 @@ typedef struct mbedtls_ecdh_context
as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
union
{
union {
mbedtls_ecdh_context_mbed mbed_ecdh;
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh;

176
common/mbedtls/ecdsa.c
View file

@ -58,8 +58,7 @@
/*
* Sub-context for ecdsa_verify()
*/
struct mbedtls_ecdsa_restart_ver
{
struct mbedtls_ecdsa_restart_ver {
mbedtls_mpi u1, u2; /* intermediate values */
enum { /* what to do next? */
ecdsa_ver_init = 0, /* getting started */
@ -70,8 +69,7 @@ struct mbedtls_ecdsa_restart_ver
/*
* Init verify restart sub-context
*/
static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
{
static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx) {
mbedtls_mpi_init(&ctx->u1);
mbedtls_mpi_init(&ctx->u2);
ctx->state = ecdsa_ver_init;
@ -80,8 +78,7 @@ static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
/*
* Free the components of a verify restart sub-context
*/
static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
{
static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx) {
if (ctx == NULL)
return;
@ -94,8 +91,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
/*
* Sub-context for ecdsa_sign()
*/
struct mbedtls_ecdsa_restart_sig
{
struct mbedtls_ecdsa_restart_sig {
int sign_tries;
int key_tries;
mbedtls_mpi k; /* per-signature random */
@ -110,8 +106,7 @@ struct mbedtls_ecdsa_restart_sig
/*
* Init verify sign sub-context
*/
static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
{
static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx) {
ctx->sign_tries = 0;
ctx->key_tries = 0;
mbedtls_mpi_init(&ctx->k);
@ -122,8 +117,7 @@ static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
/*
* Free the components of a sign restart sub-context
*/
static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
{
static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx) {
if (ctx == NULL)
return;
@ -135,8 +129,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
/*
* Sub-context for ecdsa_sign_det()
*/
struct mbedtls_ecdsa_restart_det
{
struct mbedtls_ecdsa_restart_det {
mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */
enum { /* what to do next? */
ecdsa_det_init = 0, /* getting started */
@ -147,8 +140,7 @@ struct mbedtls_ecdsa_restart_det
/*
* Init verify sign_det sub-context
*/
static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
{
static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx) {
mbedtls_hmac_drbg_init(&ctx->rng_ctx);
ctx->state = ecdsa_det_init;
}
@ -156,8 +148,7 @@ static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
/*
* Free the components of a sign_det restart sub-context
*/
static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
{
static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) {
if (ctx == NULL)
return;
@ -225,8 +216,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
*/
static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,
const unsigned char *buf, size_t blen )
{
const unsigned char *buf, size_t blen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n_size = (grp->nbits + 7) / 8;
size_t use_size = blen > n_size ? n_size : blen;
@ -255,8 +245,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int (*f_rng_blind)(void *, unsigned char *, size_t),
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
mbedtls_ecdsa_restart_ctx *rs_ctx) {
int ret, key_tries, sign_tries;
int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries;
mbedtls_ecp_point R;
@ -272,13 +261,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
return (MBEDTLS_ERR_ECP_INVALID_KEY);
mbedtls_ecp_point_init(&R);
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
mbedtls_mpi_init(&k);
mbedtls_mpi_init(&e);
mbedtls_mpi_init(&t);
ECDSA_RS_ENTER(sig);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
{
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
/* redirect to our context */
p_sign_tries = &rs_ctx->sig->sign_tries;
p_key_tries = &rs_ctx->sig->key_tries;
@ -294,10 +284,8 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
#endif /* MBEDTLS_ECP_RESTARTABLE */
*p_sign_tries = 0;
do
{
if( (*p_sign_tries)++ > 10 )
{
do {
if ((*p_sign_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -307,10 +295,8 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
* and set r = xR mod n
*/
*p_key_tries = 0;
do
{
if( (*p_key_tries)++ > 10 )
{
do {
if ((*p_key_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -328,8 +314,7 @@ mul:
p_rng_blind,
ECDSA_RS_ECP));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
}
while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(pr, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->sig != NULL)
@ -366,8 +351,7 @@ modn:
MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
}
while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(s, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->sig != NULL)
@ -376,24 +360,27 @@ modn:
cleanup:
mbedtls_ecp_point_free(&R);
mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
mbedtls_mpi_free(&k);
mbedtls_mpi_free(&e);
mbedtls_mpi_free(&t);
ECDSA_RS_LEAVE(sig);
return (ret);
}
int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
{
switch( gid )
{
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) {
switch (gid) {
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
case MBEDTLS_ECP_DP_CURVE25519: return 0;
case MBEDTLS_ECP_DP_CURVE25519:
return 0;
#endif
#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
case MBEDTLS_ECP_DP_CURVE448: return 0;
case MBEDTLS_ECP_DP_CURVE448:
return 0;
#endif
default: return 1;
default:
return 1;
}
}
@ -402,8 +389,7 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
*/
int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
ECDSA_VALIDATE_RET(grp != NULL);
ECDSA_VALIDATE_RET(r != NULL);
ECDSA_VALIDATE_RET(s != NULL);
@ -427,8 +413,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
mbedtls_md_type_t md_alg,
int (*f_rng_blind)(void *, unsigned char *, size_t),
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
mbedtls_ecdsa_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context rng_ctx;
mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
@ -446,8 +431,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(det);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
{
if (rs_ctx != NULL && rs_ctx->det != NULL) {
/* redirect to our context */
p_rng = &rs_ctx->det->rng_ctx;
@ -479,8 +463,7 @@ sign:
ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
f_rng_blind, p_rng_blind, rs_ctx);
else
{
else {
mbedtls_hmac_drbg_context *p_rng_blind_det;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
@ -500,8 +483,7 @@ sign:
ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det,
(const unsigned char *) blind_label,
strlen(blind_label));
if( ret != 0 )
{
if (ret != 0) {
mbedtls_hmac_drbg_free(&rng_ctx_blind);
goto cleanup;
}
@ -557,8 +539,7 @@ cleanup:
int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r,
mbedtls_mpi *s, const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg )
{
mbedtls_md_type_t md_alg) {
ECDSA_VALIDATE_RET(grp != NULL);
ECDSA_VALIDATE_RET(r != NULL);
ECDSA_VALIDATE_RET(s != NULL);
@ -576,8 +557,7 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
mbedtls_md_type_t md_alg,
int (*f_rng_blind)(void *, unsigned char *,
size_t),
void *p_rng_blind )
{
void *p_rng_blind) {
ECDSA_VALIDATE_RET(grp != NULL);
ECDSA_VALIDATE_RET(r != NULL);
ECDSA_VALIDATE_RET(s != NULL);
@ -599,16 +579,17 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r, const mbedtls_mpi *s,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
mbedtls_ecdsa_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi e, s_inv, u1, u2;
mbedtls_ecp_point R;
mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
mbedtls_ecp_point_init(&R);
mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
mbedtls_mpi_init(&e);
mbedtls_mpi_init(&s_inv);
mbedtls_mpi_init(&u1);
mbedtls_mpi_init(&u2);
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if (! mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL)
@ -617,8 +598,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(ver);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ver != NULL )
{
if (rs_ctx != NULL && rs_ctx->ver != NULL) {
/* redirect to our context */
pu1 = &rs_ctx->ver->u1;
pu2 = &rs_ctx->ver->u2;
@ -633,8 +613,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
* Step 1: make sure r and s are in range 1..n-1
*/
if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
{
mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -669,8 +648,7 @@ muladd:
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
&R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
if( mbedtls_ecp_is_zero( &R ) )
{
if (mbedtls_ecp_is_zero(&R)) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -684,16 +662,17 @@ muladd:
/*
* Step 8: check if v (that is, R.X) is equal to r
*/
if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
cleanup:
mbedtls_ecp_point_free(&R);
mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
mbedtls_mpi_free(&e);
mbedtls_mpi_free(&s_inv);
mbedtls_mpi_free(&u1);
mbedtls_mpi_free(&u2);
ECDSA_RS_LEAVE(ver);
@ -707,8 +686,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r,
const mbedtls_mpi *s)
{
const mbedtls_mpi *s) {
ECDSA_VALIDATE_RET(grp != NULL);
ECDSA_VALIDATE_RET(Q != NULL);
ECDSA_VALIDATE_RET(r != NULL);
@ -723,8 +701,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
* Convert a signature (given by context) to ASN.1
*/
static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen )
{
unsigned char *sig, size_t *slen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
unsigned char *p = buf + sizeof(buf);
@ -752,8 +729,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
mbedtls_ecdsa_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
ECDSA_VALIDATE_RET(ctx != NULL);
@ -801,8 +777,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
@ -816,8 +791,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
mbedtls_md_type_t md_alg )
{
mbedtls_md_type_t md_alg) {
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
@ -832,8 +806,7 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
*/
int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen )
{
const unsigned char *sig, size_t slen) {
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
@ -847,8 +820,7 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
mbedtls_ecdsa_restart_ctx *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + slen;
@ -862,22 +834,19 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
mbedtls_mpi_init(&s);
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
if( p + len != end )
{
if (p + len != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
goto cleanup;
}
if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -911,8 +880,7 @@ cleanup:
* Generate key pair
*/
int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
int ret = 0;
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(f_rng != NULL);
@ -929,16 +897,14 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
/*
* Set context from an mbedtls_ecp_keypair
*/
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
{
int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(key != NULL);
if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
(ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
{
(ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
mbedtls_ecdsa_free(ctx);
}
@ -948,8 +914,7 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke
/*
* Initialize context
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
{
void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx) {
ECDSA_VALIDATE(ctx != NULL);
mbedtls_ecp_keypair_init(ctx);
@ -958,8 +923,7 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
/*
* Free context
*/
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
{
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx) {
if (ctx == NULL)
return;
@ -970,8 +934,7 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
/*
* Initialize a restart context
*/
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
{
void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx) {
ECDSA_VALIDATE(ctx != NULL);
mbedtls_ecp_restart_init(&ctx->ecp);
@ -986,8 +949,7 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
/*
* Free the components of a restart context
*/
void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
{
void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx) {
if (ctx == NULL)
return;

3
common/mbedtls/ecdsa.h
View file

@ -105,8 +105,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
/**
* \brief General context for resuming ECDSA operations
*/
typedef struct
{
typedef struct {
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */

111
common/mbedtls/ecjpake.c
View file

@ -54,8 +54,7 @@ static const char * const ecjpake_id[] = {
/*
* Initialize context
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
{
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx) {
ECJPAKE_VALIDATE(ctx != NULL);
ctx->md_info = NULL;
@ -76,8 +75,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
/*
* Free context
*/
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
{
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx) {
if (ctx == NULL)
return;
@ -103,8 +101,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
mbedtls_md_type_t hash,
mbedtls_ecp_group_id curve,
const unsigned char *secret,
size_t len )
{
size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECJPAKE_VALIDATE_RET(ctx != NULL);
@ -131,14 +128,12 @@ cleanup:
/*
* Check if context is ready for use
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
{
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx) {
ECJPAKE_VALIDATE_RET(ctx != NULL);
if (ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
{
ctx->s.p == NULL) {
return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
}
@ -152,8 +147,7 @@ static int ecjpake_write_len_point( unsigned char **p,
const unsigned char *end,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *P )
{
const mbedtls_ecp_point *P) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -192,8 +186,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
const mbedtls_ecp_point *V,
const mbedtls_ecp_point *X,
const char *id,
mbedtls_mpi *h )
{
mbedtls_mpi *h) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[ECJPAKE_HASH_BUF_LEN];
unsigned char *p = buf;
@ -242,8 +235,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
const mbedtls_ecp_point *X,
const char *id,
const unsigned char **p,
const unsigned char *end )
{
const unsigned char *end) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V, VV;
mbedtls_mpi r, h;
@ -265,16 +257,14 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
if( end < *p || (size_t)( end - *p ) < 1 )
{
if (end < *p || (size_t)(end - *p) < 1) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
r_len = *(*p)++;
if( end < *p || (size_t)( end - *p ) < r_len )
{
if (end < *p || (size_t)(end - *p) < r_len) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -289,8 +279,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
&VV, &h, X, &r, G));
if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
{
if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -317,8 +306,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
unsigned char **p,
const unsigned char *end,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V;
mbedtls_mpi v;
@ -346,8 +334,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
*p += len;
len = mbedtls_mpi_size(&h); /* actually r */
if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
{
if (end < *p || (size_t)(end - *p) < 1 + len || len > 255) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -375,8 +362,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
mbedtls_ecp_point *X,
const char *id,
const unsigned char **p,
const unsigned char *end )
{
const unsigned char *end) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (end < *p)
@ -389,8 +375,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
* } ECJPAKEKeyKP;
*/
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
if( mbedtls_ecp_is_zero( X ) )
{
if (mbedtls_ecp_is_zero(X)) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
@ -415,8 +400,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
unsigned char **p,
const unsigned char *end,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -450,8 +434,7 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
mbedtls_ecp_point *Xb,
const char *id,
const unsigned char *buf,
size_t len )
{
size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
const unsigned char *end = buf + len;
@ -488,8 +471,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
size_t len,
size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
const unsigned char *end = buf + len;
@ -510,8 +492,7 @@ cleanup:
*/
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len )
{
size_t len) {
ECJPAKE_VALIDATE_RET(ctx != NULL);
ECJPAKE_VALIDATE_RET(buf != NULL);
@ -527,8 +508,7 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
ECJPAKE_VALIDATE_RET(ctx != NULL);
ECJPAKE_VALIDATE_RET(buf != NULL);
ECJPAKE_VALIDATE_RET(olen != NULL);
@ -546,8 +526,7 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *A,
const mbedtls_ecp_point *B,
const mbedtls_ecp_point *C )
{
const mbedtls_ecp_point *C) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi one;
@ -568,8 +547,7 @@ cleanup:
*/
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len )
{
size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
const unsigned char *end = buf + len;
@ -597,11 +575,9 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
{
if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
if( grp.id != ctx->grp.id )
{
if (grp.id != ctx->grp.id) {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
}
@ -611,8 +587,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
ctx->point_format,
&G, &ctx->Xp, ID_PEER, &p, end));
if( p != end )
{
if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -632,8 +607,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
const mbedtls_mpi *S,
const mbedtls_mpi *N,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi b; /* Blinding value, then s + N * blinding */
@ -661,8 +635,7 @@ cleanup:
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point G; /* C: GA, S: GB */
mbedtls_ecp_point Xm; /* C: Xc, S: Xs */
@ -701,10 +674,8 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
{
if( end < p )
{
if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -713,8 +684,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
p += ec_len;
}
if( end < p )
{
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -743,8 +713,7 @@ cleanup:
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point K;
mbedtls_mpi m_xm2_s, one;
@ -808,8 +777,7 @@ cleanup:
#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
!defined(MBEDTLS_SHA256_C)
int mbedtls_ecjpake_self_test( int verbose )
{
int mbedtls_ecjpake_self_test(int verbose) {
(void) verbose;
return (0);
}
@ -951,8 +919,7 @@ static const unsigned char ecjpake_test_pms[] = {
/* Load my private keys and generate the corresponding public keys */
static int ecjpake_test_load(mbedtls_ecjpake_context *ctx,
const unsigned char *xm1, size_t len1,
const unsigned char *xm2, size_t len2 )
{
const unsigned char *xm2, size_t len2) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1));
@ -970,13 +937,11 @@ cleanup:
/* For tests we don't need a secure RNG;
* use the LGC from Numerical Recipes for simplicity */
static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
{
static int ecjpake_lgc(void *p, unsigned char *out, size_t len) {
static uint32_t x = 42;
(void) p;
while( len > 0 )
{
while (len > 0) {
size_t use_len = len > 4 ? 4 : len;
x = 1664525 * x + 1013904223;
memcpy(out, &x, use_len);
@ -1001,8 +966,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
/*
* Checkup routine
*/
int mbedtls_ecjpake_self_test( int verbose )
{
int mbedtls_ecjpake_self_test(int verbose) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecjpake_context cli;
mbedtls_ecjpake_context srv;
@ -1123,8 +1087,7 @@ cleanup:
mbedtls_ecjpake_free(&cli);
mbedtls_ecjpake_free(&srv);
if( ret != 0 )
{
if (ret != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

3
common/mbedtls/ecjpake.h
View file

@ -71,8 +71,7 @@ typedef enum {
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
{
typedef struct mbedtls_ecjpake_context {
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */

643
common/mbedtls/ecp.c
View file

File diff suppressed because it is too large Load diff

21
common/mbedtls/ecp.h
View file

@ -106,8 +106,7 @@ extern "C" {
* - Add the curve to the ecp_supported_curves array in ecp.c.
* - Add the curve to applicable profiles in x509_crt.c if applicable.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
@ -134,8 +133,7 @@ typedef enum
/*
* Curve types
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
@ -144,8 +142,7 @@ typedef enum
/**
* Curve information, for use by other modules.
*/
typedef struct mbedtls_ecp_curve_info
{
typedef struct mbedtls_ecp_curve_info {
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
@ -163,8 +160,7 @@ typedef struct mbedtls_ecp_curve_info
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
typedef struct mbedtls_ecp_point
{
typedef struct mbedtls_ecp_point {
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
@ -212,8 +208,7 @@ mbedtls_ecp_point;
* identical.
*
*/
typedef struct mbedtls_ecp_group
{
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
@ -318,8 +313,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
/**
* \brief General context for resuming ECC operations
*/
typedef struct
{
typedef struct {
unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
@ -371,8 +365,7 @@ typedef void mbedtls_ecp_restart_ctx;
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
typedef struct mbedtls_ecp_keypair
{
typedef struct mbedtls_ecp_keypair {
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */

315
common/mbedtls/ecp_curves.c
View file

@ -571,8 +571,7 @@ static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
* Create an MPI from embedded constants
* (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
*/
static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
{
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) {
X->s = 1;
X->n = len / sizeof(mbedtls_mpi_uint);
X->p = (mbedtls_mpi_uint *) p;
@ -581,8 +580,7 @@ static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size
/*
* Set an MPI to static value 1
*/
static inline void ecp_mpi_set1( mbedtls_mpi *X )
{
static inline void ecp_mpi_set1(mbedtls_mpi *X) {
static mbedtls_mpi_uint one[] = { 1 };
X->s = 1;
X->n = 1;
@ -598,8 +596,7 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
const mbedtls_mpi_uint *b, size_t blen,
const mbedtls_mpi_uint *gx, size_t gxlen,
const mbedtls_mpi_uint *gy, size_t gylen,
const mbedtls_mpi_uint *n, size_t nlen)
{
const mbedtls_mpi_uint *n, size_t nlen) {
ecp_mpi_load(&grp->P, p, plen);
if (a != NULL)
ecp_mpi_load(&grp->A, a, alen);
@ -681,8 +678,7 @@ static int ecp_mod_p256k1( mbedtls_mpi * );
/*
* Specialized function for creating the Curve25519 group
*/
static int ecp_use_curve25519( mbedtls_ecp_group *grp )
{
static int ecp_use_curve25519(mbedtls_ecp_group *grp) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Actually ( A + 2 ) / 4 */
@ -720,8 +716,7 @@ cleanup:
/*
* Specialized function for creating the Curve448 group
*/
static int ecp_use_curve448( mbedtls_ecp_group *grp )
{
static int ecp_use_curve448(mbedtls_ecp_group *grp) {
mbedtls_mpi Ns;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -765,15 +760,13 @@ cleanup:
/*
* Set a group using well-known domain parameters
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
{
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) {
ECP_VALIDATE_RET(grp != NULL);
mbedtls_ecp_group_free(grp);
grp->id = id;
switch( id )
{
switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
NIST_MODP(p192);
@ -880,24 +873,22 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
*/
/* Add 64-bit chunks (dst += src) and update carry */
static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
{
static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry) {
unsigned char i;
mbedtls_mpi_uint c = 0;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
{
*dst += c; c = ( *dst < c );
*dst += *src; c += ( *dst < *src );
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
*dst += c;
c = (*dst < c);
*dst += *src;
c += (*dst < *src);
}
*carry += c;
}
/* Add carry to a 64-bit chunk and update carry */
static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
{
static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) {
unsigned char i;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
{
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
*dst += *carry;
*carry = (*dst < *carry);
}
@ -912,8 +903,7 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
/*
* Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
*/
static int ecp_mod_p192( mbedtls_mpi *N )
{
static int ecp_mod_p192(mbedtls_mpi *N) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_uint c = 0;
mbedtls_mpi_uint *p, *end;
@ -924,9 +914,16 @@ static int ecp_mod_p192( mbedtls_mpi *N )
p = N->p;
end = p + N->n;
ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5
ADD(3);
ADD(5);
NEXT; // A0 += A3 + A5
ADD(3);
ADD(4);
ADD(5);
NEXT; // A1 += A3 + A4 + A5
ADD(4);
ADD(5);
LAST; // A2 += A4 + A5
cleanup:
return (ret);
@ -985,14 +982,12 @@ cleanup:
/*
* Helpers for addition and subtraction of chunks, with signed carry.
*/
static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
{
static inline void add32(uint32_t *dst, uint32_t src, signed char *carry) {
*dst += src;
*carry += (*dst < src);
}
static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
{
static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) {
*carry -= (*dst < src);
*dst -= src;
}
@ -1039,8 +1034,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
* If the result is negative, we get it in the form
* c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
*/
static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
{
static inline int fix_negative(mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* C = - c * 2^(bits + 32) */
@ -1066,17 +1060,33 @@ cleanup:
/*
* Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
*/
static int ecp_mod_p224( mbedtls_mpi *N )
{
static int ecp_mod_p224(mbedtls_mpi *N) {
INIT(224);
SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11
SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12
SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13
SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11
SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12
SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13
SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10
SUB(7);
SUB(11);
NEXT; // A0 += -A7 - A11
SUB(8);
SUB(12);
NEXT; // A1 += -A8 - A12
SUB(9);
SUB(13);
NEXT; // A2 += -A9 - A13
SUB(10);
ADD(7);
ADD(11);
NEXT; // A3 += -A10 + A7 + A11
SUB(11);
ADD(8);
ADD(12);
NEXT; // A4 += -A11 + A8 + A12
SUB(12);
ADD(9);
ADD(13);
NEXT; // A5 += -A12 + A9 + A13
SUB(13);
ADD(10);
LAST; // A6 += -A13 + A10
cleanup:
return (ret);
@ -1087,33 +1097,79 @@ cleanup:
/*
* Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
*/
static int ecp_mod_p256( mbedtls_mpi *N )
{
static int ecp_mod_p256(mbedtls_mpi *N) {
INIT(256);
ADD( 8 ); ADD( 9 );
SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0
ADD(8);
ADD(9);
SUB(11);
SUB(12);
SUB(13);
SUB(14);
NEXT; // A0
ADD( 9 ); ADD( 10 );
SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1
ADD(9);
ADD(10);
SUB(12);
SUB(13);
SUB(14);
SUB(15);
NEXT; // A1
ADD( 10 ); ADD( 11 );
SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2
ADD(10);
ADD(11);
SUB(13);
SUB(14);
SUB(15);
NEXT; // A2
ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3
ADD(11);
ADD(11);
ADD(12);
ADD(12);
ADD(13);
SUB(15);
SUB(8);
SUB(9);
NEXT; // A3
ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
SUB( 9 ); SUB( 10 ); NEXT; // A4
ADD(12);
ADD(12);
ADD(13);
ADD(13);
ADD(14);
SUB(9);
SUB(10);
NEXT; // A4
ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
SUB( 10 ); SUB( 11 ); NEXT; // A5
ADD(13);
ADD(13);
ADD(14);
ADD(14);
ADD(15);
SUB(10);
SUB(11);
NEXT; // A5
ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
SUB( 8 ); SUB( 9 ); NEXT; // A6
ADD(14);
ADD(14);
ADD(15);
ADD(15);
ADD(14);
ADD(13);
SUB(8);
SUB(9);
NEXT; // A6
ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7
ADD(15);
ADD(15);
ADD(15);
ADD(8);
SUB(10);
SUB(11);
SUB(12);
SUB(13);
LAST; // A7
cleanup:
return (ret);
@ -1124,45 +1180,98 @@ cleanup:
/*
* Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
*/
static int ecp_mod_p384( mbedtls_mpi *N )
{
static int ecp_mod_p384(mbedtls_mpi *N) {
INIT(384);
ADD( 12 ); ADD( 21 ); ADD( 20 );
SUB( 23 ); NEXT; // A0
ADD(12);
ADD(21);
ADD(20);
SUB(23);
NEXT; // A0
ADD( 13 ); ADD( 22 ); ADD( 23 );
SUB( 12 ); SUB( 20 ); NEXT; // A2
ADD(13);
ADD(22);
ADD(23);
SUB(12);
SUB(20);
NEXT; // A2
ADD( 14 ); ADD( 23 );
SUB( 13 ); SUB( 21 ); NEXT; // A2
ADD(14);
ADD(23);
SUB(13);
SUB(21);
NEXT; // A2
ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3
ADD(15);
ADD(12);
ADD(20);
ADD(21);
SUB(14);
SUB(22);
SUB(23);
NEXT; // A3
ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4
ADD(21);
ADD(21);
ADD(16);
ADD(13);
ADD(12);
ADD(20);
ADD(22);
SUB(15);
SUB(23);
SUB(23);
NEXT; // A4
ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
SUB( 16 ); NEXT; // A5
ADD(22);
ADD(22);
ADD(17);
ADD(14);
ADD(13);
ADD(21);
ADD(23);
SUB(16);
NEXT; // A5
ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
SUB( 17 ); NEXT; // A6
ADD(23);
ADD(23);
ADD(18);
ADD(15);
ADD(14);
ADD(22);
SUB(17);
NEXT; // A6
ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
SUB( 18 ); NEXT; // A7
ADD(19);
ADD(16);
ADD(15);
ADD(23);
SUB(18);
NEXT; // A7
ADD( 20 ); ADD( 17 ); ADD( 16 );
SUB( 19 ); NEXT; // A8
ADD(20);
ADD(17);
ADD(16);
SUB(19);
NEXT; // A8
ADD( 21 ); ADD( 18 ); ADD( 17 );
SUB( 20 ); NEXT; // A9
ADD(21);
ADD(18);
ADD(17);
SUB(20);
NEXT; // A9
ADD( 22 ); ADD( 19 ); ADD( 18 );
SUB( 21 ); NEXT; // A10
ADD(22);
ADD(19);
ADD(18);
SUB(21);
NEXT; // A10
ADD( 23 ); ADD( 20 ); ADD( 19 );
SUB( 22 ); LAST; // A11
ADD(23);
ADD(20);
ADD(19);
SUB(22);
LAST; // A11
cleanup:
return (ret);
@ -1197,8 +1306,7 @@ cleanup:
* Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
* Write N as A1 + 2^521 A0, return A0 + A1
*/
static int ecp_mod_p521( mbedtls_mpi *N )
{
static int ecp_mod_p521(mbedtls_mpi *N) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M;
@ -1246,8 +1354,7 @@ cleanup:
* Fast quasi-reduction modulo p255 = 2^255 - 19
* Write N as A0 + 2^255 A1, return A0 + 19 * A1
*/
static int ecp_mod_p255( mbedtls_mpi *N )
{
static int ecp_mod_p255(mbedtls_mpi *N) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M;
@ -1303,8 +1410,7 @@ cleanup:
* but for 64-bit targets it should use half the number of operations if we do
* the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
*/
static int ecp_mod_p448( mbedtls_mpi *N )
{
static int ecp_mod_p448(mbedtls_mpi *N) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, Q;
@ -1365,8 +1471,7 @@ cleanup:
#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P
#define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask )
{
size_t adjust, size_t shift, mbedtls_mpi_uint mask) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, R;
@ -1438,10 +1543,10 @@ cleanup:
* Fast quasi-reduction modulo p192k1 = 2^192 - R,
* with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
*/
static int ecp_mod_p192k1( mbedtls_mpi *N )
{
static int ecp_mod_p192k1(mbedtls_mpi *N) {
static mbedtls_mpi_uint Rp[] = {
BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00)
};
return (ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0));
}
@ -1452,10 +1557,10 @@ static int ecp_mod_p192k1( mbedtls_mpi *N )
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
static int ecp_mod_p224k1( mbedtls_mpi *N )
{
static int ecp_mod_p224k1(mbedtls_mpi *N) {
static mbedtls_mpi_uint Rp[] = {
BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00)
};
#if defined(MBEDTLS_HAVE_INT64)
return (ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF));
@ -1471,10 +1576,10 @@ static int ecp_mod_p224k1( mbedtls_mpi *N )
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
static int ecp_mod_p256k1( mbedtls_mpi *N )
{
static int ecp_mod_p256k1(mbedtls_mpi *N) {
static mbedtls_mpi_uint Rp[] = {
BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00)
};
return (ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0));
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */

105
common/mbedtls/entropy.c
View file

@ -57,8 +57,7 @@
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
{
void mbedtls_entropy_init(mbedtls_entropy_context *ctx) {
ctx->source_count = 0;
memset(ctx->source, 0, sizeof(ctx->source));
@ -114,8 +113,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
}
void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
{
void mbedtls_entropy_free(mbedtls_entropy_context *ctx) {
/* If the context was already free, don't call free() again.
* This is important for mutexes which don't allow double-free. */
if (ctx->accumulator_started == -1)
@ -142,8 +140,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
mbedtls_entropy_f_source_ptr f_source, void *p_source,
size_t threshold, int strong )
{
size_t threshold, int strong) {
int idx, ret = 0;
#if defined(MBEDTLS_THREADING_C)
@ -152,8 +149,7 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
#endif
idx = ctx->source_count;
if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
{
if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
goto exit;
}
@ -178,16 +174,14 @@ exit:
* Entropy accumulator update
*/
static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id,
const unsigned char *data, size_t len )
{
const unsigned char *data, size_t len) {
unsigned char header[2];
unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
size_t use_len = len;
const unsigned char *p = data;
int ret = 0;
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
{
if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0)
goto cleanup;
@ -234,8 +228,7 @@ cleanup:
}
int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
const unsigned char *data, size_t len )
{
const unsigned char *data, size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
@ -256,8 +249,7 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
/*
* Run through the different sources to add entropy to our accumulator
*/
static int entropy_gather_internal( mbedtls_entropy_context *ctx )
{
static int entropy_gather_internal(mbedtls_entropy_context *ctx) {
int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
int i;
int have_one_strong = 0;
@ -270,23 +262,20 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
/*
* Run through our entropy sources
*/
for( i = 0; i < ctx->source_count; i++ )
{
for (i = 0; i < ctx->source_count; i++) {
if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG)
have_one_strong = 1;
olen = 0;
if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
{
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
goto cleanup;
}
/*
* Add if we actually gathered something
*/
if( olen > 0 )
{
if (olen > 0) {
if ((ret = entropy_update(ctx, (unsigned char) i,
buf, olen)) != 0)
return (ret);
@ -306,8 +295,7 @@ cleanup:
/*
* Thread-safe wrapper for entropy_gather_internal()
*/
int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
{
int mbedtls_entropy_gather(mbedtls_entropy_context *ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
@ -325,8 +313,7 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
return (ret);
}
int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
{
int mbedtls_entropy_func(void *data, unsigned char *output, size_t len) {
int ret, count = 0, i, thresholds_reached;
size_t strong_size;
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
@ -339,8 +326,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
/* Update the NV entropy seed before generating any entropy for outside
* use.
*/
if( ctx->initial_entropy_run == 0 )
{
if (ctx->initial_entropy_run == 0) {
ctx->initial_entropy_run = 1;
if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0)
return (ret);
@ -355,10 +341,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
/*
* Always gather extra entropy before a call
*/
do
{
if( count++ > ENTROPY_MAX_LOOP )
{
do {
if (count++ > ENTROPY_MAX_LOOP) {
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
@ -368,15 +352,13 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
thresholds_reached = 1;
strong_size = 0;
for( i = 0; i < ctx->source_count; i++ )
{
for (i = 0; i < ctx->source_count; i++) {
if (ctx->source[i].size < ctx->source[i].threshold)
thresholds_reached = 0;
if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG)
strong_size += ctx->source[i].size;
}
}
while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
} while (! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
@ -448,8 +430,7 @@ exit:
}
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
{
int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx) {
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
@ -469,8 +450,7 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_FS_IO)
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
{
int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path) {
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
@ -481,8 +461,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0)
goto exit;
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
{
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
@ -496,8 +475,7 @@ exit:
return (ret);
}
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
{
int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path) {
int ret = 0;
FILE *f;
size_t n;
@ -535,8 +513,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
* Dummy source function
*/
static int entropy_dummy_source(void *data, unsigned char *output,
size_t len, size_t *olen )
{
size_t len, size_t *olen) {
((void) data);
memset(output, 0x2a, len);
@ -548,15 +525,13 @@ static int entropy_dummy_source( void *data, unsigned char *output,
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
{
static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len) {
int ret = 0;
size_t entropy_len = 0;
size_t olen = 0;
size_t attempts = buf_len;
while( attempts > 0 && entropy_len < buf_len )
{
while (attempts > 0 && entropy_len < buf_len) {
if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
buf_len - entropy_len, &olen)) != 0)
return (ret);
@ -565,8 +540,7 @@ static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t b
attempts--;
}
if( entropy_len < buf_len )
{
if (entropy_len < buf_len) {
ret = 1;
}
@ -575,14 +549,12 @@ static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t b
static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf,
size_t buf_len )
{
size_t buf_len) {
unsigned char set = 0xFF;
unsigned char unset = 0x00;
size_t i;
for( i = 0; i < buf_len; i++ )
{
for (i = 0; i < buf_len; i++) {
set &= buf[i];
unset |= buf[i];
}
@ -601,8 +573,7 @@ static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf
* are not equal.
* - The error code returned by the entropy source is not an error.
*/
int mbedtls_entropy_source_self_test( int verbose )
{
int mbedtls_entropy_source_self_test(int verbose) {
int ret = 0;
unsigned char buf0[2 * sizeof(unsigned long long int)];
unsigned char buf1[2 * sizeof(unsigned long long int)];
@ -629,8 +600,7 @@ int mbedtls_entropy_source_self_test( int verbose )
ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
cleanup:
if( verbose != 0 )
{
if (verbose != 0) {
if (ret != 0)
mbedtls_printf("failed\n");
else
@ -649,8 +619,7 @@ cleanup:
* test that the functions don't cause errors and write the correct
* amount of data to buffers.
*/
int mbedtls_entropy_self_test( int verbose )
{
int mbedtls_entropy_self_test(int verbose) {
int ret = 1;
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_context ctx;
@ -685,8 +654,7 @@ int mbedtls_entropy_self_test( int verbose )
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0)
goto cleanup;
@ -694,10 +662,8 @@ int mbedtls_entropy_self_test( int verbose )
acc[j] |= buf[j];
}
for( j = 0; j < sizeof( buf ); j++ )
{
if( acc[j] == 0 )
{
for (j = 0; j < sizeof(buf); j++) {
if (acc[j] == 0) {
ret = 1;
goto cleanup;
}
@ -712,8 +678,7 @@ cleanup:
mbedtls_entropy_free(&ctx);
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
if( verbose != 0 )
{
if (verbose != 0) {
if (ret != 0)
mbedtls_printf("failed\n");
else

6
common/mbedtls/entropy.h
View file

@ -105,8 +105,7 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
/**
* \brief Entropy source state
*/
typedef struct mbedtls_entropy_source_state
{
typedef struct mbedtls_entropy_source_state {
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
void *p_source; /**< The callback data pointer */
size_t size; /**< Amount received in bytes */
@ -118,8 +117,7 @@ mbedtls_entropy_source_state;
/**
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context
{
typedef struct mbedtls_entropy_context {
int accumulator_started; /* 0 after init.
* 1 after the first update.
* -1 after free. */

45
common/mbedtls/entropy_poll.c
View file

@ -59,20 +59,17 @@
#include <wincrypt.h>
int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
size_t *olen )
{
size_t *olen) {
HCRYPTPROV provider;
((void) data);
*olen = 0;
if (CryptAcquireContext(&provider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
{
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
}
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
{
if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
CryptReleaseContext(provider, 0);
return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
}
@ -96,8 +93,7 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len
#define HAVE_GETRANDOM
#include <errno.h>
static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
{
static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) {
/* MemSan cannot understand that the syscall writes to the buffer */
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
@ -116,8 +112,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
#include <errno.h>
#include <sys/random.h>
#define HAVE_GETRANDOM
static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
{
static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) {
return getrandom(buf, buflen, flags);
}
#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
@ -138,16 +133,14 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
#if defined(KERN_ARND)
#define HAVE_SYSCTL_ARND
static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
{
static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen) {
int name[2];
size_t len;
name[0] = CTL_KERN;
name[1] = KERN_ARND;
while( buflen > 0 )
{
while (buflen > 0) {
len = buflen > 256 ? 256 : buflen;
if (sysctl(name, 2, buf, &len, NULL, 0) == -1)
return (-1);
@ -162,8 +155,7 @@ static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
#include <stdio.h>
int mbedtls_platform_entropy_poll(void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned char *output, size_t len, size_t *olen) {
FILE *file;
size_t read_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -171,12 +163,10 @@ int mbedtls_platform_entropy_poll( void *data,
#if defined(HAVE_GETRANDOM)
ret = getrandom_wrapper(output, len, 0);
if( ret >= 0 )
{
if (ret >= 0) {
*olen = ret;
return (0);
}
else if( errno != ENOSYS )
} else if (errno != ENOSYS)
return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
/* Fall through if the system call isn't known. */
#else
@ -199,8 +189,7 @@ int mbedtls_platform_entropy_poll( void *data,
return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
read_len = fread(output, 1, len, file);
if( read_len != len )
{
if (read_len != len) {
fclose(file);
return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED);
}
@ -216,8 +205,7 @@ int mbedtls_platform_entropy_poll( void *data,
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_null_entropy_poll(void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned char *output, size_t len, size_t *olen) {
((void) data);
((void) output);
@ -233,8 +221,7 @@ int mbedtls_null_entropy_poll( void *data,
#if defined(MBEDTLS_TIMING_C)
int mbedtls_hardclock_poll(void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned char *output, size_t len, size_t *olen) {
unsigned long timer = mbedtls_timing_hardclock();
((void) data);
*olen = 0;
@ -251,8 +238,7 @@ int mbedtls_hardclock_poll( void *data,
#if defined(MBEDTLS_HAVEGE_C)
int mbedtls_havege_poll(void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned char *output, size_t len, size_t *olen) {
mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
*olen = 0;
@ -267,8 +253,7 @@ int mbedtls_havege_poll( void *data,
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int mbedtls_nv_seed_poll(void *data,
unsigned char *output, size_t len, size_t *olen )
{
unsigned char *output, size_t len, size_t *olen) {
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
((void) data);

24
common/mbedtls/error.c
View file

@ -211,8 +211,7 @@
#endif
const char * mbedtls_high_level_strerr( int error_code )
{
const char *mbedtls_high_level_strerr(int error_code) {
int high_level_error_code;
if (error_code < 0)
@ -221,8 +220,7 @@ const char * mbedtls_high_level_strerr( int error_code )
/* Extract the high-level part from the error code. */
high_level_error_code = error_code & 0xFF80;
switch( high_level_error_code )
{
switch (high_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_CIPHER_C)
case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
@ -575,8 +573,7 @@ const char * mbedtls_high_level_strerr( int error_code )
return (NULL);
}
const char * mbedtls_low_level_strerr( int error_code )
{
const char *mbedtls_low_level_strerr(int error_code) {
int low_level_error_code;
if (error_code < 0)
@ -585,8 +582,7 @@ const char * mbedtls_low_level_strerr( int error_code )
/* Extract the low-level part from the error code. */
low_level_error_code = error_code & ~0xFF80;
switch( low_level_error_code )
{
switch (low_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_AES_C)
case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
@ -893,8 +889,7 @@ const char * mbedtls_low_level_strerr( int error_code )
return (NULL);
}
void mbedtls_strerror( int ret, char *buf, size_t buflen )
{
void mbedtls_strerror(int ret, char *buf, size_t buflen) {
size_t len;
int use_ret;
const char *high_level_error_description = NULL;
@ -908,8 +903,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
if (ret < 0)
ret = -ret;
if( ret & 0xFF80 )
{
if (ret & 0xFF80) {
use_ret = ret & 0xFF80;
// Translate high level error code.
@ -938,8 +932,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
//
len = strlen(buf);
if( len > 0 )
{
if (len > 0) {
if (buflen - len < 5)
return;
@ -963,8 +956,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
/*
* Provide an non-function in case MBEDTLS_ERROR_C is not defined
*/
void mbedtls_strerror( int ret, char *buf, size_t buflen )
{
void mbedtls_strerror(int ret, char *buf, size_t buflen) {
((void) ret);
if (buflen > 0)

395
common/mbedtls/gcm.c
View file

@ -84,8 +84,7 @@
/*
* Initialize a context
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
void mbedtls_gcm_init(mbedtls_gcm_context *ctx) {
GCM_VALIDATE(ctx != NULL);
memset(ctx, 0, sizeof(mbedtls_gcm_context));
}
@ -98,8 +97,7 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
* is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
* corresponds to P^127.
*/
static int gcm_gen_table( mbedtls_gcm_context *ctx )
{
static int gcm_gen_table(mbedtls_gcm_context *ctx) {
int ret, i, j;
uint64_t hi, lo;
uint64_t vl, vh;
@ -133,8 +131,7 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx->HH[0] = 0;
ctx->HL[0] = 0;
for( i = 4; i > 0; i >>= 1 )
{
for (i = 4; i > 0; i >>= 1) {
uint32_t T = (vl & 1) * 0xe1000000U;
vl = (vh << 63) | (vl >> 1);
vh = (vh >> 1) ^ ((uint64_t) T << 32);
@ -143,13 +140,11 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx->HH[i] = vh;
}
for( i = 2; i <= 8; i *= 2 )
{
for (i = 2; i <= 8; i *= 2) {
uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
vh = *HiH;
vl = *HiL;
for( j = 1; j < i; j++ )
{
for (j = 1; j < i; j++) {
HiH[j] = vh ^ ctx->HH[j];
HiL[j] = vl ^ ctx->HL[j];
}
@ -161,8 +156,7 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits )
{
unsigned int keybits) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
@ -184,8 +178,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
return (ret);
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_ENCRYPT)) != 0) {
return (ret);
}
@ -200,8 +193,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
* last4[x] = x times P^128
* where x and last4[x] are seen as elements of GF(2^128) as in [MGV]
*/
static const uint64_t last4[16] =
{
static const uint64_t last4[16] = {
0x0000, 0x1c20, 0x3840, 0x2460,
0x7080, 0x6ca0, 0x48c0, 0x54e0,
0xe100, 0xfd20, 0xd940, 0xc560,
@ -213,8 +205,7 @@ static const uint64_t last4[16] =
* x and output are seen as elements of GF(2^128) as in [MGV].
*/
static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
unsigned char output[16] )
{
unsigned char output[16]) {
int i = 0;
unsigned char lo, hi, rem;
uint64_t zh, zl;
@ -238,13 +229,11 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
zh = ctx->HH[lo];
zl = ctx->HL[lo];
for( i = 15; i >= 0; i-- )
{
for (i = 15; i >= 0; i--) {
lo = x[i] & 0xf;
hi = (x[i] >> 4) & 0xf;
if( i != 15 )
{
if (i != 15) {
rem = (unsigned char) zl & 0xf;
zl = (zh << 60) | (zl >> 4);
zh = (zh >> 4);
@ -273,8 +262,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len )
{
size_t add_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char work_buf[16];
size_t i;
@ -289,8 +277,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
/* IV is not allowed to be zero length */
if (iv_len == 0 ||
((uint64_t) iv_len) >> 61 != 0 ||
( (uint64_t) add_len ) >> 61 != 0 )
{
((uint64_t) add_len) >> 61 != 0) {
return (MBEDTLS_ERR_GCM_BAD_INPUT);
}
@ -301,19 +288,15 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
ctx->len = 0;
ctx->add_len = 0;
if( iv_len == 12 )
{
if (iv_len == 12) {
memcpy(ctx->y, iv, iv_len);
ctx->y[15] = 1;
}
else
{
} else {
memset(work_buf, 0x00, 16);
PUT_UINT32_BE(iv_len * 8, work_buf, 12);
p = iv;
while( iv_len > 0 )
{
while (iv_len > 0) {
use_len = (iv_len < 16) ? iv_len : 16;
for (i = 0; i < use_len; i++)
@ -332,15 +315,13 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
}
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
ctx->base_ectr, &olen ) ) != 0 )
{
ctx->base_ectr, &olen)) != 0) {
return (ret);
}
ctx->add_len = add_len;
p = add;
while( add_len > 0 )
{
while (add_len > 0) {
use_len = (add_len < 16) ? add_len : 16;
for (i = 0; i < use_len; i++)
@ -358,8 +339,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char ectr[16];
size_t i;
@ -377,16 +357,14 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
if (ctx->len + length < ctx->len ||
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
{
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull) {
return (MBEDTLS_ERR_GCM_BAD_INPUT);
}
ctx->len += length;
p = input;
while( length > 0 )
{
while (length > 0) {
use_len = (length < 16) ? length : 16;
for (i = 16; i > 12; i--)
@ -394,13 +372,11 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
break;
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
&olen ) ) != 0 )
{
&olen)) != 0) {
return (ret);
}
for( i = 0; i < use_len; i++ )
{
for (i = 0; i < use_len; i++) {
if (ctx->mode == MBEDTLS_GCM_DECRYPT)
ctx->buf[i] ^= p[i];
out_p[i] = ectr[i] ^ p[i];
@ -420,8 +396,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
unsigned char *tag,
size_t tag_len )
{
size_t tag_len) {
unsigned char work_buf[16];
size_t i;
uint64_t orig_len;
@ -438,8 +413,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
memcpy(tag, ctx->base_ectr, tag_len);
if( orig_len || orig_add_len )
{
if (orig_len || orig_add_len) {
memset(work_buf, 0x00, 16);
PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0);
@ -469,8 +443,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
const unsigned char *input,
unsigned char *output,
size_t tag_len,
unsigned char *tag )
{
unsigned char *tag) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
GCM_VALIDATE_RET(ctx != NULL);
@ -501,8 +474,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
const unsigned char *tag,
size_t tag_len,
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
@ -517,8 +489,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
{
input, output, tag_len, check_tag)) != 0) {
return (ret);
}
@ -526,8 +497,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
for (diff = 0, i = 0; i < tag_len; i++)
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return (MBEDTLS_ERR_GCM_AUTH_FAILED);
}
@ -535,8 +505,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
return (0);
}
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{
void mbedtls_gcm_free(mbedtls_gcm_context *ctx) {
if (ctx == NULL)
return;
mbedtls_cipher_free(&ctx->cipher_ctx);
@ -556,16 +525,19 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
static const int key_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
static const unsigned char key_test_data[MAX_TESTS][32] =
static const unsigned char key_test_data[MAX_TESTS][32] = {
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
},
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
},
};
static const size_t iv_len_test_data[MAX_TESTS] =
@ -574,20 +546,25 @@ static const size_t iv_len_test_data[MAX_TESTS] =
static const int iv_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 2 };
static const unsigned char iv_test_data[MAX_TESTS][64] =
static const unsigned char iv_test_data[MAX_TESTS][64] = {
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
{ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 },
{ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00
},
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
},
{
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b },
0xa6, 0x37, 0xb3, 0x9b
},
};
static const size_t add_len_test_data[MAX_TESTS] =
@ -596,12 +573,13 @@ static const size_t add_len_test_data[MAX_TESTS] =
static const int add_index_test_data[MAX_TESTS] =
{ 0, 0, 0, 1, 1, 1 };
static const unsigned char additional_test_data[MAX_TESTS][64] =
{
static const unsigned char additional_test_data[MAX_TESTS][64] = {
{ 0x00 },
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2 },
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
},
};
static const size_t pt_len_test_data[MAX_TESTS] =
@ -610,183 +588,247 @@ static const size_t pt_len_test_data[MAX_TESTS] =
static const int pt_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
static const unsigned char pt_test_data[MAX_TESTS][64] =
static const unsigned char pt_test_data[MAX_TESTS][64] = {
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
},
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
},
};
static const unsigned char ct_test_data[MAX_TESTS * 3][64] =
{
static const unsigned char ct_test_data[MAX_TESTS * 3][64] = {
{ 0x00 },
{ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
{ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
{
0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
},
{
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
{ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
},
{
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91 },
{ 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
0x3d, 0x58, 0xe0, 0x91
},
{
0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
0xc2, 0x3f, 0x45, 0x98 },
{ 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
0xc2, 0x3f, 0x45, 0x98
},
{
0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
0x4c, 0x34, 0xae, 0xe5 },
0x4c, 0x34, 0xae, 0xe5
},
{ 0x00 },
{ 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
{ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
{
0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
},
{
0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
{ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
},
{
0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10 },
{ 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
0xcc, 0xda, 0x27, 0x10
},
{
0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
0xa0, 0xf0, 0x62, 0xf7 },
{ 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0xa0, 0xf0, 0x62, 0xf7
},
{
0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
0xe9, 0xb7, 0x37, 0x3b },
0xe9, 0xb7, 0x37, 0x3b
},
{ 0x00 },
{ 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
{ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
{
0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
},
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
{ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
},
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62 },
{ 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
0xbc, 0xc9, 0xf6, 0x62
},
{
0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
0xf4, 0x7c, 0x9b, 0x1f },
{ 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
0xf4, 0x7c, 0x9b, 0x1f
},
{
0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
0x44, 0xae, 0x7e, 0x3f },
0x44, 0xae, 0x7e, 0x3f
},
};
static const unsigned char tag_test_data[MAX_TESTS * 3][16] =
static const unsigned char tag_test_data[MAX_TESTS * 3][16] = {
{
{ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
{ 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
{ 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
{ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
{ 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
{ 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
{ 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
{ 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
{ 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
{ 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
{ 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
{ 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
{ 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
{ 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
{ 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
{ 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
{ 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
{ 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
},
{
0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
},
{
0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
},
{
0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
},
{
0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
},
{
0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
},
{
0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
},
{
0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
},
{
0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
},
{
0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
},
{
0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
},
{
0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
},
{
0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
},
{
0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
},
{
0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
},
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
},
{
0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
},
{
0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
},
};
int mbedtls_gcm_self_test( int verbose )
{
int mbedtls_gcm_self_test(int verbose) {
mbedtls_gcm_context ctx;
unsigned char buf[64];
unsigned char tag_buf[16];
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
for( j = 0; j < 3; j++ )
{
for (j = 0; j < 3; j++) {
int key_len = 128 + 64 * j;
for( i = 0; i < MAX_TESTS; i++ )
{
for (i = 0; i < MAX_TESTS; i++) {
mbedtls_gcm_init(&ctx);
if (verbose != 0)
@ -801,13 +843,10 @@ int mbedtls_gcm_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
{
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
mbedtls_printf("skipped\n");
break;
}
else if( ret != 0 )
{
} else if (ret != 0) {
goto exit;
}
@ -822,8 +861,7 @@ int mbedtls_gcm_self_test( int verbose )
#if defined(MBEDTLS_GCM_ALT)
/* Allow alternative implementations to only support 12-byte nonces. */
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
iv_len_test_data[i] != 12 )
{
iv_len_test_data[i] != 12) {
mbedtls_printf("skipped\n");
break;
}
@ -833,8 +871,7 @@ int mbedtls_gcm_self_test( int verbose )
if (memcmp(buf, ct_test_data[j * 6 + i],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
@ -869,8 +906,7 @@ int mbedtls_gcm_self_test( int verbose )
if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
@ -900,8 +936,7 @@ int mbedtls_gcm_self_test( int verbose )
if (ret != 0)
goto exit;
if( pt_len_test_data[i] > 32 )
{
if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
ret = mbedtls_gcm_update(&ctx, 32,
pt_test_data[pt_index_test_data[i]],
@ -914,9 +949,7 @@ int mbedtls_gcm_self_test( int verbose )
buf + 32);
if (ret != 0)
goto exit;
}
else
{
} else {
ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
pt_test_data[pt_index_test_data[i]],
buf);
@ -930,8 +963,7 @@ int mbedtls_gcm_self_test( int verbose )
if (memcmp(buf, ct_test_data[j * 6 + i],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
@ -961,8 +993,7 @@ int mbedtls_gcm_self_test( int verbose )
if (ret != 0)
goto exit;
if( pt_len_test_data[i] > 32 )
{
if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
ret = mbedtls_gcm_update(&ctx, 32, ct_test_data[j * 6 + i],
buf);
@ -974,9 +1005,7 @@ int mbedtls_gcm_self_test( int verbose )
buf + 32);
if (ret != 0)
goto exit;
}
else
{
} else {
ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
ct_test_data[j * 6 + i],
buf);
@ -990,8 +1019,7 @@ int mbedtls_gcm_self_test( int verbose )
if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
@ -1009,8 +1037,7 @@ int mbedtls_gcm_self_test( int verbose )
ret = 0;
exit:
if( ret != 0 )
{
if (ret != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
mbedtls_gcm_free(&ctx);

3
common/mbedtls/gcm.h
View file

@ -60,8 +60,7 @@ extern "C" {
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context
{
typedef struct mbedtls_gcm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */

18
common/mbedtls/havege.c
View file

@ -151,8 +151,7 @@
/*
* Entropy gathering function
*/
static void havege_fill( mbedtls_havege_state *hs )
{
static void havege_fill(mbedtls_havege_state *hs) {
size_t n = 0;
size_t i;
uint32_t U1, U2, *A, *B, *C, *D;
@ -170,8 +169,7 @@ static void havege_fill( mbedtls_havege_state *hs )
memset(RES, 0, sizeof(RES));
while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
{
while (n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4) {
ONE_ITERATION
ONE_ITERATION
ONE_ITERATION
@ -188,15 +186,13 @@ static void havege_fill( mbedtls_havege_state *hs )
/*
* HAVEGE initialization
*/
void mbedtls_havege_init( mbedtls_havege_state *hs )
{
void mbedtls_havege_init(mbedtls_havege_state *hs) {
memset(hs, 0, sizeof(mbedtls_havege_state));
havege_fill(hs);
}
void mbedtls_havege_free( mbedtls_havege_state *hs )
{
void mbedtls_havege_free(mbedtls_havege_state *hs) {
if (hs == NULL)
return;
@ -206,15 +202,13 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
/*
* HAVEGE rand function
*/
int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
{
int mbedtls_havege_random(void *p_rng, unsigned char *buf, size_t len) {
uint32_t val;
size_t use_len;
mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
unsigned char *p = buf;
while( len > 0 )
{
while (len > 0) {
use_len = len;
if (use_len > sizeof(val))
use_len = sizeof(val);

3
common/mbedtls/havege.h
View file

@ -40,8 +40,7 @@ extern "C" {
/**
* \brief HAVEGE state structure
*/
typedef struct mbedtls_havege_state
{
typedef struct mbedtls_havege_state {
uint32_t PT1, PT2, offset[2];
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
uint32_t WALK[8192];

57
common/mbedtls/hkdf.c
View file

@ -28,15 +28,13 @@
int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len )
{
unsigned char *okm, size_t okm_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char prk[MBEDTLS_MD_MAX_SIZE];
ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);
if( ret == 0 )
{
if (ret == 0) {
ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
info, info_len, okm, okm_len);
}
@ -49,23 +47,19 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk )
{
unsigned char *prk) {
unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
if( salt == NULL )
{
if (salt == NULL) {
size_t hash_len;
if( salt_len != 0 )
{
if (salt_len != 0) {
return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
hash_len = mbedtls_md_get_size(md);
if( hash_len == 0 )
{
if (hash_len == 0) {
return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
}
@ -78,8 +72,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len )
{
size_t info_len, unsigned char *okm, size_t okm_len) {
size_t hash_len;
size_t where = 0;
size_t n;
@ -89,28 +82,24 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
mbedtls_md_context_t ctx;
unsigned char t[MBEDTLS_MD_MAX_SIZE];
if( okm == NULL )
{
if (okm == NULL) {
return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA);
}
hash_len = mbedtls_md_get_size(md);
if( prk_len < hash_len || hash_len == 0 )
{
if (prk_len < hash_len || hash_len == 0) {
return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA);
}
if( info == NULL )
{
if (info == NULL) {
info = (const unsigned char *) "";
info_len = 0;
}
n = okm_len / hash_len;
if( okm_len % hash_len != 0 )
{
if (okm_len % hash_len != 0) {
n++;
}
@ -118,15 +107,13 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
* Per RFC 5869 Section 2.3, okm_len must not exceed
* 255 times the hash length
*/
if( n > 255 )
{
if (n > 255) {
return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA);
}
mbedtls_md_init(&ctx);
if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
{
if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
goto exit;
}
@ -136,40 +123,34 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
* Compute T = T(1) | T(2) | T(3) | ... | T(N)
* Where T(N) is defined in RFC 5869 Section 2.3
*/
for( i = 1; i <= n; i++ )
{
for (i = 1; i <= n; i++) {
size_t num_to_copy;
unsigned char c = i & 0xff;
ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
if( ret != 0 )
{
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_hmac_update(&ctx, t, t_len);
if( ret != 0 )
{
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_hmac_update(&ctx, info, info_len);
if( ret != 0 )
{
if (ret != 0) {
goto exit;
}
/* The constant concatenated to the end of each T(n) is a single octet.
* */
ret = mbedtls_md_hmac_update(&ctx, &c, 1);
if( ret != 0 )
{
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_hmac_finish(&ctx, t);
if( ret != 0 )
{
if (ret != 0) {
goto exit;
}

111
common/mbedtls/hmac_drbg.c
View file

@ -49,8 +49,7 @@
/*
* HMAC_DRBG context initialization
*/
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
{
void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context));
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
@ -61,16 +60,14 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
*/
int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
size_t add_len) {
size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1;
unsigned char sep[1];
unsigned char K[MBEDTLS_MD_MAX_SIZE];
int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
for (sep[0] = 0; sep[0] < rounds; sep[0]++) {
/* Step 1 or 4 */
if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0)
goto exit;
@ -80,8 +77,7 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
sep, 1)) != 0)
goto exit;
if( rounds == 2 )
{
if (rounds == 2) {
if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
additional, add_len)) != 0)
goto exit;
@ -107,8 +103,7 @@ exit:
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
size_t add_len) {
(void) mbedtls_hmac_drbg_update_ret(ctx, additional, add_len);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -118,8 +113,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
*/
int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t *md_info,
const unsigned char *data, size_t data_len )
{
const unsigned char *data, size_t data_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0)
@ -152,8 +146,7 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
*/
static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t len,
int use_nonce )
{
int use_nonce) {
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -168,8 +161,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
/* III. Check input length */
if (len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
{
total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) {
return (MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG);
}
}
@ -178,16 +170,14 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
/* IV. Gather entropy_len bytes of entropy for the seed */
if ((ret = ctx->f_entropy(ctx->p_entropy,
seed, ctx->entropy_len ) ) != 0 )
{
seed, ctx->entropy_len)) != 0) {
return (MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED);
}
seedlen += ctx->entropy_len;
/* For initial seeding, allow adding of nonce generated
* from the entropy source. See Sect 8.6.7 in SP800-90A. */
if( use_nonce )
{
if (use_nonce) {
/* Note: We don't merge the two calls to f_entropy() in order
* to avoid requesting too much entropy from f_entropy()
* at once. Specifically, if the underlying digest is not
@ -197,8 +187,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
* call in configurations disabling SHA-512. */
if ((ret = ctx->f_entropy(ctx->p_entropy,
seed + seedlen,
ctx->entropy_len / 2 ) ) != 0 )
{
ctx->entropy_len / 2)) != 0) {
return (MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED);
}
@ -207,8 +196,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
/* 1. Concatenate entropy and additional data if any */
if( additional != NULL && len != 0 )
{
if (additional != NULL && len != 0) {
memcpy(seed + seedlen, additional, len);
seedlen += len;
}
@ -230,8 +218,7 @@ exit:
* HMAC_DRBG reseeding: 10.1.2.4 + 9.2
*/
int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t len )
{
const unsigned char *additional, size_t len) {
return (hmac_drbg_reseed_core(ctx, additional, len, 0));
}
@ -246,8 +233,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t md_size;
@ -273,8 +259,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
if( ctx->entropy_len == 0 )
{
if (ctx->entropy_len == 0) {
/*
* See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
* each hash function, then according to SP800-90A rev1 10.1 table 2,
@ -288,8 +273,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
}
if ((ret = hmac_drbg_reseed_core(ctx, custom, len,
1 /* add nonce */ ) ) != 0 )
{
1 /* add nonce */)) != 0) {
return (ret);
}
@ -300,24 +284,21 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
* Set prediction resistance
*/
void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
int resistance )
{
int resistance) {
ctx->prediction_resistance = resistance;
}
/*
* Set entropy length grabbed for seeding
*/
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
{
void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len) {
ctx->entropy_len = len;
}
/*
* Set reseed interval
*/
void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
{
void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval) {
ctx->reseed_interval = interval;
}
@ -327,8 +308,7 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int
*/
int mbedtls_hmac_drbg_random_with_add(void *p_rng,
unsigned char *output, size_t out_len,
const unsigned char *additional, size_t add_len )
{
const unsigned char *additional, size_t add_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
@ -346,8 +326,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
/* 1. (aka VII and IX) Check reseed counter and PR */
if (ctx->f_entropy != NULL && /* For no-reseeding instances */
(ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
ctx->reseed_counter > ctx->reseed_interval ) )
{
ctx->reseed_counter > ctx->reseed_interval)) {
if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0)
return (ret);
@ -355,16 +334,14 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
}
/* 2. Use additional data if any */
if( additional != NULL && add_len != 0 )
{
if (additional != NULL && add_len != 0) {
if ((ret = mbedtls_hmac_drbg_update_ret(ctx,
additional, add_len)) != 0)
goto exit;
}
/* 3, 4, 5. Generate bytes */
while( left != 0 )
{
while (left != 0) {
size_t use_len = left > md_len ? md_len : left;
if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0)
@ -396,8 +373,7 @@ exit:
/*
* HMAC_DRBG random function
*/
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
{
int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
@ -420,8 +396,7 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len
* This function resets HMAC_DRBG context to the state immediately
* after initial call of mbedtls_hmac_drbg_init().
*/
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
{
void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx) {
if (ctx == NULL)
return;
@ -436,8 +411,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
}
#if defined(MBEDTLS_FS_IO)
int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
{
int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
@ -448,8 +422,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0)
goto exit;
if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
{
if (fwrite(buf, 1, sizeof(buf), f) != sizeof(buf)) {
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
goto exit;
}
@ -463,8 +436,7 @@ exit:
return (ret);
}
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
{
int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) {
int ret = 0;
FILE *f = NULL;
size_t n;
@ -475,13 +447,11 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
return (MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR);
n = fread(buf, 1, sizeof(buf), f);
if( fread( &c, 1, 1, f ) != 0 )
{
if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
goto exit;
}
if( n == 0 || ferror( f ) )
{
if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
goto exit;
}
@ -505,8 +475,7 @@ exit:
#if !defined(MBEDTLS_SHA1_C)
/* Dummy checkup routine */
int mbedtls_hmac_drbg_self_test( int verbose )
{
int mbedtls_hmac_drbg_self_test(int verbose) {
(void) verbose;
return (0);
}
@ -520,7 +489,8 @@ static const unsigned char entropy_pr[] = {
0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4
};
static const unsigned char result_pr[OUTPUT_LEN] = {
0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
@ -528,14 +498,16 @@ static const unsigned char result_pr[OUTPUT_LEN] = {
0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44
};
/* From a NIST PR=false test vector */
static const unsigned char entropy_nopr[] = {
0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
0xe9, 0x9d, 0xfe, 0xdf };
0xe9, 0x9d, 0xfe, 0xdf
};
static const unsigned char result_nopr[OUTPUT_LEN] = {
0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
@ -543,13 +515,13 @@ static const unsigned char result_nopr[OUTPUT_LEN] = {
0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7
};
/* "Entropy" from buffer */
static size_t test_offset;
static int hmac_drbg_self_test_entropy(void *data,
unsigned char *buf, size_t len )
{
unsigned char *buf, size_t len) {
const unsigned char *p = data;
memcpy(buf, p + test_offset, len);
test_offset += len;
@ -566,8 +538,7 @@ static int hmac_drbg_self_test_entropy( void *data,
/*
* Checkup routine for HMAC_DRBG with SHA-1
*/
int mbedtls_hmac_drbg_self_test( int verbose )
{
int mbedtls_hmac_drbg_self_test(int verbose) {
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);

3
common/mbedtls/hmac_drbg.h
View file

@ -82,8 +82,7 @@ extern "C" {
/**
* HMAC_DRBG context.
*/
typedef struct mbedtls_hmac_drbg_context
{
typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */

114
common/mbedtls/md.c
View file

@ -171,13 +171,11 @@ static const int supported_digests[] = {
MBEDTLS_MD_NONE
};
const int *mbedtls_md_list( void )
{
const int *mbedtls_md_list(void) {
return (supported_digests);
}
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
{
const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) {
if (NULL == md_name)
return (NULL);
@ -219,10 +217,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
return (NULL);
}
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
{
switch( md_type )
{
const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) {
switch (md_type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (&mbedtls_md2_info);
@ -262,20 +258,16 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
}
}
void mbedtls_md_init( mbedtls_md_context_t *ctx )
{
void mbedtls_md_init(mbedtls_md_context_t *ctx) {
memset(ctx, 0, sizeof(mbedtls_md_context_t));
}
void mbedtls_md_free( mbedtls_md_context_t *ctx )
{
void mbedtls_md_free(mbedtls_md_context_t *ctx) {
if (ctx == NULL || ctx->md_info == NULL)
return;
if( ctx->md_ctx != NULL )
{
switch( ctx->md_info->type )
{
if (ctx->md_ctx != NULL) {
switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
mbedtls_md2_free(ctx->md_ctx);
@ -322,8 +314,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
mbedtls_free(ctx->md_ctx);
}
if( ctx->hmac_ctx != NULL )
{
if (ctx->hmac_ctx != NULL) {
mbedtls_platform_zeroize(ctx->hmac_ctx,
2 * ctx->md_info->block_size);
mbedtls_free(ctx->hmac_ctx);
@ -333,17 +324,14 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
}
int mbedtls_md_clone(mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src )
{
const mbedtls_md_context_t *src) {
if (dst == NULL || dst->md_info == NULL ||
src == NULL || src->md_info == NULL ||
dst->md_info != src->md_info )
{
dst->md_info != src->md_info) {
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
}
switch( src->md_info->type )
{
switch (src->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
mbedtls_md2_clone(dst->md_ctx, src->md_ctx);
@ -391,8 +379,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
{
int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info) {
return mbedtls_md_setup(ctx, md_info, 1);
}
#endif
@ -406,8 +393,7 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_
} \
while( 0 )
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
{
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) {
if (md_info == NULL || ctx == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
@ -415,8 +401,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
ctx->md_ctx = NULL;
ctx->hmac_ctx = NULL;
switch( md_info->type )
{
switch (md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
ALLOC(md2);
@ -460,11 +445,9 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
}
if( hmac != 0 )
{
if (hmac != 0) {
ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
if( ctx->hmac_ctx == NULL )
{
if (ctx->hmac_ctx == NULL) {
mbedtls_md_free(ctx);
return (MBEDTLS_ERR_MD_ALLOC_FAILED);
}
@ -474,13 +457,11 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
}
#undef ALLOC
int mbedtls_md_starts( mbedtls_md_context_t *ctx )
{
int mbedtls_md_starts(mbedtls_md_context_t *ctx) {
if (ctx == NULL || ctx->md_info == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
switch( ctx->md_info->type )
{
switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (mbedtls_md2_starts_ret(ctx->md_ctx));
@ -520,13 +501,11 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
}
}
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) {
if (ctx == NULL || ctx->md_info == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
switch( ctx->md_info->type )
{
switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (mbedtls_md2_update_ret(ctx->md_ctx, input, ilen));
@ -564,13 +543,11 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
}
}
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) {
if (ctx == NULL || ctx->md_info == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
switch( ctx->md_info->type )
{
switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (mbedtls_md2_finish_ret(ctx->md_ctx, output));
@ -609,13 +586,11 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
}
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output )
{
unsigned char *output) {
if (md_info == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
switch( md_info->type )
{
switch (md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (mbedtls_md2_ret(input, ilen, output));
@ -656,8 +631,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
}
#if defined(MBEDTLS_FS_IO)
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
{
int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
size_t n;
@ -696,8 +670,7 @@ cleanup:
}
#endif /* MBEDTLS_FS_IO */
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
{
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
unsigned char *ipad, *opad;
@ -706,8 +679,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
if( keylen > (size_t) ctx->md_info->block_size )
{
if (keylen > (size_t) ctx->md_info->block_size) {
if ((ret = mbedtls_md_starts(ctx)) != 0)
goto cleanup;
if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0)
@ -725,8 +697,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
memset(ipad, 0x36, ctx->md_info->block_size);
memset(opad, 0x5C, ctx->md_info->block_size);
for( i = 0; i < keylen; i++ )
{
for (i = 0; i < keylen; i++) {
ipad[i] = (unsigned char)(ipad[i] ^ key[i]);
opad[i] = (unsigned char)(opad[i] ^ key[i]);
}
@ -743,16 +714,14 @@ cleanup:
return (ret);
}
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) {
if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
return (mbedtls_md_update(ctx, input, ilen));
}
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
@ -775,8 +744,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
return (mbedtls_md_finish(ctx, output));
}
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
{
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ipad;
@ -793,8 +761,7 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
{
unsigned char *output) {
mbedtls_md_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -819,13 +786,11 @@ cleanup:
return (ret);
}
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
{
int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) {
if (ctx == NULL || ctx->md_info == NULL)
return (MBEDTLS_ERR_MD_BAD_INPUT_DATA);
switch( ctx->md_info->type )
{
switch (ctx->md_info->type) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return (mbedtls_internal_md2_process(ctx->md_ctx));
@ -863,24 +828,21 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
}
}
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
{
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) {
if (md_info == NULL)
return (0);
return md_info->size;
}
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
{
mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) {
if (md_info == NULL)
return (MBEDTLS_MD_NONE);
return md_info->type;
}
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
{
const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) {
if (md_info == NULL)
return (NULL);

3
common/mbedtls/md.h
View file

@ -86,8 +86,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;

118
common/mbedtls/md2.c
View file

@ -44,8 +44,7 @@
#if !defined(MBEDTLS_MD2_ALT)
static const unsigned char PI_SUBST[256] =
{
static const unsigned char PI_SUBST[256] = {
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
@ -74,13 +73,11 @@ static const unsigned char PI_SUBST[256] =
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
};
void mbedtls_md2_init( mbedtls_md2_context *ctx )
{
void mbedtls_md2_init(mbedtls_md2_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_md2_context));
}
void mbedtls_md2_free( mbedtls_md2_context *ctx )
{
void mbedtls_md2_free(mbedtls_md2_context *ctx) {
if (ctx == NULL)
return;
@ -88,16 +85,14 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx )
}
void mbedtls_md2_clone(mbedtls_md2_context *dst,
const mbedtls_md2_context *src )
{
const mbedtls_md2_context *src) {
*dst = *src;
}
/*
* MD2 context setup
*/
int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
{
int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx) {
memset(ctx->cksum, 0, 16);
memset(ctx->state, 0, 46);
memset(ctx->buffer, 0, 16);
@ -107,29 +102,24 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md2_starts( mbedtls_md2_context *ctx )
{
void mbedtls_md2_starts(mbedtls_md2_context *ctx) {
mbedtls_md2_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD2_PROCESS_ALT)
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
{
int mbedtls_internal_md2_process(mbedtls_md2_context *ctx) {
int i, j;
unsigned char t = 0;
for( i = 0; i < 16; i++ )
{
for (i = 0; i < 16; i++) {
ctx->state[i + 16] = ctx->buffer[i];
ctx->state[i + 32] =
(unsigned char)(ctx->buffer[i] ^ ctx->state[i]);
}
for( i = 0; i < 18; i++ )
{
for( j = 0; j < 48; j++ )
{
for (i = 0; i < 18; i++) {
for (j = 0; j < 48; j++) {
ctx->state[j] = (unsigned char)
(ctx->state[j] ^ PI_SUBST[t]);
t = ctx->state[j];
@ -140,8 +130,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
t = ctx->cksum[15];
for( i = 0; i < 16; i++ )
{
for (i = 0; i < 16; i++) {
ctx->cksum[i] = (unsigned char)
(ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t]);
t = ctx->cksum[i];
@ -154,8 +143,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md2_process( mbedtls_md2_context *ctx )
{
void mbedtls_md2_process(mbedtls_md2_context *ctx) {
mbedtls_internal_md2_process(ctx);
}
#endif
@ -166,13 +154,11 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx )
*/
int mbedtls_md2_update_ret(mbedtls_md2_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
while( ilen > 0 )
{
while (ilen > 0) {
if (ilen > 16 - ctx->left)
fill = 16 - ctx->left;
else
@ -184,8 +170,7 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
input += fill;
ilen -= fill;
if( ctx->left == 16 )
{
if (ctx->left == 16) {
ctx->left = 0;
if ((ret = mbedtls_internal_md2_process(ctx)) != 0)
return (ret);
@ -198,8 +183,7 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md2_update(mbedtls_md2_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
mbedtls_md2_update_ret(ctx, input, ilen);
}
#endif
@ -208,8 +192,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx,
* MD2 final digest
*/
int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
unsigned char x;
@ -233,8 +216,7 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md2_finish(mbedtls_md2_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md2_finish_ret(ctx, output);
}
#endif
@ -246,8 +228,7 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx,
*/
int mbedtls_md2_ret(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md2_context ctx;
@ -271,8 +252,7 @@ exit:
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md2(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md2_ret(input, ilen, output);
}
#endif
@ -282,8 +262,7 @@ void mbedtls_md2( const unsigned char *input,
/*
* RFC 1319 test vectors
*/
static const unsigned char md2_test_str[7][81] =
{
static const unsigned char md2_test_str[7][81] = {
{ "" },
{ "a" },
{ "abc" },
@ -293,39 +272,49 @@ static const unsigned char md2_test_str[7][81] =
{ "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
};
static const size_t md2_test_strlen[7] =
{
static const size_t md2_test_strlen[7] = {
0, 1, 3, 14, 26, 62, 80
};
static const unsigned char md2_test_sum[7][16] =
static const unsigned char md2_test_sum[7][16] = {
{
{ 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 },
{ 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 },
{ 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB },
{ 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 },
{ 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B },
{ 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD },
{ 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 }
0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73
},
{
0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1
},
{
0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB
},
{
0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0
},
{
0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B
},
{
0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD
},
{
0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8
}
};
/*
* Checkup routine
*/
int mbedtls_md2_self_test( int verbose )
{
int mbedtls_md2_self_test(int verbose) {
int i, ret = 0;
unsigned char md2sum[16];
for( i = 0; i < 7; i++ )
{
for (i = 0; i < 7; i++) {
if (verbose != 0)
mbedtls_printf(" MD2 test #%d: ", i + 1);
@ -333,8 +322,7 @@ int mbedtls_md2_self_test( int verbose )
if (ret != 0)
goto fail;
if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
{
if (memcmp(md2sum, md2_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}

3
common/mbedtls/md2.h
View file

@ -54,8 +54,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md2_context
{
typedef struct mbedtls_md2_context {
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */

112
common/mbedtls/md4.c
View file

@ -67,13 +67,11 @@
}
#endif
void mbedtls_md4_init( mbedtls_md4_context *ctx )
{
void mbedtls_md4_init(mbedtls_md4_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_md4_context));
}
void mbedtls_md4_free( mbedtls_md4_context *ctx )
{
void mbedtls_md4_free(mbedtls_md4_context *ctx) {
if (ctx == NULL)
return;
@ -81,16 +79,14 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx )
}
void mbedtls_md4_clone(mbedtls_md4_context *dst,
const mbedtls_md4_context *src )
{
const mbedtls_md4_context *src) {
*dst = *src;
}
/*
* MD4 context setup
*/
int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
{
int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx) {
ctx->total[0] = 0;
ctx->total[1] = 0;
@ -103,18 +99,15 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md4_starts( mbedtls_md4_context *ctx )
{
void mbedtls_md4_starts(mbedtls_md4_context *ctx) {
mbedtls_md4_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD4_PROCESS_ALT)
int mbedtls_internal_md4_process(mbedtls_md4_context *ctx,
const unsigned char data[64] )
{
struct
{
const unsigned char data[64]) {
struct {
uint32_t X[16], A, B, C, D;
} local;
@ -240,8 +233,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md4_process(mbedtls_md4_context *ctx,
const unsigned char data[64] )
{
const unsigned char data[64]) {
mbedtls_internal_md4_process(ctx, data);
}
#endif
@ -252,8 +244,7 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx,
*/
int mbedtls_md4_update_ret(mbedtls_md4_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
@ -270,8 +261,7 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
if (ctx->total[0] < (uint32_t) ilen)
ctx->total[1]++;
if( left && ilen >= fill )
{
if (left && ilen >= fill) {
memcpy((void *)(ctx->buffer + left),
(void *) input, fill);
@ -283,8 +273,7 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
left = 0;
}
while( ilen >= 64 )
{
while (ilen >= 64) {
if ((ret = mbedtls_internal_md4_process(ctx, input)) != 0)
return (ret);
@ -292,8 +281,7 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
ilen -= 64;
}
if( ilen > 0 )
{
if (ilen > 0) {
memcpy((void *)(ctx->buffer + left),
(void *) input, ilen);
}
@ -304,14 +292,12 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md4_update(mbedtls_md4_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
mbedtls_md4_update_ret(ctx, input, ilen);
}
#endif
static const unsigned char md4_padding[64] =
{
static const unsigned char md4_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@ -322,8 +308,7 @@ static const unsigned char md4_padding[64] =
* MD4 final digest
*/
int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t last, padn;
uint32_t high, low;
@ -357,8 +342,7 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md4_finish(mbedtls_md4_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md4_finish_ret(ctx, output);
}
#endif
@ -370,8 +354,7 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx,
*/
int mbedtls_md4_ret(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md4_context ctx;
@ -395,8 +378,7 @@ exit:
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md4(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md4_ret(input, ilen, output);
}
#endif
@ -406,8 +388,7 @@ void mbedtls_md4( const unsigned char *input,
/*
* RFC 1320 test vectors
*/
static const unsigned char md4_test_str[7][81] =
{
static const unsigned char md4_test_str[7][81] = {
{ "" },
{ "a" },
{ "abc" },
@ -417,39 +398,49 @@ static const unsigned char md4_test_str[7][81] =
{ "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
};
static const size_t md4_test_strlen[7] =
{
static const size_t md4_test_strlen[7] = {
0, 1, 3, 14, 26, 62, 80
};
static const unsigned char md4_test_sum[7][16] =
static const unsigned char md4_test_sum[7][16] = {
{
{ 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
{ 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
{ 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
{ 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
{ 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
{ 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
{ 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0
},
{
0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24
},
{
0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D
},
{
0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B
},
{
0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9
},
{
0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4
},
{
0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36
}
};
/*
* Checkup routine
*/
int mbedtls_md4_self_test( int verbose )
{
int mbedtls_md4_self_test(int verbose) {
int i, ret = 0;
unsigned char md4sum[16];
for( i = 0; i < 7; i++ )
{
for (i = 0; i < 7; i++) {
if (verbose != 0)
mbedtls_printf(" MD4 test #%d: ", i + 1);
@ -457,8 +448,7 @@ int mbedtls_md4_self_test( int verbose )
if (ret != 0)
goto fail;
if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
{
if (memcmp(md4sum, md4_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}

3
common/mbedtls/md4.h
View file

@ -55,8 +55,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md4_context
{
typedef struct mbedtls_md4_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

116
common/mbedtls/md5.c
View file

@ -66,13 +66,11 @@
}
#endif
void mbedtls_md5_init( mbedtls_md5_context *ctx )
{
void mbedtls_md5_init(mbedtls_md5_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_md5_context));
}
void mbedtls_md5_free( mbedtls_md5_context *ctx )
{
void mbedtls_md5_free(mbedtls_md5_context *ctx) {
if (ctx == NULL)
return;
@ -80,16 +78,14 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx )
}
void mbedtls_md5_clone(mbedtls_md5_context *dst,
const mbedtls_md5_context *src )
{
const mbedtls_md5_context *src) {
*dst = *src;
}
/*
* MD5 context setup
*/
int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
{
int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx) {
ctx->total[0] = 0;
ctx->total[1] = 0;
@ -102,18 +98,15 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md5_starts( mbedtls_md5_context *ctx )
{
void mbedtls_md5_starts(mbedtls_md5_context *ctx) {
mbedtls_md5_starts_ret(ctx);
}
#endif
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
const unsigned char data[64] )
{
struct
{
const unsigned char data[64]) {
struct {
uint32_t X[16], A, B, C, D;
} local;
@ -246,8 +239,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md5_process(mbedtls_md5_context *ctx,
const unsigned char data[64] )
{
const unsigned char data[64]) {
mbedtls_internal_md5_process(ctx, data);
}
#endif
@ -258,8 +250,7 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx,
*/
int mbedtls_md5_update_ret(mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
@ -276,8 +267,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
if (ctx->total[0] < (uint32_t) ilen)
ctx->total[1]++;
if( left && ilen >= fill )
{
if (left && ilen >= fill) {
memcpy((void *)(ctx->buffer + left), input, fill);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0)
return (ret);
@ -287,8 +277,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
left = 0;
}
while( ilen >= 64 )
{
while (ilen >= 64) {
if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0)
return (ret);
@ -296,8 +285,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
ilen -= 64;
}
if( ilen > 0 )
{
if (ilen > 0) {
memcpy((void *)(ctx->buffer + left), input, ilen);
}
@ -307,8 +295,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md5_update(mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
mbedtls_md5_update_ret(ctx, input, ilen);
}
#endif
@ -317,8 +304,7 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx,
* MD5 final digest
*/
int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
uint32_t high, low;
@ -330,13 +316,10 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
ctx->buffer[used++] = 0x80;
if( used <= 56 )
{
if (used <= 56) {
/* Enough room for padding + length in current block */
memset(ctx->buffer + used, 0, 56 - used);
}
else
{
} else {
/* We'll need an extra block */
memset(ctx->buffer + used, 0, 64 - used);
@ -372,8 +355,7 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md5_finish(mbedtls_md5_context *ctx,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md5_finish_ret(ctx, output);
}
#endif
@ -385,8 +367,7 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx,
*/
int mbedtls_md5_ret(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md5_context ctx;
@ -410,8 +391,7 @@ exit:
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_md5(const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
unsigned char output[16]) {
mbedtls_md5_ret(input, ilen, output);
}
#endif
@ -420,8 +400,7 @@ void mbedtls_md5( const unsigned char *input,
/*
* RFC 1321 test vectors
*/
static const unsigned char md5_test_buf[7][81] =
{
static const unsigned char md5_test_buf[7][81] = {
{ "" },
{ "a" },
{ "abc" },
@ -431,39 +410,49 @@ static const unsigned char md5_test_buf[7][81] =
{ "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
};
static const size_t md5_test_buflen[7] =
{
static const size_t md5_test_buflen[7] = {
0, 1, 3, 14, 26, 62, 80
};
static const unsigned char md5_test_sum[7][16] =
static const unsigned char md5_test_sum[7][16] = {
{
{ 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
{ 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
{ 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
{ 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
{ 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
{ 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
{ 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E
},
{
0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61
},
{
0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72
},
{
0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0
},
{
0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B
},
{
0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F
},
{
0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A
}
};
/*
* Checkup routine
*/
int mbedtls_md5_self_test( int verbose )
{
int mbedtls_md5_self_test(int verbose) {
int i, ret = 0;
unsigned char md5sum[16];
for( i = 0; i < 7; i++ )
{
for (i = 0; i < 7; i++) {
if (verbose != 0)
mbedtls_printf(" MD5 test #%d: ", i + 1);
@ -471,8 +460,7 @@ int mbedtls_md5_self_test( int verbose )
if (ret != 0)
goto fail;
if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
{
if (memcmp(md5sum, md5_test_sum[i], 16) != 0) {
ret = 1;
goto fail;
}

3
common/mbedtls/md5.h
View file

@ -54,8 +54,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md5_context
{
typedef struct mbedtls_md5_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
common/mbedtls/md_internal.h
View file

@ -42,8 +42,7 @@ extern "C" {
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
struct mbedtls_md_info_t
{
struct mbedtls_md_info_t {
/** Name of the message digest */
const char *name;

142
common/mbedtls/memory_buffer_alloc.c
View file

@ -42,8 +42,7 @@
#define MAX_BT 20
typedef struct _memory_header memory_header;
struct _memory_header
{
struct _memory_header {
size_t magic1;
size_t size;
size_t alloc;
@ -58,8 +57,7 @@ struct _memory_header
size_t magic2;
};
typedef struct
{
typedef struct {
unsigned char *buf;
size_t len;
memory_header *first;
@ -82,8 +80,7 @@ buffer_alloc_ctx;
static buffer_alloc_ctx heap;
#if defined(MBEDTLS_MEMORY_DEBUG)
static void debug_header( memory_header *hdr )
{
static void debug_header(memory_header *hdr) {
#if defined(MBEDTLS_MEMORY_BACKTRACE)
size_t i;
#endif
@ -103,13 +100,11 @@ static void debug_header( memory_header *hdr )
#endif
}
static void debug_chain( void )
{
static void debug_chain(void) {
memory_header *cur = heap.first;
mbedtls_fprintf(stderr, "\nBlock list\n");
while( cur != NULL )
{
while (cur != NULL) {
debug_header(cur);
cur = cur->next;
}
@ -117,50 +112,43 @@ static void debug_chain( void )
mbedtls_fprintf(stderr, "Free list\n");
cur = heap.first_free;
while( cur != NULL )
{
while (cur != NULL) {
debug_header(cur);
cur = cur->next_free;
}
}
#endif /* MBEDTLS_MEMORY_DEBUG */
static int verify_header( memory_header *hdr )
{
if( hdr->magic1 != MAGIC1 )
{
static int verify_header(memory_header *hdr) {
if (hdr->magic1 != MAGIC1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n");
#endif
return (1);
}
if( hdr->magic2 != MAGIC2 )
{
if (hdr->magic2 != MAGIC2) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n");
#endif
return (1);
}
if( hdr->alloc > 1 )
{
if (hdr->alloc > 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n");
#endif
return (1);
}
if( hdr->prev != NULL && hdr->prev == hdr->next )
{
if (hdr->prev != NULL && hdr->prev == hdr->next) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: prev == next\n");
#endif
return (1);
}
if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
{
if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n");
#endif
@ -170,12 +158,10 @@ static int verify_header( memory_header *hdr )
return (0);
}
static int verify_chain( void )
{
static int verify_chain(void) {
memory_header *prv = heap.first, *cur;
if( prv == NULL || verify_header( prv ) != 0 )
{
if (prv == NULL || verify_header(prv) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: verification of first header "
"failed\n");
@ -183,8 +169,7 @@ static int verify_chain( void )
return (1);
}
if( heap.first->prev != NULL )
{
if (heap.first->prev != NULL) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: verification failed: "
"first->prev != NULL\n");
@ -194,10 +179,8 @@ static int verify_chain( void )
cur = heap.first->next;
while( cur != NULL )
{
if( verify_header( cur ) != 0 )
{
while (cur != NULL) {
if (verify_header(cur) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: verification of header "
"failed\n");
@ -205,8 +188,7 @@ static int verify_chain( void )
return (1);
}
if( cur->prev != prv )
{
if (cur->prev != prv) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: verification failed: "
"cur->prev != prv\n");
@ -221,8 +203,7 @@ static int verify_chain( void )
return (0);
}
static void *buffer_alloc_calloc( size_t n, size_t size )
{
static void *buffer_alloc_calloc(size_t n, size_t size) {
memory_header *new, *cur = heap.first_free;
unsigned char *p;
void *ret;
@ -242,16 +223,14 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
else if (len > (size_t) - MBEDTLS_MEMORY_ALIGN_MULTIPLE)
return (NULL);
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
{
if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
}
// Find block that fits
//
while( cur != NULL )
{
while (cur != NULL) {
if (cur->size >= len)
break;
@ -261,8 +240,7 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
if (cur == NULL)
return (NULL);
if( cur->alloc != 0 )
{
if (cur->alloc != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated "
"data\n");
@ -277,8 +255,7 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
// Found location, split block if > memory_header + 4 room left
//
if (cur->size - len < sizeof(memory_header) +
MBEDTLS_MEMORY_ALIGN_MULTIPLE )
{
MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
cur->alloc = 1;
// Remove from free_list
@ -372,16 +349,14 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
return (ret);
}
static void buffer_alloc_free( void *ptr )
{
static void buffer_alloc_free(void *ptr) {
memory_header *hdr, *old = NULL;
unsigned char *p = (unsigned char *) ptr;
if (ptr == NULL || heap.buf == NULL || heap.first == NULL)
return;
if( p < heap.buf || p >= heap.buf + heap.len )
{
if (p < heap.buf || p >= heap.buf + heap.len) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed "
"space\n");
@ -395,8 +370,7 @@ static void buffer_alloc_free( void *ptr )
if (verify_header(hdr) != 0)
mbedtls_exit(1);
if( hdr->alloc != 1 )
{
if (hdr->alloc != 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated "
"data\n");
@ -419,8 +393,7 @@ static void buffer_alloc_free( void *ptr )
// Regroup with block before
//
if( hdr->prev != NULL && hdr->prev->alloc == 0 )
{
if (hdr->prev != NULL && hdr->prev->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.header_count--;
#endif
@ -437,8 +410,7 @@ static void buffer_alloc_free( void *ptr )
// Regroup with block after
//
if( hdr->next != NULL && hdr->next->alloc == 0 )
{
if (hdr->next != NULL && hdr->next->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.header_count--;
#endif
@ -446,8 +418,7 @@ static void buffer_alloc_free( void *ptr )
old = hdr->next;
hdr->next = hdr->next->next;
if( hdr->prev_free != NULL || hdr->next_free != NULL )
{
if (hdr->prev_free != NULL || hdr->next_free != NULL) {
if (hdr->prev_free != NULL)
hdr->prev_free->next_free = hdr->next_free;
else
@ -477,8 +448,7 @@ static void buffer_alloc_free( void *ptr )
// Prepend to free_list if we have not merged
// (Does not have to stay in same order as prev / next list)
//
if( old == NULL )
{
if (old == NULL) {
hdr->next_free = heap.first_free;
if (heap.first_free != NULL)
heap.first_free->prev_free = hdr;
@ -489,19 +459,16 @@ static void buffer_alloc_free( void *ptr )
mbedtls_exit(1);
}
void mbedtls_memory_buffer_set_verify( int verify )
{
void mbedtls_memory_buffer_set_verify(int verify) {
heap.verify = verify;
}
int mbedtls_memory_buffer_alloc_verify( void )
{
int mbedtls_memory_buffer_alloc_verify(void) {
return verify_chain();
}
#if defined(MBEDTLS_MEMORY_DEBUG)
void mbedtls_memory_buffer_alloc_status( void )
{
void mbedtls_memory_buffer_alloc_status(void) {
mbedtls_fprintf(stderr,
"Current use: %zu blocks / %zu bytes, max: %zu blocks / "
"%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
@ -511,39 +478,32 @@ void mbedtls_memory_buffer_alloc_status( void )
+ heap.maximum_used,
heap.alloc_count, heap.free_count);
if( heap.first->next == NULL )
{
if (heap.first->next == NULL) {
mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n");
}
else
{
} else {
mbedtls_fprintf(stderr, "Memory currently allocated:\n");
debug_chain();
}
}
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
{
void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks) {
*max_used = heap.maximum_used;
*max_blocks = heap.maximum_header_count;
}
void mbedtls_memory_buffer_alloc_max_reset( void )
{
void mbedtls_memory_buffer_alloc_max_reset(void) {
heap.maximum_used = 0;
heap.maximum_header_count = 0;
}
void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
{
void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks) {
*cur_used = heap.total_used;
*cur_blocks = heap.header_count;
}
#endif /* MBEDTLS_MEMORY_DEBUG */
#if defined(MBEDTLS_THREADING_C)
static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
{
static void *buffer_alloc_calloc_mutexed(size_t n, size_t size) {
void *buf;
if (mbedtls_mutex_lock(&heap.mutex) != 0)
return (NULL);
@ -553,8 +513,7 @@ static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
return (buf);
}
static void buffer_alloc_free_mutexed( void *ptr )
{
static void buffer_alloc_free_mutexed(void *ptr) {
/* We have to good option here, but corrupting the heap seems
* worse than loosing memory. */
if (mbedtls_mutex_lock(&heap.mutex))
@ -564,8 +523,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
}
#endif /* MBEDTLS_THREADING_C */
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
{
void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len) {
memset(&heap, 0, sizeof(buffer_alloc_ctx));
#if defined(MBEDTLS_THREADING_C)
@ -578,8 +536,7 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE)
return;
else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
{
else if ((size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
/* Adjust len first since buf is used in the computation */
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
@ -599,8 +556,7 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
heap.first_free = heap.first;
}
void mbedtls_memory_buffer_alloc_free( void )
{
void mbedtls_memory_buffer_alloc_free(void) {
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free(&heap.mutex);
#endif
@ -608,8 +564,7 @@ void mbedtls_memory_buffer_alloc_free( void )
}
#if defined(MBEDTLS_SELF_TEST)
static int check_pointer( void *p )
{
static int check_pointer(void *p) {
if (p == NULL)
return (-1);
@ -619,15 +574,13 @@ static int check_pointer( void *p )
return (0);
}
static int check_all_free( void )
{
static int check_all_free(void) {
if (
#if defined(MBEDTLS_MEMORY_DEBUG)
heap.total_used != 0 ||
#endif
heap.first != heap.first_free ||
(void *) heap.first != (void *) heap.buf )
{
(void *) heap.first != (void *) heap.buf) {
return (-1);
}
@ -644,8 +597,7 @@ static int check_all_free( void )
goto cleanup; \
}
int mbedtls_memory_buffer_alloc_self_test( int verbose )
{
int mbedtls_memory_buffer_alloc_self_test(int verbose) {
unsigned char buf[1024];
unsigned char *p, *q, *r, *end;
int ret = 0;

140
common/mbedtls/net_sockets.c
View file

@ -110,14 +110,12 @@ static int wsa_init_done = 0;
/*
* Prepare for using the sockets interface
*/
static int net_prepare( void )
{
static int net_prepare(void) {
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
WSADATA wsaData;
if( wsa_init_done == 0 )
{
if (wsa_init_done == 0) {
if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
return (MBEDTLS_ERR_NET_SOCKET_FAILED);
@ -134,8 +132,7 @@ static int net_prepare( void )
/*
* Initialize a context
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
{
void mbedtls_net_init(mbedtls_net_context *ctx) {
ctx->fd = -1;
}
@ -143,8 +140,7 @@ void mbedtls_net_init( mbedtls_net_context *ctx )
* Initiate a TCP connection with host:port and the given protocol
*/
int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host,
const char *port, int proto )
{
const char *port, int proto) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct addrinfo hints, *addr_list, *cur;
@ -162,18 +158,15 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
/* Try the sockaddrs until a connection succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for( cur = addr_list; cur != NULL; cur = cur->ai_next )
{
for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
cur->ai_protocol);
if( ctx->fd < 0 )
{
if (ctx->fd < 0) {
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
{
if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) {
ret = 0;
break;
}
@ -190,8 +183,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
/*
* Create a listening socket on bind_ip:port
*/
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
{
int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto) {
int n, ret;
struct addrinfo hints, *addr_list, *cur;
@ -211,37 +203,31 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
/* Try the sockaddrs until a binding succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for( cur = addr_list; cur != NULL; cur = cur->ai_next )
{
for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
cur->ai_protocol);
if( ctx->fd < 0 )
{
if (ctx->fd < 0) {
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
n = 1;
if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof( n ) ) != 0 )
{
(const char *) &n, sizeof(n)) != 0) {
close(ctx->fd);
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
{
if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
close(ctx->fd);
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
/* Listen only makes sense for TCP */
if( proto == MBEDTLS_NET_PROTO_TCP )
{
if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
{
if (proto == MBEDTLS_NET_PROTO_TCP) {
if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
close(ctx->fd);
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
@ -265,8 +251,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
* Check if the requested operation would be blocking on a non-blocking socket
* and thus 'failed' with a negative return value.
*/
static int net_would_block( const mbedtls_net_context *ctx )
{
static int net_would_block(const mbedtls_net_context *ctx) {
((void) ctx);
return (WSAGetLastError() == WSAEWOULDBLOCK);
}
@ -277,21 +262,18 @@ static int net_would_block( const mbedtls_net_context *ctx )
*
* Note: on a blocking socket this function always returns 0!
*/
static int net_would_block( const mbedtls_net_context *ctx )
{
static int net_would_block(const mbedtls_net_context *ctx) {
int err = errno;
/*
* Never return 'WOULD BLOCK' on a blocking socket
*/
if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
{
if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) {
errno = err;
return (0);
}
switch( errno = err )
{
switch (errno = err) {
#if defined EAGAIN
case EAGAIN:
#endif
@ -309,8 +291,7 @@ static int net_would_block( const mbedtls_net_context *ctx )
*/
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
void *client_ip, size_t buf_size, size_t *ip_len )
{
void *client_ip, size_t buf_size, size_t *ip_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int type;
@ -329,19 +310,15 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
/* Is this a TCP or UDP socket? */
if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE,
(void *) &type, &type_len) != 0 ||
( type != SOCK_STREAM && type != SOCK_DGRAM ) )
{
(type != SOCK_STREAM && type != SOCK_DGRAM)) {
return (MBEDTLS_ERR_NET_ACCEPT_FAILED);
}
if( type == SOCK_STREAM )
{
if (type == SOCK_STREAM) {
/* TCP: actual accept() */
ret = client_ctx->fd = (int) accept(bind_ctx->fd,
(struct sockaddr *) &client_addr, &n);
}
else
{
} else {
/* UDP: wait for a message, but keep it in the queue */
char buf[1] = { 0 };
@ -350,16 +327,14 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
#if defined(_WIN32)
if (ret == SOCKET_ERROR &&
WSAGetLastError() == WSAEMSGSIZE )
{
WSAGetLastError() == WSAEMSGSIZE) {
/* We know buf is too small, thanks, just peeking here */
ret = 0;
}
#endif
}
if( ret < 0 )
{
if (ret < 0) {
if (net_would_block(bind_ctx) != 0)
return (MBEDTLS_ERR_SSL_WANT_READ);
@ -368,8 +343,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
/* UDP: hijack the listening socket to communicate with the client,
* then bind a new socket to accept new connections */
if( type != SOCK_STREAM )
{
if (type != SOCK_STREAM) {
struct sockaddr_storage local_addr;
int one = 1;
@ -385,21 +359,17 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
(bind_ctx->fd = (int) socket(local_addr.ss_family,
SOCK_DGRAM, IPPROTO_UDP)) < 0 ||
setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &one, sizeof( one ) ) != 0 )
{
(const char *) &one, sizeof(one)) != 0) {
return (MBEDTLS_ERR_NET_SOCKET_FAILED);
}
if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
{
if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) {
return (MBEDTLS_ERR_NET_BIND_FAILED);
}
}
if( client_ip != NULL )
{
if( client_addr.ss_family == AF_INET )
{
if (client_ip != NULL) {
if (client_addr.ss_family == AF_INET) {
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
*ip_len = sizeof(addr4->sin_addr.s_addr);
@ -407,9 +377,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
return (MBEDTLS_ERR_NET_BUFFER_TOO_SMALL);
memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
}
else
{
} else {
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
*ip_len = sizeof(addr6->sin6_addr.s6_addr);
@ -426,8 +394,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
/*
* Set the socket blocking or non-blocking
*/
int mbedtls_net_set_block( mbedtls_net_context *ctx )
{
int mbedtls_net_set_block(mbedtls_net_context *ctx) {
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 0;
@ -437,8 +404,7 @@ int mbedtls_net_set_block( mbedtls_net_context *ctx )
#endif
}
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
{
int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) {
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 1;
@ -452,8 +418,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
* Check if data is available on the socket
*/
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
{
int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct timeval tv;
@ -483,15 +448,13 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
#endif
FD_ZERO(&read_fds);
if( rw & MBEDTLS_NET_POLL_READ )
{
if (rw & MBEDTLS_NET_POLL_READ) {
rw &= ~MBEDTLS_NET_POLL_READ;
FD_SET(fd, &read_fds);
}
FD_ZERO(&write_fds);
if( rw & MBEDTLS_NET_POLL_WRITE )
{
if (rw & MBEDTLS_NET_POLL_WRITE) {
rw &= ~MBEDTLS_NET_POLL_WRITE;
FD_SET(fd, &write_fds);
}
@ -502,12 +465,10 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
tv.tv_sec = timeout / 1000;
tv.tv_usec = (timeout % 1000) * 1000;
do
{
do {
ret = select(fd + 1, &read_fds, &write_fds, NULL,
timeout == (uint32_t) -1 ? NULL : &tv);
}
while( IS_EINTR( ret ) );
} while (IS_EINTR(ret));
if (ret < 0)
return (MBEDTLS_ERR_NET_POLL_FAILED);
@ -524,8 +485,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
/*
* Portable usleep helper
*/
void mbedtls_net_usleep( unsigned long usec )
{
void mbedtls_net_usleep(unsigned long usec) {
#if defined(_WIN32)
Sleep((usec + 999) / 1000);
#else
@ -544,8 +504,7 @@ void mbedtls_net_usleep( unsigned long usec )
/*
* Read at most 'len' characters
*/
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
{
int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
@ -554,8 +513,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
ret = (int) read(fd, buf, len);
if( ret < 0 )
{
if (ret < 0) {
if (net_would_block(ctx) != 0)
return (MBEDTLS_ERR_SSL_WANT_READ);
@ -581,8 +539,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
* Read at most 'len' characters, blocking for at most 'timeout' ms
*/
int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf,
size_t len, uint32_t timeout )
{
size_t len, uint32_t timeout) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
struct timeval tv;
fd_set read_fds;
@ -610,8 +567,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
if (ret == 0)
return (MBEDTLS_ERR_SSL_TIMEOUT);
if( ret < 0 )
{
if (ret < 0) {
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
if (WSAGetLastError() == WSAEINTR)
@ -631,8 +587,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
/*
* Write at most 'len' characters
*/
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
{
int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
@ -641,8 +596,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
ret = (int) write(fd, buf, len);
if( ret < 0 )
{
if (ret < 0) {
if (net_would_block(ctx) != 0)
return (MBEDTLS_ERR_SSL_WANT_WRITE);
@ -667,8 +621,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
/*
* Close the connection
*/
void mbedtls_net_close( mbedtls_net_context *ctx )
{
void mbedtls_net_close(mbedtls_net_context *ctx) {
if (ctx->fd == -1)
return;
@ -680,8 +633,7 @@ void mbedtls_net_close( mbedtls_net_context *ctx )
/*
* Gracefully close the connection
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
{
void mbedtls_net_free(mbedtls_net_context *ctx) {
if (ctx->fd == -1)
return;

3
common/mbedtls/net_sockets.h
View file

@ -82,8 +82,7 @@ extern "C" {
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
typedef struct mbedtls_net_context
{
typedef struct mbedtls_net_context {
int fd; /**< The underlying file descriptor */
}
mbedtls_net_context;

260
common/mbedtls/nist_kw.c
View file

@ -53,15 +53,13 @@
#define MIN_SEMIBLOCKS_COUNT 3
/* constant-time buffer comparison */
static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
{
static inline unsigned char mbedtls_nist_kw_safer_memcmp(const void *a, const void *b, size_t n) {
size_t i;
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
{
for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@ -100,8 +98,7 @@ do { \
/*
* Initialize context
*/
void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx )
{
void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_nist_kw_context));
}
@ -109,8 +106,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits,
const int is_wrap )
{
const int is_wrap) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
@ -143,8 +139,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
is_wrap ? MBEDTLS_ENCRYPT :
MBEDTLS_DECRYPT)
) != 0 )
{
) != 0) {
return (ret);
}
@ -154,8 +149,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
/*
* Free context
*/
void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
{
void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx) {
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context));
}
@ -164,11 +158,9 @@ void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
* Helper function for Xoring the uint64_t "t" with the encrypted A.
* Defined in NIST SP 800-38F section 6.1
*/
static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
{
static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) {
size_t i = 0;
for( i = 0; i < sizeof( t ); i++ )
{
for (i = 0; i < sizeof(t); i++) {
A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff;
}
}
@ -180,8 +172,7 @@ static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
mbedtls_nist_kw_mode_t mode,
const unsigned char *input, size_t in_len,
unsigned char *output, size_t *out_len, size_t out_size )
{
unsigned char *output, size_t *out_len, size_t out_size) {
int ret = 0;
size_t semiblocks = 0;
size_t s;
@ -196,10 +187,8 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
/*
* Generate the String to work on
*/
if( mode == MBEDTLS_KW_MODE_KW )
{
if( out_size < in_len + KW_SEMIBLOCK_LENGTH )
{
if (mode == MBEDTLS_KW_MODE_KW) {
if (out_size < in_len + KW_SEMIBLOCK_LENGTH) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -211,23 +200,18 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
#if SIZE_MAX > 0x1FFFFFFFFFFFFF8
in_len > 0x1FFFFFFFFFFFFF8 ||
#endif
in_len % KW_SEMIBLOCK_LENGTH != 0 )
{
in_len % KW_SEMIBLOCK_LENGTH != 0) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH);
memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len);
}
else
{
if( in_len % 8 != 0 )
{
} else {
if (in_len % 8 != 0) {
padlen = (8 - (in_len % 8));
}
if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen )
{
if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -239,8 +223,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
#if SIZE_MAX > 0xFFFFFFFF
|| in_len > 0xFFFFFFFF
#endif
)
{
) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -256,28 +239,23 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
s = 6 * (semiblocks - 1);
if (mode == MBEDTLS_KW_MODE_KWP
&& in_len <= KW_SEMIBLOCK_LENGTH )
{
&& in_len <= KW_SEMIBLOCK_LENGTH) {
memcpy(inbuff, output, 16);
ret = mbedtls_cipher_update(&ctx->cipher_ctx,
inbuff, 16, output, &olen);
if (ret != 0)
goto cleanup;
}
else
{
} else {
/*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/
if( semiblocks < MIN_SEMIBLOCKS_COUNT )
{
if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
goto cleanup;
}
/* Calculate intermediate values */
for( t = 1; t <= s; t++ )
{
for (t = 1; t <= s; t++) {
memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH);
@ -300,8 +278,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
cleanup:
if( ret != 0)
{
if (ret != 0) {
memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH);
}
mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2);
@ -321,8 +298,7 @@ cleanup:
static int unwrap(mbedtls_nist_kw_context *ctx,
const unsigned char *input, size_t semiblocks,
unsigned char A[KW_SEMIBLOCK_LENGTH],
unsigned char *output, size_t* out_len )
{
unsigned char *output, size_t *out_len) {
int ret = 0;
const size_t s = 6 * (semiblocks - 1);
size_t olen;
@ -332,8 +308,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
unsigned char *R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;
*out_len = 0;
if( semiblocks < MIN_SEMIBLOCKS_COUNT )
{
if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -341,8 +316,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);
/* Calculate intermediate values */
for( t = s; t >= 1; t-- )
{
for (t = s; t >= 1; t--) {
calc_a_xor_t(A, t);
memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
@ -382,21 +356,18 @@ cleanup:
int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
mbedtls_nist_kw_mode_t mode,
const unsigned char *input, size_t in_len,
unsigned char *output, size_t *out_len, size_t out_size )
{
unsigned char *output, size_t *out_len, size_t out_size) {
int ret = 0;
size_t i, olen;
unsigned char A[KW_SEMIBLOCK_LENGTH];
unsigned char diff, bad_padding = 0;
*out_len = 0;
if( out_size < in_len - KW_SEMIBLOCK_LENGTH )
{
if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
if( mode == MBEDTLS_KW_MODE_KW )
{
if (mode == MBEDTLS_KW_MODE_KW) {
/*
* According to SP 800-38F Table 1, the ciphertext length for KW
* must be between 3 to 2^54 semiblocks inclusive.
@ -405,8 +376,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
#if SIZE_MAX > 0x200000000000000
in_len > 0x200000000000000 ||
#endif
in_len % KW_SEMIBLOCK_LENGTH != 0 )
{
in_len % KW_SEMIBLOCK_LENGTH != 0) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
@ -418,15 +388,12 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
/* Check ICV in "constant-time" */
diff = mbedtls_nist_kw_safer_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH);
if( diff != 0 )
{
if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto cleanup;
}
}
else if( mode == MBEDTLS_KW_MODE_KWP )
{
} else if (mode == MBEDTLS_KW_MODE_KWP) {
size_t padlen = 0;
uint32_t Plen;
/*
@ -437,13 +404,11 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
#if SIZE_MAX > 0x100000000
in_len > 0x100000000 ||
#endif
in_len % KW_SEMIBLOCK_LENGTH != 0 )
{
in_len % KW_SEMIBLOCK_LENGTH != 0) {
return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
}
if( in_len == KW_SEMIBLOCK_LENGTH * 2 )
{
if (in_len == KW_SEMIBLOCK_LENGTH * 2) {
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
ret = mbedtls_cipher_update(&ctx->cipher_ctx,
input, 16, outbuff, &olen);
@ -454,9 +419,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
mbedtls_platform_zeroize(outbuff, sizeof(outbuff));
*out_len = KW_SEMIBLOCK_LENGTH;
}
else
{
} else {
/* in_len >= KW_SEMIBLOCK_LENGTH * 3 */
ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
A, output, out_len);
@ -467,8 +430,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
/* Check ICV in "constant-time" */
diff = mbedtls_nist_kw_safer_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2);
if( diff != 0 )
{
if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
@ -480,42 +442,35 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
* larger than 8, because of the type wrap around.
*/
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
if ( padlen > 7 )
{
if (padlen > 7) {
padlen &= 7;
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
/* Check padding in "constant-time" */
for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ )
{
for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
if (i >= KW_SEMIBLOCK_LENGTH - padlen)
diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
else
bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
}
if( diff != 0 )
{
if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
if( ret != 0 )
{
if (ret != 0) {
goto cleanup;
}
memset(output + Plen, 0, padlen);
*out_len = Plen;
}
else
{
} else {
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto cleanup;
}
cleanup:
if( ret != 0 )
{
if (ret != 0) {
memset(output, 0, *out_len);
*out_len = 0;
}
@ -540,87 +495,120 @@ cleanup:
static const unsigned int key_len[KW_TESTS] = { 16, 24, 32 };
static const unsigned char kw_key[KW_TESTS][32] = {
{ 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2,
0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 },
{ 0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b,
{
0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2,
0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6
},
{
0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b,
0x85, 0xf6, 0x9a, 0xc2, 0x86, 0xec, 0xd5, 0x7d,
0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3 },
{ 0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25,
0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3
},
{
0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25,
0x4a, 0x98, 0x48, 0xd3, 0x0f, 0xdd, 0x78, 0x33,
0x5b, 0x03, 0x9a, 0x48, 0xa8, 0x96, 0x2c, 0x4d,
0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88 }
0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88
}
};
static const unsigned char kw_msg[KW_TESTS][40] = {
{ 0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea,
0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f },
{ 0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb,
{
0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea,
0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f
},
{
0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb,
0x98, 0xfd, 0xd6, 0xc8, 0xca, 0x6f, 0xdb, 0x6d,
0xa5, 0x4b, 0x74, 0xb4, 0x99, 0x0f, 0xdc, 0x45,
0xc0, 0x9d, 0x15, 0x8f, 0x51, 0xce, 0x62, 0x9d,
0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c },
{ 0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7,
0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c
},
{
0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7,
0x98, 0xe1, 0xb3, 0x22, 0x64, 0xad, 0x50, 0xa8,
0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1 }
0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1
}
};
static const size_t kw_msg_len[KW_TESTS] = { 16, 40, 24 };
static const size_t kw_out_len[KW_TESTS] = { 24, 48, 32 };
static const unsigned char kw_res[KW_TESTS][48] = {
{ 0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d,
{
0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d,
0xf6, 0x85, 0x94, 0x81, 0x6f, 0x64, 0xca, 0xa3,
0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb },
{ 0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91,
0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb
},
{
0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91,
0x3e, 0x5c, 0x81, 0x4c, 0xa1, 0xa0, 0x42, 0xec,
0x68, 0x2f, 0x7b, 0x13, 0x6d, 0x24, 0x3a, 0x4d,
0x6c, 0x42, 0x6f, 0xc6, 0x97, 0x15, 0x63, 0xe8,
0xa1, 0x4a, 0x55, 0x8e, 0x09, 0x64, 0x16, 0x19,
0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d },
{ 0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d,
0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d
},
{
0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d,
0xd5, 0xd5, 0x40, 0xec, 0x25, 0xd4, 0x3d, 0x87,
0x20, 0x0f, 0xda, 0xdc, 0x6d, 0x1f, 0x05, 0xd9,
0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12 }
0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12
}
};
static const unsigned char kwp_key[KW_TESTS][32] = {
{ 0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a,
0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4 },
{ 0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98,
{
0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a,
0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4
},
{
0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98,
0x23, 0xef, 0x16, 0x2b, 0x00, 0xb8, 0x05, 0xd7,
0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58 },
{ 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5,
0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58
},
{
0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5,
0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f,
0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae,
0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a }
0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a
}
};
static const unsigned char kwp_msg[KW_TESTS][31] = {
{ 0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8,
0x96 },
{ 0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb,
{
0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8,
0x96
},
{
0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb,
0xd5, 0xc3, 0xaf, 0x3e, 0x47, 0xd0, 0x2c, 0x19,
0x14, 0x7b, 0x4d, 0x99, 0x5f, 0x96, 0x43, 0x66,
0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f },
0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f
},
{ 0xd1 }
};
static const size_t kwp_msg_len[KW_TESTS] = { 9, 31, 1 };
static const unsigned char kwp_res[KW_TESTS][48] = {
{ 0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e,
{
0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e,
0xb5, 0xcf, 0x4e, 0xfe, 0x65, 0x96, 0x61, 0xe7,
0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00 },
{ 0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13,
0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00
},
{
0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13,
0xd3, 0x35, 0xbc, 0xc0, 0xf7, 0x73, 0x6a, 0x88,
0xfa, 0x87, 0x53, 0x66, 0x15, 0xbb, 0x8e, 0x63,
0x8b, 0xcc, 0x81, 0x66, 0x84, 0x68, 0x17, 0x90,
0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26 },
{ 0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd,
0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4 }
0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26
},
{
0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd,
0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4
}
};
static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 };
int mbedtls_nist_kw_self_test( int verbose )
{
int mbedtls_nist_kw_self_test(int verbose) {
mbedtls_nist_kw_context ctx;
unsigned char out[48];
size_t olen;
@ -628,15 +616,13 @@ int mbedtls_nist_kw_self_test( int verbose )
int ret = 0;
mbedtls_nist_kw_init(&ctx);
for( i = 0; i < KW_TESTS; i++ )
{
for (i = 0; i < KW_TESTS; i++) {
if (verbose != 0)
mbedtls_printf(" KW-AES-%u ", (unsigned int) key_len[i] * 8);
ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
kw_key[i], key_len[i] * 8, 1);
if( ret != 0 )
{
if (ret != 0) {
if (verbose != 0)
mbedtls_printf(" KW: setup failed ");
@ -646,8 +632,7 @@ int mbedtls_nist_kw_self_test( int verbose )
ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
kw_msg_len[i], out, &olen, sizeof(out));
if (ret != 0 || kw_out_len[i] != olen ||
memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
{
memcmp(out, kw_res[i], kw_out_len[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed. ");
@ -657,8 +642,7 @@ int mbedtls_nist_kw_self_test( int verbose )
if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
kw_key[i], key_len[i] * 8, 0))
!= 0 )
{
!= 0) {
if (verbose != 0)
mbedtls_printf(" KW: setup failed ");
@ -669,8 +653,7 @@ int mbedtls_nist_kw_self_test( int verbose )
out, olen, out, &olen, sizeof(out));
if (ret != 0 || olen != kw_msg_len[i] ||
memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
{
memcmp(out, kw_msg[i], kw_msg_len[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");
@ -682,16 +665,14 @@ int mbedtls_nist_kw_self_test( int verbose )
mbedtls_printf(" passed\n");
}
for( i = 0; i < KW_TESTS; i++ )
{
for (i = 0; i < KW_TESTS; i++) {
olen = sizeof(out);
if (verbose != 0)
mbedtls_printf(" KWP-AES-%u ", (unsigned int) key_len[i] * 8);
ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
key_len[i] * 8, 1);
if( ret != 0 )
{
if (ret != 0) {
if (verbose != 0)
mbedtls_printf(" KWP: setup failed ");
@ -701,8 +682,7 @@ int mbedtls_nist_kw_self_test( int verbose )
kwp_msg_len[i], out, &olen, sizeof(out));
if (ret != 0 || kwp_out_len[i] != olen ||
memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
{
memcmp(out, kwp_res[i], kwp_out_len[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed. ");
@ -712,8 +692,7 @@ int mbedtls_nist_kw_self_test( int verbose )
if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
kwp_key[i], key_len[i] * 8, 0))
!= 0 )
{
!= 0) {
if (verbose != 0)
mbedtls_printf(" KWP: setup failed ");
@ -724,8 +703,7 @@ int mbedtls_nist_kw_self_test( int verbose )
olen, out, &olen, sizeof(out));
if (ret != 0 || olen != kwp_msg_len[i] ||
memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
{
memcmp(out, kwp_msg[i], kwp_msg_len[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed. ");

3
common/mbedtls/nist_kw.h
View file

@ -47,8 +47,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_KW_MODE_KW = 0,
MBEDTLS_KW_MODE_KWP = 1
} mbedtls_nist_kw_mode_t;

45
common/mbedtls/oid.c
View file

@ -154,8 +154,7 @@ typedef struct {
const char *short_name;
} oid_x520_attr_t;
static const oid_x520_attr_t oid_x520_attr_type[] =
{
static const oid_x520_attr_t oid_x520_attr_type[] = {
{
{ ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" },
"CN",
@ -249,8 +248,7 @@ typedef struct {
int ext_type;
} oid_x509_ext_t;
static const oid_x509_ext_t oid_x509_ext[] =
{
static const oid_x509_ext_t oid_x509_ext[] = {
{
{ ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints", "Basic Constraints" },
MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
@ -284,8 +282,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = {
{ ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth", "TLS Web Server Authentication" },
{ ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth", "TLS Web Client Authentication" },
{ ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" },
@ -299,8 +296,7 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
{
static const mbedtls_oid_descriptor_t oid_certificate_policies[] = {
{ ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" },
{ NULL, 0, NULL, NULL },
};
@ -318,8 +314,7 @@ typedef struct {
mbedtls_pk_type_t pk_alg;
} oid_sig_alg_t;
static const oid_sig_alg_t oid_sig_alg[] =
{
static const oid_sig_alg_t oid_sig_alg[] = {
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_MD2_C)
{
@ -426,8 +421,7 @@ typedef struct {
mbedtls_pk_type_t pk_alg;
} oid_pk_alg_t;
static const oid_pk_alg_t oid_pk_alg[] =
{
static const oid_pk_alg_t oid_pk_alg[] = {
{
{ ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" },
MBEDTLS_PK_RSA,
@ -459,8 +453,7 @@ typedef struct {
mbedtls_ecp_group_id grp_id;
} oid_ecp_grp_t;
static const oid_ecp_grp_t oid_ecp_grp[] =
{
static const oid_ecp_grp_t oid_ecp_grp[] = {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
{
{ ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" },
@ -547,8 +540,7 @@ typedef struct {
mbedtls_cipher_type_t cipher_alg;
} oid_cipher_alg_t;
static const oid_cipher_alg_t oid_cipher_alg[] =
{
static const oid_cipher_alg_t oid_cipher_alg[] = {
{
{ ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" },
MBEDTLS_CIPHER_DES_CBC,
@ -576,8 +568,7 @@ typedef struct {
mbedtls_md_type_t md_alg;
} oid_md_alg_t;
static const oid_md_alg_t oid_md_alg[] =
{
static const oid_md_alg_t oid_md_alg[] = {
#if defined(MBEDTLS_MD2_C)
{
{ ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" },
@ -646,8 +637,7 @@ typedef struct {
mbedtls_md_type_t md_hmac;
} oid_md_hmac_t;
static const oid_md_hmac_t oid_md_hmac[] =
{
static const oid_md_hmac_t oid_md_hmac[] = {
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" },
@ -694,8 +684,7 @@ typedef struct {
mbedtls_cipher_type_t cipher_alg;
} oid_pkcs12_pbe_alg_t;
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
{
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = {
{
{ ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
@ -725,8 +714,7 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pb
/* Return the x.y.z.... style numeric string for the given OID */
int mbedtls_oid_get_numeric_string(char *buf, size_t size,
const mbedtls_asn1_buf *oid )
{
const mbedtls_asn1_buf *oid) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n;
unsigned int value;
@ -736,15 +724,13 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size,
n = size;
/* First byte contains first two dots */
if( oid->len > 0 )
{
if (oid->len > 0) {
ret = mbedtls_snprintf(p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40);
OID_SAFE_SNPRINTF;
}
value = 0;
for( i = 1; i < oid->len; i++ )
{
for (i = 1; i < oid->len; i++) {
/* Prevent overflow in value. */
if (((value << 7) >> 7) != value)
return (MBEDTLS_ERR_OID_BUF_TOO_SMALL);
@ -752,8 +738,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size,
value <<= 7;
value += oid->p[i] & 0x7F;
if( !( oid->p[i] & 0x80 ) )
{
if (!(oid->p[i] & 0x80)) {
/* Last byte */
ret = mbedtls_snprintf(p, n, ".%u", value);
OID_SAFE_SNPRINTF;

3
common/mbedtls/oid.h
View file

@ -437,8 +437,7 @@ extern "C" {
/**
* \brief Base OID descriptor structure
*/
typedef struct mbedtls_oid_descriptor_t
{
typedef struct mbedtls_oid_descriptor_t {
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */

12
common/mbedtls/padlock.c
View file

@ -40,13 +40,11 @@
/*
* PadLock detection routine
*/
int mbedtls_padlock_has_support( int feature )
{
int mbedtls_padlock_has_support(int feature) {
static int flags = -1;
int ebx = 0, edx = 0;
if( flags == -1 )
{
if (flags == -1) {
asm("movl %%ebx, %0 \n\t"
"movl $0xC0000000, %%eax \n\t"
"cpuid \n\t"
@ -74,8 +72,7 @@ int mbedtls_padlock_has_support( int feature )
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] )
{
unsigned char output[16]) {
int ebx = 0;
uint32_t *rk;
uint32_t *blk;
@ -116,8 +113,7 @@ int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char *output) {
int ebx = 0;
size_t count;
uint32_t *rk;

80
common/mbedtls/pem.c
View file

@ -41,8 +41,7 @@
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx )
{
void mbedtls_pem_init(mbedtls_pem_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_pem_context));
}
@ -52,17 +51,16 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx )
* Read a 16-byte hex string and convert it to binary
*/
static int pem_get_iv(const unsigned char *s, unsigned char *iv,
size_t iv_len )
{
size_t iv_len) {
size_t i, j, k;
memset(iv, 0, iv_len);
for( i = 0; i < iv_len * 2; i++, s++ )
{
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
for (i = 0; i < iv_len * 2; i++, s++) {
if (*s >= '0' && *s <= '9') j = *s - '0';
else if (*s >= 'A' && *s <= 'F') j = *s - '7';
else if (*s >= 'a' && *s <= 'f') j = *s - 'W';
else
return (MBEDTLS_ERR_PEM_INVALID_ENC_IV);
k = ((i & 1) != 0) ? j : j << 4;
@ -75,8 +73,7 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv,
static int pem_pbkdf1(unsigned char *key, size_t keylen,
unsigned char *iv,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
mbedtls_md5_context md5_ctx;
unsigned char md5sum[16];
size_t use_len;
@ -96,8 +93,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen,
if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0)
goto exit;
if( keylen <= 16 )
{
if (keylen <= 16) {
memcpy(key, md5sum, keylen);
goto exit;
}
@ -137,8 +133,7 @@ exit:
*/
static int pem_des_decrypt(unsigned char des_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
mbedtls_des_context des_ctx;
unsigned char des_key[8];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -165,8 +160,7 @@ exit:
*/
static int pem_des3_decrypt(unsigned char des3_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
mbedtls_des3_context des3_ctx;
unsigned char des3_key[24];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -195,8 +189,7 @@ exit:
*/
static int pem_aes_decrypt(unsigned char aes_iv[16], unsigned int keylen,
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
mbedtls_aes_context aes_ctx;
unsigned char aes_key[32];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -224,8 +217,7 @@ exit:
int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
const unsigned char *data, const unsigned char *pwd,
size_t pwdlen, size_t *use_len )
{
size_t pwdlen, size_t *use_len) {
int ret, enc;
size_t len;
unsigned char *buf;
@ -268,8 +260,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
enc = 0;
if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
enc++;
@ -281,8 +272,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
#if defined(MBEDTLS_DES_C)
if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
{
if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) {
enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
s1 += 23;
@ -290,9 +280,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
return (MBEDTLS_ERR_PEM_INVALID_ENC_IV);
s1 += 16;
}
else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
{
} else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) {
enc_alg = MBEDTLS_CIPHER_DES_CBC;
s1 += 18;
@ -304,8 +292,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
{
if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) {
if (s2 - s1 < 22)
return (MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG);
else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0)
@ -348,19 +335,16 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if ((buf = mbedtls_calloc(1, len)) == NULL)
return (MBEDTLS_ERR_PEM_ALLOC_FAILED);
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
{
if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) {
mbedtls_platform_zeroize(buf, len);
mbedtls_free(buf);
return (MBEDTLS_ERR_PEM_INVALID_DATA + ret);
}
if( enc != 0 )
{
if (enc != 0) {
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL )
{
if (pwd == NULL) {
mbedtls_platform_zeroize(buf, len);
mbedtls_free(buf);
return (MBEDTLS_ERR_PEM_PASSWORD_REQUIRED);
@ -384,8 +368,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen);
#endif /* MBEDTLS_AES_C */
if( ret != 0 )
{
if (ret != 0) {
mbedtls_free(buf);
return (ret);
}
@ -396,8 +379,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
*
* Use that as a heuristic to try to detect password mismatches.
*/
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{
if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) {
mbedtls_platform_zeroize(buf, len);
mbedtls_free(buf);
return (MBEDTLS_ERR_PEM_PASSWORD_MISMATCH);
@ -416,10 +398,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
return (0);
}
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
if ( ctx->buf != NULL )
{
void mbedtls_pem_free(mbedtls_pem_context *ctx) {
if (ctx->buf != NULL) {
mbedtls_platform_zeroize(ctx->buf, ctx->buflen);
mbedtls_free(ctx->buf);
}
@ -432,8 +412,7 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx )
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_pem_write_buffer(const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
unsigned char *buf, size_t buf_len, size_t *olen )
{
unsigned char *buf, size_t buf_len, size_t *olen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *encode_buf = NULL, *c, *p = buf;
size_t len = 0, use_len, add_len = 0;
@ -441,8 +420,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len);
add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1;
if( use_len + add_len > buf_len )
{
if (use_len + add_len > buf_len) {
*olen = use_len + add_len;
return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
}
@ -452,8 +430,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
return (MBEDTLS_ERR_PEM_ALLOC_FAILED);
if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data,
der_len ) ) != 0 )
{
der_len)) != 0) {
mbedtls_free(encode_buf);
return (ret);
}
@ -462,8 +439,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
p += strlen(header);
c = encode_buf;
while( use_len )
{
while (use_len) {
len = (use_len > 64) ? 64 : use_len;
memcpy(p, c, len);
use_len -= len;

3
common/mbedtls/pem.h
View file

@ -55,8 +55,7 @@ extern "C" {
/**
* \brief PEM context structure
*/
typedef struct mbedtls_pem_context
{
typedef struct mbedtls_pem_context {
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */

94
common/mbedtls/pk.c
View file

@ -52,8 +52,7 @@
/*
* Initialise a mbedtls_pk_context
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx )
{
void mbedtls_pk_init(mbedtls_pk_context *ctx) {
PK_VALIDATE(ctx != NULL);
ctx->pk_info = NULL;
@ -63,8 +62,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx )
/*
* Free (the components of) a mbedtls_pk_context
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx )
{
void mbedtls_pk_free(mbedtls_pk_context *ctx) {
if (ctx == NULL)
return;
@ -78,8 +76,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
/*
* Initialize a restart context
*/
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
{
void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx) {
PK_VALIDATE(ctx != NULL);
ctx->pk_info = NULL;
ctx->rs_ctx = NULL;
@ -88,11 +85,9 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
/*
* Free the components of a restart context
*/
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
{
void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx) {
if (ctx == NULL || ctx->pk_info == NULL ||
ctx->pk_info->rs_free_func == NULL )
{
ctx->pk_info->rs_free_func == NULL) {
return;
}
@ -106,8 +101,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
/*
* Get pk_info structure from type
*/
const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
{
const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) {
switch (pk_type) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
@ -132,8 +126,7 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
/*
* Initialise context
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
{
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) {
PK_VALIDATE_RET(ctx != NULL);
if (info == NULL || ctx->pk_info != NULL)
return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@ -151,8 +144,7 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
* Initialise a PSA-wrapping context
*/
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
const psa_key_id_t key )
{
const psa_key_id_t key) {
const mbedtls_pk_info_t *const info = &mbedtls_pk_opaque_info;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t *pk_ctx;
@ -189,8 +181,7 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
mbedtls_pk_rsa_alt_sign_func sign_func,
mbedtls_pk_rsa_alt_key_len_func key_len_func )
{
mbedtls_pk_rsa_alt_key_len_func key_len_func) {
mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
@ -217,8 +208,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
/*
* Tell if a PK can do the operations of the given type
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
{
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) {
/* A context with null pk_info is not set up yet and can't do anything.
* For backward compatibility, also accept NULL instead of a context
* pointer. */
@ -231,8 +221,7 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
/*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/
static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
{
static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) {
const mbedtls_md_info_t *md_info;
if (*hash_len != 0)
@ -250,8 +239,7 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len
* Helper to set up a restart context if needed
*/
static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx,
const mbedtls_pk_info_t *info )
{
const mbedtls_pk_info_t *info) {
/* Don't do anything if already set up or invalid */
if (ctx == NULL || ctx->pk_info != NULL)
return (0);
@ -276,8 +264,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx )
{
mbedtls_pk_restart_ctx *rs_ctx) {
PK_VALIDATE_RET(ctx != NULL);
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
hash != NULL);
@ -291,8 +278,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
/* optimization: use non-restartable version if restart disabled */
if (rs_ctx != NULL &&
mbedtls_ecp_restart_is_enabled() &&
ctx->pk_info->verify_rs_func != NULL )
{
ctx->pk_info->verify_rs_func != NULL) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0)
@ -322,8 +308,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
*/
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
return (mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len,
sig, sig_len, NULL));
}
@ -334,8 +319,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
PK_VALIDATE_RET(ctx != NULL);
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
hash != NULL);
@ -347,8 +331,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
if (! mbedtls_pk_can_do(ctx, type))
return (MBEDTLS_ERR_PK_TYPE_MISMATCH);
if( type == MBEDTLS_PK_RSASSA_PSS )
{
if (type == MBEDTLS_PK_RSASSA_PSS) {
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_rsassa_pss_options *pss_opts;
@ -399,8 +382,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx )
{
mbedtls_pk_restart_ctx *rs_ctx) {
PK_VALIDATE_RET(ctx != NULL);
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
hash != NULL);
@ -414,8 +396,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
/* optimization: use non-restartable version if restart disabled */
if (rs_ctx != NULL &&
mbedtls_ecp_restart_is_enabled() &&
ctx->pk_info->sign_rs_func != NULL )
{
ctx->pk_info->sign_rs_func != NULL) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0)
@ -446,8 +427,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
return (mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len,
sig, sig_len, f_rng, p_rng, NULL));
}
@ -458,8 +438,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
PK_VALIDATE_RET(ctx != NULL);
PK_VALIDATE_RET(input != NULL || ilen == 0);
PK_VALIDATE_RET(output != NULL || osize == 0);
@ -481,8 +460,7 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
PK_VALIDATE_RET(ctx != NULL);
PK_VALIDATE_RET(input != NULL || ilen == 0);
PK_VALIDATE_RET(output != NULL || osize == 0);
@ -501,27 +479,22 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
/*
* Check public-private key pair
*/
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
{
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) {
PK_VALIDATE_RET(pub != NULL);
PK_VALIDATE_RET(prv != NULL);
if (pub->pk_info == NULL ||
prv->pk_info == NULL )
{
prv->pk_info == NULL) {
return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
}
if (prv->pk_info->check_pair_func == NULL)
return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
{
if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) {
if (pub->pk_info->type != MBEDTLS_PK_RSA)
return (MBEDTLS_ERR_PK_TYPE_MISMATCH);
}
else
{
} else {
if (pub->pk_info != prv->pk_info)
return (MBEDTLS_ERR_PK_TYPE_MISMATCH);
}
@ -532,8 +505,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
/*
* Get key size in bits
*/
size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
{
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx) {
/* For backward compatibility, accept NULL or a context that
* isn't set up yet, and return a fake value that should be safe. */
if (ctx == NULL || ctx->pk_info == NULL)
@ -545,8 +517,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
/*
* Export debug information
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
{
int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) {
PK_VALIDATE_RET(ctx != NULL);
if (ctx->pk_info == NULL)
return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@ -561,8 +532,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item
/*
* Access the PK type name
*/
const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
{
const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx) {
if (ctx == NULL || ctx->pk_info == NULL)
return ("invalid PK");
@ -572,8 +542,7 @@ const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
/*
* Access the PK type
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
{
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx) {
if (ctx == NULL || ctx->pk_info == NULL)
return (MBEDTLS_PK_NONE);
@ -589,8 +558,7 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
*/
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
psa_key_id_t *key,
psa_algorithm_t hash_alg )
{
psa_algorithm_t hash_alg) {
#if !defined(MBEDTLS_ECP_C)
((void) pk);
((void) key);

24
common/mbedtls/pk.h
View file

@ -92,8 +92,7 @@ typedef enum {
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@ -154,8 +153,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
/**
* \brief Types for interfacing with the debug module
*/
typedef enum
{
typedef enum {
MBEDTLS_PK_DEBUG_NONE = 0,
MBEDTLS_PK_DEBUG_MPI,
MBEDTLS_PK_DEBUG_ECP,
@ -164,8 +162,7 @@ typedef enum
/**
* \brief Item to send to the debug module
*/
typedef struct mbedtls_pk_debug_item
{
typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type type;
const char *name;
void *value;
@ -182,8 +179,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
/**
* \brief Public key container
*/
typedef struct mbedtls_pk_context
{
typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
@ -192,8 +188,7 @@ typedef struct mbedtls_pk_context
/**
* \brief Context for resuming operations
*/
typedef struct
{
typedef struct {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *rs_ctx; /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
@ -209,8 +204,7 @@ typedef void mbedtls_pk_restart_ctx;
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) {
return ((mbedtls_rsa_context *)(pk).pk_ctx);
}
#endif /* MBEDTLS_RSA_C */
@ -222,8 +216,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) {
return ((mbedtls_ecp_keypair *)(pk).pk_ctx);
}
#endif /* MBEDTLS_ECP_C */
@ -378,8 +371,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
*
* \return Key length in bytes, or 0 on error
*/
static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
{
static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx) {
return ((mbedtls_pk_get_bitlen(ctx) + 7) / 8);
}

6
common/mbedtls/pk_internal.h
View file

@ -31,8 +31,7 @@
#include "mbedtls/pk.h"
struct mbedtls_pk_info_t
{
struct mbedtls_pk_info_t {
/** Public key type */
mbedtls_pk_type_t type;
@ -107,8 +106,7 @@ struct mbedtls_pk_info_t
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
typedef struct
{
typedef struct {
void *key;
mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
mbedtls_pk_rsa_alt_sign_func sign_func;

186
common/mbedtls/pk_wrap.c
View file

@ -62,22 +62,19 @@
#include <stdint.h>
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
{
static int rsa_can_do(mbedtls_pk_type_t type) {
return (type == MBEDTLS_PK_RSA ||
type == MBEDTLS_PK_RSASSA_PSS);
}
static size_t rsa_get_bitlen( const void *ctx )
{
static size_t rsa_get_bitlen(const void *ctx) {
const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
return (8 * mbedtls_rsa_get_len(rsa));
}
static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
size_t rsa_len = mbedtls_rsa_get_len(rsa);
@ -109,8 +106,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
#if SIZE_MAX > UINT_MAX
@ -127,8 +123,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int rsa_decrypt_wrap(void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
if (ilen != mbedtls_rsa_get_len(rsa))
@ -141,8 +136,7 @@ static int rsa_decrypt_wrap( void *ctx,
static int rsa_encrypt_wrap(void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
*olen = mbedtls_rsa_get_len(rsa);
@ -153,14 +147,12 @@ static int rsa_encrypt_wrap( void *ctx,
ilen, input, output));
}
static int rsa_check_pair_wrap( const void *pub, const void *prv )
{
static int rsa_check_pair_wrap(const void *pub, const void *prv) {
return (mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub,
(const mbedtls_rsa_context *) prv));
}
static void *rsa_alloc_wrap( void )
{
static void *rsa_alloc_wrap(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
if (ctx != NULL)
@ -169,14 +161,12 @@ static void *rsa_alloc_wrap( void )
return (ctx);
}
static void rsa_free_wrap( void *ctx )
{
static void rsa_free_wrap(void *ctx) {
mbedtls_rsa_free((mbedtls_rsa_context *) ctx);
mbedtls_free(ctx);
}
static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
{
static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items) {
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
items->value = &(((mbedtls_rsa_context *) ctx)->N);
@ -216,15 +206,13 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
/*
* Generic EC key
*/
static int eckey_can_do( mbedtls_pk_type_t type )
{
static int eckey_can_do(mbedtls_pk_type_t type) {
return (type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECKEY_DH ||
type == MBEDTLS_PK_ECDSA);
}
static size_t eckey_get_bitlen( const void *ctx )
{
static size_t eckey_get_bitlen(const void *ctx) {
return (((mbedtls_ecp_keypair *) ctx)->grp.pbits);
}
@ -241,8 +229,7 @@ static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
@ -259,8 +246,7 @@ static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
@ -294,20 +280,17 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
* We need to store an actual ECDSA context, as we need to pass the same to
* the underlying ecdsa function, so we can't create it on the fly every time.
*/
typedef struct
{
typedef struct {
mbedtls_ecdsa_restart_ctx ecdsa_rs;
mbedtls_ecdsa_context ecdsa_ctx;
} eckey_restart_ctx;
static void *eckey_rs_alloc( void )
{
static void *eckey_rs_alloc(void) {
eckey_restart_ctx *rs_ctx;
void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx));
if( ctx != NULL )
{
if (ctx != NULL) {
rs_ctx = ctx;
mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs);
mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx);
@ -316,8 +299,7 @@ static void *eckey_rs_alloc( void )
return (ctx);
}
static void eckey_rs_free( void *ctx )
{
static void eckey_rs_free(void *ctx) {
eckey_restart_ctx *rs_ctx;
if (ctx == NULL)
@ -333,8 +315,7 @@ static void eckey_rs_free( void *ctx )
static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx )
{
void *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
@ -358,8 +339,7 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
void *rs_ctx )
{
void *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
@ -381,14 +361,12 @@ cleanup:
#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */
static int eckey_check_pair( const void *pub, const void *prv )
{
static int eckey_check_pair(const void *pub, const void *prv) {
return (mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
(const mbedtls_ecp_keypair *) prv));
}
static void *eckey_alloc_wrap( void )
{
static void *eckey_alloc_wrap(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
if (ctx != NULL)
@ -397,14 +375,12 @@ static void *eckey_alloc_wrap( void )
return (ctx);
}
static void eckey_free_wrap( void *ctx )
{
static void eckey_free_wrap(void *ctx) {
mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx);
mbedtls_free(ctx);
}
static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
{
static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items) {
items->type = MBEDTLS_PK_DEBUG_ECP;
items->name = "eckey.Q";
items->value = &(((mbedtls_ecp_keypair *) ctx)->Q);
@ -441,8 +417,7 @@ const mbedtls_pk_info_t mbedtls_eckey_info = {
/*
* EC key restricted to ECDH
*/
static int eckeydh_can_do( mbedtls_pk_type_t type )
{
static int eckeydh_can_do(mbedtls_pk_type_t type) {
return (type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECKEY_DH);
}
@ -472,8 +447,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ECDSA_C)
static int ecdsa_can_do( mbedtls_pk_type_t type )
{
static int ecdsa_can_do(mbedtls_pk_type_t type) {
return (type == MBEDTLS_PK_ECDSA);
}
@ -483,19 +457,16 @@ static int ecdsa_can_do( mbedtls_pk_type_t type )
* those integers and convert it to the fixed-length encoding expected by PSA.
*/
static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end,
unsigned char *to, size_t to_len )
{
unsigned char *to, size_t to_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t unpadded_len, padding_len;
if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len,
MBEDTLS_ASN1_INTEGER ) ) != 0 )
{
MBEDTLS_ASN1_INTEGER)) != 0) {
return (ret);
}
while( unpadded_len > 0 && **from == 0x00 )
{
while (unpadded_len > 0 && **from == 0x00) {
(*from)++;
unpadded_len--;
}
@ -517,8 +488,7 @@ static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end
* twice as big as int_size.
*/
static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end,
unsigned char *sig, size_t int_size )
{
unsigned char *sig, size_t int_size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t tmp_size;
@ -538,8 +508,7 @@ static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
mbedtls_ecdsa_context *ctx = ctx_arg;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -577,38 +546,33 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
status = psa_import_key(&attributes,
buf + sizeof(buf) - key_len, key_len,
&key_id);
if( status != PSA_SUCCESS )
{
if (status != PSA_SUCCESS) {
ret = mbedtls_psa_err_translate_pk(status);
goto cleanup;
}
/* We don't need the exported key anymore and can
* reuse its buffer for signature extraction. */
if( 2 * signature_part_size > sizeof( buf ) )
{
if (2 * signature_part_size > sizeof(buf)) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
p = (unsigned char *) sig;
if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf,
signature_part_size ) ) != 0 )
{
signature_part_size)) != 0) {
goto cleanup;
}
if (psa_verify_hash(key_id, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size)
!= PSA_SUCCESS )
{
!= PSA_SUCCESS) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
if( p != sig + sig_len )
{
if (p != sig + sig_len) {
ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
goto cleanup;
}
@ -621,8 +585,7 @@ cleanup:
#else /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
const unsigned char *sig, size_t sig_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
@ -639,8 +602,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
return (mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx,
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng));
}
@ -649,8 +611,7 @@ static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx )
{
void *rs_ctx) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
@ -669,8 +630,7 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
void *rs_ctx )
{
void *rs_ctx) {
return (mbedtls_ecdsa_write_signature_restartable(
(mbedtls_ecdsa_context *) ctx,
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
@ -679,8 +639,7 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
static void *ecdsa_alloc_wrap( void )
{
static void *ecdsa_alloc_wrap(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context));
if (ctx != NULL)
@ -689,15 +648,13 @@ static void *ecdsa_alloc_wrap( void )
return (ctx);
}
static void ecdsa_free_wrap( void *ctx )
{
static void ecdsa_free_wrap(void *ctx) {
mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx);
mbedtls_free(ctx);
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
static void *ecdsa_rs_alloc( void )
{
static void *ecdsa_rs_alloc(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx));
if (ctx != NULL)
@ -706,8 +663,7 @@ static void *ecdsa_rs_alloc( void )
return (ctx);
}
static void ecdsa_rs_free( void *ctx )
{
static void ecdsa_rs_free(void *ctx) {
mbedtls_ecdsa_restart_free(ctx);
mbedtls_free(ctx);
}
@ -742,13 +698,11 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
* Support for alternative RSA-private implementations
*/
static int rsa_alt_can_do( mbedtls_pk_type_t type )
{
static int rsa_alt_can_do(mbedtls_pk_type_t type) {
return (type == MBEDTLS_PK_RSA);
}
static size_t rsa_alt_get_bitlen( const void *ctx )
{
static size_t rsa_alt_get_bitlen(const void *ctx) {
const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
return (8 * rsa_alt->key_len_func(rsa_alt->key));
@ -757,8 +711,7 @@ static size_t rsa_alt_get_bitlen( const void *ctx )
static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
#if SIZE_MAX > UINT_MAX
@ -777,8 +730,7 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int rsa_alt_decrypt_wrap(void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
((void) f_rng);
@ -792,8 +744,7 @@ static int rsa_alt_decrypt_wrap( void *ctx,
}
#if defined(MBEDTLS_RSA_C)
static int rsa_alt_check_pair( const void *pub, const void *prv )
{
static int rsa_alt_check_pair(const void *pub, const void *prv) {
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32];
size_t sig_len = 0;
@ -806,14 +757,12 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE,
hash, sizeof(hash),
sig, &sig_len, NULL, NULL ) ) != 0 )
{
sig, &sig_len, NULL, NULL)) != 0) {
return (ret);
}
if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE,
hash, sizeof( hash ), sig, sig_len ) != 0 )
{
hash, sizeof(hash), sig, sig_len) != 0) {
return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
}
@ -821,8 +770,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
}
#endif /* MBEDTLS_RSA_C */
static void *rsa_alt_alloc_wrap( void )
{
static void *rsa_alt_alloc_wrap(void) {
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context));
if (ctx != NULL)
@ -831,8 +779,7 @@ static void *rsa_alt_alloc_wrap( void )
return (ctx);
}
static void rsa_alt_free_wrap( void *ctx )
{
static void rsa_alt_free_wrap(void *ctx) {
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context));
mbedtls_free(ctx);
}
@ -868,8 +815,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static void *pk_opaque_alloc_wrap( void )
{
static void *pk_opaque_alloc_wrap(void) {
void *ctx = mbedtls_calloc(1, sizeof(psa_key_id_t));
/* no _init() function to call, an calloc() already zeroized */
@ -877,14 +823,12 @@ static void *pk_opaque_alloc_wrap( void )
return (ctx);
}
static void pk_opaque_free_wrap( void *ctx )
{
static void pk_opaque_free_wrap(void *ctx) {
mbedtls_platform_zeroize(ctx, sizeof(psa_key_id_t));
mbedtls_free(ctx);
}
static size_t pk_opaque_get_bitlen( const void *ctx )
{
static size_t pk_opaque_get_bitlen(const void *ctx) {
const psa_key_id_t *key = (const psa_key_id_t *) ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -897,8 +841,7 @@ static size_t pk_opaque_get_bitlen( const void *ctx )
return (bits);
}
static int pk_opaque_can_do( mbedtls_pk_type_t type )
{
static int pk_opaque_can_do(mbedtls_pk_type_t type) {
/* For now opaque PSA keys can only wrap ECC keypairs,
* as checked by setup_psa().
* Also, ECKEY_DH does not really make sense with the current API. */
@ -918,8 +861,7 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type )
* n_len: length of the mpi to read from start
*/
static int asn1_write_mpibuf(unsigned char **p, unsigned char *start,
size_t n_len )
{
size_t n_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -933,8 +875,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
* Neither r nor s should be 0, but as a failsafe measure, still detect
* that rather than overflowing the buffer in case of a PSA error. */
while( len > 0 && **p == 0x00 )
{
while (len > 0 && **p == 0x00) {
++(*p);
--len;
}
@ -945,8 +886,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
/* if the msb is 1, ASN.1 requires that we prepend a 0.
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
if( **p & 0x80 )
{
if (**p & 0x80) {
if (*p - start < 1)
return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
@ -970,8 +910,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
* [int] buf_len: the available size the in/out buffer
*/
static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len,
size_t buf_len )
{
size_t buf_len) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const size_t rs_len = *sig_len / 2;
@ -995,8 +934,7 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) {
#if !defined(MBEDTLS_ECDSA_C)
((void) ctx);
((void) md_alg);

51
common/mbedtls/pkcs11.c
View file

@ -39,46 +39,39 @@
#include <string.h>
void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
{
void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx) {
memset(ctx, 0, sizeof(mbedtls_pkcs11_context));
}
int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
{
int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert) {
int ret = 1;
unsigned char *cert_blob = NULL;
size_t cert_blob_size = 0;
if( cert == NULL )
{
if (cert == NULL) {
ret = 2;
goto cleanup;
}
if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, NULL,
&cert_blob_size ) != CKR_OK )
{
&cert_blob_size) != CKR_OK) {
ret = 3;
goto cleanup;
}
cert_blob = mbedtls_calloc(1, cert_blob_size);
if( NULL == cert_blob )
{
if (NULL == cert_blob) {
ret = 4;
goto cleanup;
}
if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, cert_blob,
&cert_blob_size ) != CKR_OK )
{
&cert_blob_size) != CKR_OK) {
ret = 5;
goto cleanup;
}
if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
{
if (0 != mbedtls_x509_crt_parse(cert, cert_blob, cert_blob_size)) {
ret = 6;
goto cleanup;
}
@ -94,8 +87,7 @@ cleanup:
int mbedtls_pkcs11_priv_key_bind(mbedtls_pkcs11_context *priv_key,
pkcs11h_certificate_t pkcs11_cert )
{
pkcs11h_certificate_t pkcs11_cert) {
int ret = 1;
mbedtls_x509_crt cert;
@ -118,8 +110,7 @@ cleanup:
return (ret);
}
void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
{
void mbedtls_pkcs11_priv_key_free(mbedtls_pkcs11_context *priv_key) {
if (NULL != priv_key)
pkcs11h_certificate_freeCertificate(priv_key->pkcs11h_cert);
}
@ -128,8 +119,7 @@ int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len )
{
size_t output_max_len) {
size_t input_len, output_len;
if (NULL == ctx)
@ -145,8 +135,7 @@ int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
/* Determine size of output buffer */
if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
input_len, NULL, &output_len ) != CKR_OK )
{
input_len, NULL, &output_len) != CKR_OK) {
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
}
@ -154,8 +143,7 @@ int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
return (MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE);
if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
input_len, output, &output_len ) != CKR_OK )
{
input_len, output, &output_len) != CKR_OK) {
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
}
*olen = output_len;
@ -167,8 +155,7 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
unsigned char *sig) {
size_t sig_len = 0, asn_len = 0, oid_size = 0;
unsigned char *p = sig;
const char *oid;
@ -179,8 +166,7 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
if (MBEDTLS_RSA_PRIVATE != mode)
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
if( md_alg != MBEDTLS_MD_NONE )
{
if (md_alg != MBEDTLS_MD_NONE) {
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL)
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
@ -194,13 +180,11 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
sig_len = ctx->len;
if (hashlen > sig_len || asn_len > sig_len ||
hashlen + asn_len > sig_len )
{
hashlen + asn_len > sig_len) {
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
}
if( md_alg != MBEDTLS_MD_NONE )
{
if (md_alg != MBEDTLS_MD_NONE) {
/*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
@ -227,8 +211,7 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
memcpy(p, hash, hashlen);
if (pkcs11h_certificate_signAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
asn_len + hashlen, sig, &sig_len ) != CKR_OK )
{
asn_len + hashlen, sig, &sig_len) != CKR_OK) {
return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
}

12
common/mbedtls/pkcs11.h
View file

@ -50,8 +50,7 @@ extern "C" {
/**
* Context for PKCS #11 private keys.
*/
typedef struct mbedtls_pkcs11_context
{
typedef struct mbedtls_pkcs11_context {
pkcs11h_certificate_t pkcs11h_cert;
int len;
} mbedtls_pkcs11_context;
@ -175,8 +174,7 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx,
int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
size_t output_max_len) {
return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
output_max_len);
}
@ -210,8 +208,7 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
const unsigned char *hash, unsigned char *sig) {
((void) f_rng);
((void) p_rng);
return mbedtls_pkcs11_sign((mbedtls_pkcs11_context *) ctx, mode, md_alg,
@ -228,8 +225,7 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
*
* \return The length of the private key.
*/
MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
{
MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len(void *ctx) {
return ((mbedtls_pkcs11_context *) ctx)->len;
}

48
common/mbedtls/pkcs12.c
View file

@ -46,8 +46,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations )
{
mbedtls_asn1_buf *salt, int *iterations) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char **p = &params->p;
const unsigned char *end = params->p + params->len;
@ -84,8 +83,7 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen )
{
unsigned char *iv, size_t ivlen) {
int ret, iterations = 0;
mbedtls_asn1_buf salt;
size_t i;
@ -106,8 +104,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
if ((ret = mbedtls_pkcs12_derivation(key, keylen, unipwd, pwdlen * 2 + 2,
salt.p, salt.len, md_type,
MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
{
MBEDTLS_PKCS12_DERIVE_KEY, iterations)) != 0) {
return (ret);
}
@ -116,8 +113,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
if ((ret = mbedtls_pkcs12_derivation(iv, ivlen, unipwd, pwdlen * 2 + 2,
salt.p, salt.len, md_type,
MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
{
MBEDTLS_PKCS12_DERIVE_IV, iterations)) != 0) {
return (ret);
}
return (0);
@ -128,8 +124,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len,
unsigned char *output )
{
unsigned char *output) {
#if !defined(MBEDTLS_ARC4_C)
((void) pbe_params);
((void) mode);
@ -149,8 +144,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, MBEDTLS_MD_SHA1,
pwd, pwdlen,
key, 16, NULL, 0 ) ) != 0 )
{
key, 16, NULL, 0)) != 0) {
return (ret);
}
@ -170,8 +164,7 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len,
unsigned char *output )
{
unsigned char *output) {
int ret, keylen = 0;
unsigned char key[32];
unsigned char iv[16];
@ -187,8 +180,7 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
key, keylen,
iv, cipher_info->iv_size ) ) != 0 )
{
iv, cipher_info->iv_size)) != 0) {
return (ret);
}
@ -207,8 +199,7 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
goto exit;
if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
output, &olen ) ) != 0 )
{
output, &olen)) != 0) {
goto exit;
}
@ -226,13 +217,11 @@ exit:
#endif /* MBEDTLS_ASN1_PARSE_C */
static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
const unsigned char *filler, size_t fill_len )
{
const unsigned char *filler, size_t fill_len) {
unsigned char *p = data;
size_t use_len;
while( data_len > 0 )
{
while (data_len > 0) {
use_len = (data_len > fill_len) ? fill_len : data_len;
memcpy(p, filler, use_len);
p += use_len;
@ -243,8 +232,7 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *salt, size_t saltlen,
mbedtls_md_type_t md_type, int id, int iterations )
{
mbedtls_md_type_t md_type, int id, int iterations) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int j;
@ -284,8 +272,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
pkcs12_fill_buffer(pwd_block, v, pwd, pwdlen);
p = data;
while( datalen > 0 )
{
while (datalen > 0) {
// Calculate hash( diversifier || salt_block || pwd_block )
if ((ret = mbedtls_md_starts(&md_ctx)) != 0)
goto exit;
@ -303,8 +290,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
goto exit;
// Perform remaining ( iterations - 1 ) recursive hash calculations
for( i = 1; i < (size_t) iterations; i++ )
{
for (i = 1; i < (size_t) iterations; i++) {
if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output)) != 0)
goto exit;
}
@ -327,8 +313,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
// salt_block += B
c = 0;
for( i = v; i > 0; i-- )
{
for (i = v; i > 0; i--) {
j = salt_block[i - 1] + hash_block[i - 1] + c;
c = (unsigned char)(j >> 8);
salt_block[i - 1] = j & 0xFF;
@ -336,8 +321,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
// pwd_block += B
c = 0;
for( i = v; i > 0; i-- )
{
for (i = v; i > 0; i--) {
j = pwd_block[i - 1] + hash_block[i - 1] + c;
c = (unsigned char)(j >> 8);
pwd_block[i - 1] = j & 0xFF;

85
common/mbedtls/pkcs5.c
View file

@ -52,8 +52,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type )
{
int *keylen, mbedtls_md_type_t *md_type) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf prf_alg_oid;
unsigned char *p = params->p;
@ -84,8 +83,7 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
if (p == end)
return (0);
if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
{
if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) {
if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret);
}
@ -109,8 +107,7 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output )
{
unsigned char *output) {
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
@ -148,8 +145,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
if ((ret = pkcs5_parse_pbkdf2_params(&kdf_alg_params,
&salt, &iterations, &keylen,
&md_type ) ) != 0 )
{
&md_type)) != 0) {
return (ret);
}
@ -158,8 +154,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE);
if ((ret = mbedtls_asn1_get_alg(&p, end, &enc_scheme_oid,
&enc_scheme_params ) ) != 0 )
{
&enc_scheme_params)) != 0) {
return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret);
}
@ -177,8 +172,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
keylen = cipher_info->key_bitlen / 8;
if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
enc_scheme_params.len != cipher_info->iv_size )
{
enc_scheme_params.len != cipher_info->iv_size) {
return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT);
}
@ -191,8 +185,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
goto exit;
if ((ret = mbedtls_pkcs5_pbkdf2_hmac(&md_ctx, pwd, pwdlen, salt.p, salt.len,
iterations, keylen, key ) ) != 0 )
{
iterations, keylen, key)) != 0) {
goto exit;
}
@ -219,8 +212,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output )
{
uint32_t key_length, unsigned char *output) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int j;
unsigned int i;
@ -241,8 +233,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
if ((ret = mbedtls_md_hmac_starts(ctx, password, plen)) != 0)
return (ret);
while( key_length )
{
while (key_length) {
// U1 ends up in work
//
if ((ret = mbedtls_md_hmac_update(ctx, salt, slen)) != 0)
@ -259,8 +250,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
memcpy(md1, work, md_size);
for( i = 1; i < iteration_count; i++ )
{
for (i = 1; i < iteration_count; i++) {
// U2 ends up in md1
//
if ((ret = mbedtls_md_hmac_update(ctx, md1, md_size)) != 0)
@ -300,8 +290,7 @@ cleanup:
#if defined(MBEDTLS_SELF_TEST)
#if !defined(MBEDTLS_SHA1_C)
int mbedtls_pkcs5_self_test( int verbose )
{
int mbedtls_pkcs5_self_test(int verbose) {
if (verbose != 0)
mbedtls_printf(" PBKDF2 (SHA1): skipped\n\n");
@ -314,8 +303,7 @@ int mbedtls_pkcs5_self_test( int verbose )
static const size_t plen_test_data[MAX_TESTS] =
{ 8, 8, 8, 24, 9 };
static const unsigned char password_test_data[MAX_TESTS][32] =
{
static const unsigned char password_test_data[MAX_TESTS][32] = {
"password",
"password",
"password",
@ -326,8 +314,7 @@ static const unsigned char password_test_data[MAX_TESTS][32] =
static const size_t slen_test_data[MAX_TESTS] =
{ 4, 4, 4, 36, 5 };
static const unsigned char salt_test_data[MAX_TESTS][40] =
{
static const unsigned char salt_test_data[MAX_TESTS][40] = {
"salt",
"salt",
"salt",
@ -341,27 +328,35 @@ static const uint32_t it_cnt_test_data[MAX_TESTS] =
static const uint32_t key_len_test_data[MAX_TESTS] =
{ 20, 20, 20, 25, 16 };
static const unsigned char result_key_test_data[MAX_TESTS][32] =
static const unsigned char result_key_test_data[MAX_TESTS][32] = {
{
{ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
0x2f, 0xe0, 0x37, 0xa6 },
{ 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
0x2f, 0xe0, 0x37, 0xa6
},
{
0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
0xd8, 0xde, 0x89, 0x57 },
{ 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
0xd8, 0xde, 0x89, 0x57
},
{
0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
0x65, 0xa4, 0x29, 0xc1 },
{ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
0x65, 0xa4, 0x29, 0xc1
},
{
0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
0x38 },
{ 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
0x38
},
{
0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
},
};
int mbedtls_pkcs5_self_test( int verbose )
{
int mbedtls_pkcs5_self_test(int verbose) {
mbedtls_md_context_t sha1_ctx;
const mbedtls_md_info_t *info_sha1;
int ret, i;
@ -370,20 +365,17 @@ int mbedtls_pkcs5_self_test( int verbose )
mbedtls_md_init(&sha1_ctx);
info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if( info_sha1 == NULL )
{
if (info_sha1 == NULL) {
ret = 1;
goto exit;
}
if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
{
if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) {
ret = 1;
goto exit;
}
for( i = 0; i < MAX_TESTS; i++ )
{
for (i = 0; i < MAX_TESTS; i++) {
if (verbose != 0)
mbedtls_printf(" PBKDF2 (SHA1) #%d: ", i);
@ -392,8 +384,7 @@ int mbedtls_pkcs5_self_test( int verbose )
slen_test_data[i], it_cnt_test_data[i],
key_len_test_data[i], key);
if (ret != 0 ||
memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
{
memcmp(result_key_test_data[i], key, key_len_test_data[i]) != 0) {
if (verbose != 0)
mbedtls_printf("failed\n");

282
common/mbedtls/pkparse.c
View file

@ -70,8 +70,7 @@
* A terminating null byte is always appended. It is included in the announced
* length only if the data looks like it is PEM encoded.
*/
int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
{
int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) {
FILE *f;
long size;
@ -83,8 +82,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
return (MBEDTLS_ERR_PK_FILE_IO_ERROR);
fseek(f, 0, SEEK_END);
if( ( size = ftell( f ) ) == -1 )
{
if ((size = ftell(f)) == -1) {
fclose(f);
return (MBEDTLS_ERR_PK_FILE_IO_ERROR);
}
@ -93,14 +91,12 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
*n = (size_t) size;
if (*n + 1 == 0 ||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
{
(*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
fclose(f);
return (MBEDTLS_ERR_PK_ALLOC_FAILED);
}
if( fread( *buf, 1, *n, f ) != *n )
{
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
mbedtls_platform_zeroize(*buf, *n);
@ -123,8 +119,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
* Load and parse a private key
*/
int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
const char *path, const char *pwd )
{
const char *path, const char *pwd) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
@ -150,8 +145,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
/*
* Load and parse a public key
*/
int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
{
int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
@ -181,8 +175,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
* }
*/
static int pk_get_ecparams(unsigned char **p, const unsigned char *end,
mbedtls_asn1_buf *params )
{
mbedtls_asn1_buf *params) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (end - *p < 1)
@ -195,14 +188,12 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
&& params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
#endif
)
{
) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
{
if ((ret = mbedtls_asn1_get_tag(p, end, &params->len, params->tag)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -236,8 +227,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
*
* We only support prime-field as field type, and ignore hash and cofactor.
*/
static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
{
static int pk_group_from_specified(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = params->p;
const unsigned char *const end = params->p + params->len;
@ -276,8 +266,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
return (ret);
if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) ||
memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
{
memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) {
return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
}
@ -313,16 +302,14 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
* containing an integer in the case of a prime field
*/
if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
{
(ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
p += len;
if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
{
(ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -343,8 +330,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G,
( const unsigned char *) p, len ) ) != 0 )
{
(const unsigned char *) p, len)) != 0) {
/*
* If we can't read the point because it's compressed, cheat by
* reading only the X coordinate and the parity bit of Y.
@ -354,8 +340,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
len != mbedtls_mpi_size(&grp->P) + 1 ||
mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 ||
mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 ||
mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
{
mbedtls_mpi_lset(&grp->G.Z, 1) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
}
}
@ -381,16 +366,14 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
* Find the group id associated with an (almost filled) group as generated by
* pk_group_from_specified(), or return an error if unknown.
*/
static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
{
static int pk_group_id_from_group(const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id) {
int ret = 0;
mbedtls_ecp_group ref;
const mbedtls_ecp_group_id *id;
mbedtls_ecp_group_init(&ref);
for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
{
for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) {
/* Load the group associated to that id */
mbedtls_ecp_group_free(&ref);
MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id));
@ -404,8 +387,7 @@ static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_gro
mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 &&
mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 &&
/* For Y we may only know the parity bit, so compare only that */
mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
{
mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) {
break;
}
@ -426,8 +408,7 @@ cleanup:
* Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
*/
static int pk_group_id_from_specified(const mbedtls_asn1_buf *params,
mbedtls_ecp_group_id *grp_id )
{
mbedtls_ecp_group_id *grp_id) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
@ -453,18 +434,14 @@ cleanup:
* specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
* -- implicitCurve NULL
*/
static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
{
static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
if( params->tag == MBEDTLS_ASN1_OID )
{
if (params->tag == MBEDTLS_ASN1_OID) {
if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0)
return (MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE);
}
else
{
} else {
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0)
return (ret);
@ -493,13 +470,11 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g
* return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
*/
static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
mbedtls_ecp_keypair *key )
{
mbedtls_ecp_keypair *key) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q,
(const unsigned char *) *p, end - *p ) ) == 0 )
{
(const unsigned char *) *p, end - *p)) == 0) {
ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q);
}
@ -521,8 +496,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
*/
static int pk_get_rsapubkey(unsigned char **p,
const unsigned char *end,
mbedtls_rsa_context *rsa )
{
mbedtls_rsa_context *rsa) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@ -555,8 +529,7 @@ static int pk_get_rsapubkey( unsigned char **p,
*p += len;
if (mbedtls_rsa_complete(rsa) != 0 ||
mbedtls_rsa_check_pubkey( rsa ) != 0 )
{
mbedtls_rsa_check_pubkey(rsa) != 0) {
return (MBEDTLS_ERR_PK_INVALID_PUBKEY);
}
@ -576,8 +549,7 @@ static int pk_get_rsapubkey( unsigned char **p,
*/
static int pk_get_pk_alg(unsigned char **p,
const unsigned char *end,
mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
{
mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf alg_oid;
@ -594,8 +566,7 @@ static int pk_get_pk_alg( unsigned char **p,
*/
if (*pk_alg == MBEDTLS_PK_RSA &&
((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) ||
params->len != 0 ) )
{
params->len != 0)) {
return (MBEDTLS_ERR_PK_INVALID_ALG);
}
@ -608,8 +579,7 @@ static int pk_get_pk_alg( unsigned char **p,
* subjectPublicKey BIT STRING }
*/
int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
mbedtls_pk_context *pk )
{
mbedtls_pk_context *pk) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
mbedtls_asn1_buf alg_params;
@ -622,8 +592,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
PK_VALIDATE_RET(pk != NULL);
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -646,14 +615,12 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
return (ret);
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
if (pk_alg == MBEDTLS_PK_RSA) {
ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
{
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
if (ret == 0)
ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
@ -684,8 +651,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
*/
static int asn1_get_nonzero_mpi(unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X )
{
mbedtls_mpi *X) {
int ret;
ret = mbedtls_asn1_get_mpi(p, end, X);
@ -703,8 +669,7 @@ static int asn1_get_nonzero_mpi( unsigned char **p,
*/
static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa,
const unsigned char *key,
size_t keylen )
{
size_t keylen) {
int ret, version;
size_t len;
unsigned char *p, *end;
@ -732,20 +697,17 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
* }
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
{
if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
if( version != 0 )
{
if (version != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_VERSION);
}
@ -824,13 +786,11 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
* mbedtls_pk_parse_pubkey(), as it includes size minima for example.
*/
if ((ret = mbedtls_rsa_complete(rsa)) != 0 ||
( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
{
(ret = mbedtls_rsa_check_pubkey(rsa)) != 0) {
goto cleanup;
}
if( p != end )
{
if (p != end) {
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
}
@ -839,8 +799,7 @@ cleanup:
mbedtls_mpi_free(&T);
if( ret != 0 )
{
if (ret != 0) {
/* Wrap error code if it's coming from a lower level */
if ((ret & 0xff80) == 0)
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
@ -860,8 +819,7 @@ cleanup:
*/
static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck,
const unsigned char *key,
size_t keylen )
{
size_t keylen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done;
size_t len;
@ -881,8 +839,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
* }
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -897,8 +854,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0)
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
{
if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -906,37 +862,30 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
p += len;
pubkey_done = 0;
if( p != end )
{
if (p != end) {
/*
* Is 'parameters' present?
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) == 0) {
if ((ret = pk_get_ecparams(&p, p + len, &params)) != 0 ||
( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
{
(ret = pk_use_ecparams(&params, &eck->grp)) != 0) {
mbedtls_ecp_keypair_free(eck);
return (ret);
}
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
}
if( p != end )
{
if (p != end) {
/*
* Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key.
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)) == 0) {
end2 = p + len;
if ((ret = mbedtls_asn1_get_bitstring_null(&p, end2, &len)) != 0)
@ -948,8 +897,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0)
pubkey_done = 1;
else
{
else {
/*
* The only acceptable failure mode of pk_get_ecpubkey() above
* is if the point format is not recognized.
@ -957,9 +905,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE)
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
}
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -967,14 +913,12 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if (! pubkey_done &&
(ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
NULL, NULL ) ) != 0 )
{
NULL, NULL)) != 0) {
mbedtls_ecp_keypair_free(eck);
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
{
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return (ret);
}
@ -999,8 +943,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_context *pk,
const unsigned char *key,
size_t keylen )
{
size_t keylen) {
int ret, version;
size_t len;
mbedtls_asn1_buf params;
@ -1026,8 +969,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -1056,21 +998,17 @@ static int pk_parse_key_pkcs8_unencrypted_der(
return (ret);
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
{
if (pk_alg == MBEDTLS_PK_RSA) {
if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) {
mbedtls_pk_free(pk);
return (ret);
}
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
{
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
if ((ret = pk_use_ecparams(&params, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
{
(ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len)) != 0) {
mbedtls_pk_free(pk);
return (ret);
}
@ -1094,8 +1032,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk,
unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
int ret, decrypted = 0;
size_t len;
unsigned char *buf;
@ -1128,8 +1065,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
*
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret);
}
@ -1147,12 +1083,10 @@ static int pk_parse_key_pkcs8_encrypted_der(
* Decrypt EncryptedData with appropriate PBE
*/
#if defined(MBEDTLS_PKCS12_C)
if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
{
if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
cipher_alg, md_alg,
pwd, pwdlen, p, len, buf ) ) != 0 )
{
pwd, pwdlen, p, len, buf)) != 0) {
if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH)
return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH);
@ -1160,14 +1094,11 @@ static int pk_parse_key_pkcs8_encrypted_der(
}
decrypted = 1;
}
else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
{
} else if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid) == 0) {
if ((ret = mbedtls_pkcs12_pbe_sha1_rc4_128(&pbe_params,
MBEDTLS_PKCS12_PBE_DECRYPT,
pwd, pwdlen,
p, len, buf ) ) != 0 )
{
p, len, buf)) != 0) {
return (ret);
}
@ -1178,15 +1109,12 @@ static int pk_parse_key_pkcs8_encrypted_der(
return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH);
decrypted = 1;
}
else
} else
#endif /* MBEDTLS_PKCS12_C */
#if defined(MBEDTLS_PKCS5_C)
if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
{
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) {
if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
p, len, buf ) ) != 0 )
{
p, len, buf)) != 0) {
if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH)
return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH);
@ -1194,8 +1122,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
}
decrypted = 1;
}
else
} else
#endif /* MBEDTLS_PKCS5_C */
{
((void) pwd);
@ -1213,8 +1140,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
*/
int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
const unsigned char *pwd, size_t pwdlen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info;
#if defined(MBEDTLS_PEM_PARSE_C)
@ -1240,20 +1166,17 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
"-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len);
if( ret == 0 )
{
if (ret == 0) {
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
(ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk),
pem.buf, pem.buflen ) ) != 0 )
{
pem.buf, pem.buflen)) != 0) {
mbedtls_pk_free(pk);
}
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
} else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH)
return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH);
else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED)
return (MBEDTLS_ERR_PK_PASSWORD_REQUIRED);
@ -1270,21 +1193,18 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
"-----BEGIN EC PRIVATE KEY-----",
"-----END EC PRIVATE KEY-----",
key, pwd, pwdlen, &len);
if( ret == 0 )
{
if (ret == 0) {
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
(ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
pem.buf, pem.buflen ) ) != 0 )
{
pem.buf, pem.buflen)) != 0) {
mbedtls_pk_free(pk);
}
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
} else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH)
return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH);
else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED)
return (MBEDTLS_ERR_PK_PASSWORD_REQUIRED);
@ -1300,18 +1220,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
"-----BEGIN PRIVATE KEY-----",
"-----END PRIVATE KEY-----",
key, NULL, 0, &len);
if( ret == 0 )
{
if (ret == 0) {
if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk,
pem.buf, pem.buflen ) ) != 0 )
{
pem.buf, pem.buflen)) != 0) {
mbedtls_pk_free(pk);
}
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT)
return (ret);
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
@ -1323,19 +1240,16 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
"-----END ENCRYPTED PRIVATE KEY-----",
key, NULL, 0, &len);
if( ret == 0 )
{
if (ret == 0) {
if ((ret = pk_parse_key_pkcs8_encrypted_der(pk,
pem.buf, pem.buflen,
pwd, pwdlen ) ) != 0 )
{
pwd, pwdlen)) != 0) {
mbedtls_pk_free(pk);
}
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT)
return (ret);
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
#else
@ -1372,8 +1286,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
mbedtls_pk_free(pk);
mbedtls_pk_init(pk);
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
{
if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) {
return (ret);
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
@ -1388,8 +1301,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
{
pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) {
return (0);
}
@ -1401,8 +1313,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
key, keylen ) == 0 )
{
key, keylen) == 0) {
return (0);
}
mbedtls_pk_free(pk);
@ -1425,8 +1336,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
* Parse a public key
*/
int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen )
{
const unsigned char *key, size_t keylen) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p;
#if defined(MBEDTLS_RSA_C)
@ -1454,8 +1364,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
"-----END RSA PUBLIC KEY-----",
key, NULL, 0, &len);
if( ret == 0 )
{
if (ret == 0) {
p = pem.buf;
if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL)
return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG);
@ -1468,9 +1377,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
mbedtls_pem_free(&pem);
return (ret);
}
@ -1485,8 +1392,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
"-----END PUBLIC KEY-----",
key, NULL, 0, &len);
if( ret == 0 )
{
if (ret == 0) {
/*
* Was PEM encoded
*/
@ -1495,9 +1401,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx);
mbedtls_pem_free(&pem);
return (ret);
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
mbedtls_pem_free(&pem);
return (ret);
}
@ -1513,13 +1417,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
p = (unsigned char *)key;
ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx));
if( ret == 0 )
{
if (ret == 0) {
return (ret);
}
mbedtls_pk_free(ctx);
if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
{
if (ret != (MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
return (ret);
}
#endif /* MBEDTLS_RSA_C */

85
common/mbedtls/pkwrite.c
View file

@ -70,8 +70,7 @@
* }
*/
static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
mbedtls_rsa_context *rsa )
{
mbedtls_rsa_context *rsa) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_mpi T;
@ -109,16 +108,14 @@ end_of_export:
* EC public key is an EC point
*/
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
mbedtls_ecp_keypair *ec) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, buf, sizeof( buf ) ) ) != 0 )
{
&len, buf, sizeof(buf))) != 0) {
return (ret);
}
@ -137,8 +134,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
* }
*/
static int pk_write_ec_param(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
mbedtls_ecp_keypair *ec) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const char *oid;
@ -156,8 +152,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
*/
static int pk_write_ec_private(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
mbedtls_ecp_keypair *ec) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t byte_length = (ec->grp.pbits + 7) / 8;
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
@ -174,8 +169,7 @@ exit:
#endif /* MBEDTLS_ECP_C */
int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key )
{
const mbedtls_pk_context *key) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@ -195,8 +189,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
{
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
size_t buffer_size;
psa_key_id_t *key_id = (psa_key_id_t *) key->pk_ctx;
@ -205,25 +198,20 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
buffer_size = (size_t)(*p - start);
if (psa_export_public_key(*key_id, start, buffer_size, &len)
!= PSA_SUCCESS )
{
!= PSA_SUCCESS) {
return (MBEDTLS_ERR_PK_BAD_INPUT_DATA);
}
else
{
} else {
*p -= len;
memmove(*p, start, len);
}
}
else
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
return ((int) len);
}
int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0, par_len = 0, oid_len;
@ -255,14 +243,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_C)
if( pk_type == MBEDTLS_PK_ECKEY )
{
if (pk_type == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( pk_type == MBEDTLS_PK_OPAQUE )
{
if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
psa_key_id_t key_id;
@ -295,8 +281,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
&oid_len ) ) != 0 )
{
&oid_len)) != 0) {
return (ret);
}
@ -310,8 +295,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
return ((int) len);
}
int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int mbedtls_pk_write_key_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0;
@ -324,8 +308,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
c = buf + size;
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
{
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
mbedtls_mpi T; /* Temporary holding the exported parameters */
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key);
@ -399,12 +382,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c,
buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
}
else
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
{
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
size_t pub_len = 0, par_len = 0;
@ -452,8 +433,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
}
else
} else
#endif /* MBEDTLS_ECP_C */
return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
@ -553,8 +533,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
@ -563,23 +542,20 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si
PK_VALIDATE_RET(buf != NULL || size == 0);
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
sizeof(output_buf))) < 0) {
return (ret);
}
if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
output_buf + sizeof(output_buf) - ret,
ret, buf, size, &olen ) ) != 0 )
{
ret, buf, size, &olen)) != 0) {
return (ret);
}
return (0);
}
int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
@ -592,27 +568,22 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_
return (ret);
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
{
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
begin = PEM_BEGIN_PRIVATE_KEY_RSA;
end = PEM_END_PRIVATE_KEY_RSA;
}
else
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
{
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
}
else
} else
#endif
return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
if ((ret = mbedtls_pem_write_buffer(begin, end,
output_buf + sizeof(output_buf) - ret,
ret, buf, size, &olen ) ) != 0 )
{
ret, buf, size, &olen)) != 0) {
return (ret);
}

87
common/mbedtls/platform.c
View file

@ -34,8 +34,7 @@
defined(MBEDTLS_PLATFORM_FREE_MACRO) )
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
static void *platform_calloc_uninit( size_t n, size_t size )
{
static void *platform_calloc_uninit(size_t n, size_t size) {
((void) n);
((void) size);
return (NULL);
@ -45,8 +44,7 @@ static void *platform_calloc_uninit( size_t n, size_t size )
#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
static void platform_free_uninit( void *ptr )
{
static void platform_free_uninit(void *ptr) {
((void) ptr);
}
@ -56,19 +54,16 @@ static void platform_free_uninit( void *ptr )
static void *(*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC;
static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE;
void * mbedtls_calloc( size_t nmemb, size_t size )
{
void *mbedtls_calloc(size_t nmemb, size_t size) {
return (*mbedtls_calloc_func)(nmemb, size);
}
void mbedtls_free( void * ptr )
{
void mbedtls_free(void *ptr) {
(*mbedtls_free_func)(ptr);
}
int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
void (*free_func)( void * ) )
{
void (*free_func)(void *)) {
mbedtls_calloc_func = calloc_func;
mbedtls_free_func = free_func;
return (0);
@ -79,8 +74,7 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#include <stdarg.h>
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
{
int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
va_list argp;
@ -98,8 +92,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_snprintf_uninit(char *s, size_t n,
const char * format, ... )
{
const char *format, ...) {
((void) s);
((void) n);
((void) format);
@ -115,8 +108,7 @@ int (*mbedtls_snprintf)( char * s, size_t n,
int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
const char *format,
... ) )
{
...)) {
mbedtls_snprintf = snprintf_func;
return (0);
}
@ -124,8 +116,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include <stdarg.h>
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
{
int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Avoid calling the invalid parameter handler by checking ourselves */
@ -136,8 +127,7 @@ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_lis
ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg);
#else
ret = vsnprintf(s, n, fmt, arg);
if( ret < 0 || (size_t) ret == n )
{
if (ret < 0 || (size_t) ret == n) {
s[n - 1] = '\0';
ret = -1;
}
@ -153,8 +143,7 @@ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_lis
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_vsnprintf_uninit(char *s, size_t n,
const char * format, va_list arg )
{
const char *format, va_list arg) {
((void) s);
((void) n);
((void) format);
@ -171,8 +160,7 @@ int (*mbedtls_vsnprintf)( char * s, size_t n,
int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
const char *format,
va_list arg ) )
{
va_list arg)) {
mbedtls_vsnprintf = vsnprintf_func;
return (0);
}
@ -183,8 +171,7 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_printf_uninit( const char *format, ... )
{
static int platform_printf_uninit(const char *format, ...) {
((void) format);
return (0);
}
@ -194,8 +181,7 @@ static int platform_printf_uninit( const char *format, ... )
int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF;
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
{
int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)) {
mbedtls_printf = printf_func;
return (0);
}
@ -206,8 +192,7 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
{
static int platform_fprintf_uninit(FILE *stream, const char *format, ...) {
((void) stream);
((void) format);
return (0);
@ -219,8 +204,7 @@ static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
int (*mbedtls_fprintf)(FILE *, const char *, ...) =
MBEDTLS_PLATFORM_STD_FPRINTF;
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
{
int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...)) {
mbedtls_fprintf = fprintf_func;
return (0);
}
@ -231,8 +215,7 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ...
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static void platform_exit_uninit( int status )
{
static void platform_exit_uninit(int status) {
((void) status);
}
@ -241,8 +224,7 @@ static void platform_exit_uninit( int status )
void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT;
int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
{
int mbedtls_platform_set_exit(void (*exit_func)(int status)) {
mbedtls_exit = exit_func;
return (0);
}
@ -255,8 +237,7 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
{
static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer) {
((void) timer);
return (0);
}
@ -266,8 +247,7 @@ static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME;
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
{
int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer)) {
mbedtls_time = time_func;
return (0);
}
@ -280,16 +260,14 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time
/* Default implementations for the platform independent seed functions use
* standard libc file functions to read from and write to a pre-defined filename
*/
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
{
int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len) {
FILE *file;
size_t n;
if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL)
return (-1);
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
{
if ((n = fread(buf, 1, buf_len, file)) != buf_len) {
fclose(file);
mbedtls_platform_zeroize(buf, buf_len);
return (-1);
@ -299,16 +277,14 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
return ((int)n);
}
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
{
int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len) {
FILE *file;
size_t n;
if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL)
return -1;
if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
{
if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) {
fclose(file);
return -1;
}
@ -323,8 +299,7 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
{
static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len) {
((void) buf);
((void) buf_len);
return (-1);
@ -337,8 +312,7 @@ static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
{
static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len) {
((void) buf);
((void) buf_len);
return (-1);
@ -354,8 +328,7 @@ int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
int mbedtls_platform_set_nv_seed(
int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
{
int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)) {
mbedtls_nv_seed_read = nv_seed_read_func;
mbedtls_nv_seed_write = nv_seed_write_func;
return (0);
@ -367,8 +340,7 @@ int mbedtls_platform_set_nv_seed(
/*
* Placeholder platform setup that does nothing by default
*/
int mbedtls_platform_setup( mbedtls_platform_context *ctx )
{
int mbedtls_platform_setup(mbedtls_platform_context *ctx) {
(void)ctx;
return (0);
@ -377,8 +349,7 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx )
/*
* Placeholder platform teardown that does nothing by default
*/
void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
{
void mbedtls_platform_teardown(mbedtls_platform_context *ctx) {
(void)ctx;
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */

3
common/mbedtls/platform.h
View file

@ -368,8 +368,7 @@ int mbedtls_platform_set_nv_seed(
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
typedef struct mbedtls_platform_context
{
typedef struct mbedtls_platform_context {
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;

9
common/mbedtls/platform_util.c
View file

@ -64,8 +64,7 @@
*/
static void *(* const volatile memset_func)(void *, int, size_t) = memset;
void mbedtls_platform_zeroize( void *buf, size_t len )
{
void mbedtls_platform_zeroize(void *buf, size_t len) {
MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
if (len > 0)
@ -101,8 +100,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
_POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
struct tm *tm_buf )
{
struct tm *tm_buf) {
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
return ((gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL);
#elif !defined(PLATFORM_UTIL_USE_GMTIME)
@ -117,8 +115,7 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
lt = gmtime(tt);
if( lt != NULL )
{
if (lt != NULL) {
memcpy(tm_buf, lt, sizeof(struct tm));
}

70
common/mbedtls/poly1305.c
View file

@ -64,8 +64,7 @@
* However we provided an alternative for platforms without such a multiplier.
*/
#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
static uint64_t mul64( uint32_t a, uint32_t b )
{
static uint64_t mul64(uint32_t a, uint32_t b) {
/* a = al + 2**16 ah, b = bl + 2**16 bh */
const uint16_t al = (uint16_t) a;
const uint16_t bl = (uint16_t) b;
@ -80,8 +79,7 @@ static uint64_t mul64( uint32_t a, uint32_t b )
return (lo + (me << 16) + ((uint64_t) hi << 32));
}
#else
static inline uint64_t mul64( uint32_t a, uint32_t b )
{
static inline uint64_t mul64(uint32_t a, uint32_t b) {
return ((uint64_t) a * b);
}
#endif
@ -101,8 +99,7 @@ static inline uint64_t mul64( uint32_t a, uint32_t b )
static void poly1305_process(mbedtls_poly1305_context *ctx,
size_t nblocks,
const unsigned char *input,
uint32_t needs_padding )
{
uint32_t needs_padding) {
uint64_t d0, d1, d2, d3;
uint32_t acc0, acc1, acc2, acc3, acc4;
uint32_t r0, r1, r2, r3;
@ -126,8 +123,7 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
acc4 = ctx->acc[4];
/* Process full blocks */
for( i = 0U; i < nblocks; i++ )
{
for (i = 0U; i < nblocks; i++) {
/* The input block is treated as a 128-bit little-endian integer */
d0 = BYTES_TO_U32_LE(input, offset + 0);
d1 = BYTES_TO_U32_LE(input, offset + 4);
@ -207,8 +203,7 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
* big enough to contain the 16-byte MAC.
*/
static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx,
unsigned char mac[16] )
{
unsigned char mac[16]) {
uint64_t d;
uint32_t g0, g1, g2, g3, g4;
uint32_t acc0, acc1, acc2, acc3, acc4;
@ -275,15 +270,13 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
mac[15] = (unsigned char)(acc3 >> 24);
}
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
{
void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx) {
POLY1305_VALIDATE(ctx != NULL);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));
}
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
{
void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx) {
if (ctx == NULL)
return;
@ -291,8 +284,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
}
int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
const unsigned char key[32] )
{
const unsigned char key[32]) {
POLY1305_VALIDATE_RET(ctx != NULL);
POLY1305_VALIDATE_RET(key != NULL);
@ -323,8 +315,7 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
const unsigned char *input,
size_t ilen )
{
size_t ilen) {
size_t offset = 0U;
size_t remaining = ilen;
size_t queue_free_len;
@ -332,12 +323,10 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
POLY1305_VALIDATE_RET(ctx != NULL);
POLY1305_VALIDATE_RET(ilen == 0 || input != NULL);
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
{
if ((remaining > 0U) && (ctx->queue_len > 0U)) {
queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);
if( ilen < queue_free_len )
{
if (ilen < queue_free_len) {
/* Not enough data to complete the block.
* Store this data with the other leftovers.
*/
@ -348,9 +337,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
ctx->queue_len += ilen;
remaining = 0U;
}
else
{
} else {
/* Enough data to produce a complete block */
memcpy(&ctx->queue[ctx->queue_len],
input,
@ -365,8 +352,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
}
}
if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
{
if (remaining >= POLY1305_BLOCK_SIZE_BYTES) {
nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
poly1305_process(ctx, nblocks, &input[offset], 1U);
@ -375,8 +361,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
remaining %= POLY1305_BLOCK_SIZE_BYTES;
}
if( remaining > 0U )
{
if (remaining > 0U) {
/* Store partial block */
ctx->queue_len = remaining;
memcpy(ctx->queue, &input[offset], remaining);
@ -386,14 +371,12 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
}
int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
unsigned char mac[16] )
{
unsigned char mac[16]) {
POLY1305_VALIDATE_RET(ctx != NULL);
POLY1305_VALIDATE_RET(mac != NULL);
/* Process any leftover data */
if( ctx->queue_len > 0U )
{
if (ctx->queue_len > 0U) {
/* Add padding bit */
ctx->queue[ctx->queue_len] = 1U;
ctx->queue_len++;
@ -415,8 +398,7 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
int mbedtls_poly1305_mac(const unsigned char key[32],
const unsigned char *input,
size_t ilen,
unsigned char mac[16] )
{
unsigned char mac[16]) {
mbedtls_poly1305_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
POLY1305_VALIDATE_RET(key != NULL);
@ -444,8 +426,7 @@ cleanup:
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char test_keys[2][32] =
{
static const unsigned char test_keys[2][32] = {
{
0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
@ -460,8 +441,7 @@ static const unsigned char test_keys[2][32] =
}
};
static const unsigned char test_data[2][127] =
{
static const unsigned char test_data[2][127] = {
{
0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
@ -489,14 +469,12 @@ static const unsigned char test_data[2][127] =
}
};
static const size_t test_data_len[2] =
{
static const size_t test_data_len[2] = {
34U,
127U
};
static const unsigned char test_mac[2][16] =
{
static const unsigned char test_mac[2][16] = {
{
0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
@ -523,14 +501,12 @@ static const unsigned char test_mac[2][16] =
} \
while( 0 )
int mbedtls_poly1305_self_test( int verbose )
{
int mbedtls_poly1305_self_test(int verbose) {
unsigned char mac[16];
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{
for (i = 0U; i < 2U; i++) {
if (verbose != 0)
mbedtls_printf(" Poly1305 test %u ", i);

3
common/mbedtls/poly1305.h
View file

@ -57,8 +57,7 @@ extern "C" {
#if !defined(MBEDTLS_POLY1305_ALT)
typedef struct mbedtls_poly1305_context
{
typedef struct mbedtls_poly1305_context {
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */

1239
common/mbedtls/psa_crypto.c
View file

File diff suppressed because it is too large Load diff

15
common/mbedtls/psa_crypto_client.c
View file

@ -31,8 +31,7 @@
#define mbedtls_free free
#endif
void psa_reset_key_attributes( psa_key_attributes_t *attributes )
{
void psa_reset_key_attributes(psa_key_attributes_t *attributes) {
mbedtls_free(attributes->domain_parameters);
memset(attributes, 0, sizeof(*attributes));
}
@ -40,12 +39,10 @@ void psa_reset_key_attributes( psa_key_attributes_t *attributes )
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
size_t data_length )
{
size_t data_length) {
uint8_t *copy = NULL;
if( data_length != 0 )
{
if (data_length != 0) {
copy = mbedtls_calloc(1, data_length);
if (copy == NULL)
return (PSA_ERROR_INSUFFICIENT_MEMORY);
@ -54,8 +51,7 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
/* After this point, this function is guaranteed to succeed, so it
* can start modifying `*attributes`. */
if( attributes->domain_parameters != NULL )
{
if (attributes->domain_parameters != NULL) {
mbedtls_free(attributes->domain_parameters);
attributes->domain_parameters = NULL;
attributes->domain_parameters_size = 0;
@ -69,8 +65,7 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
if (attributes->domain_parameters_size > data_size)
return (PSA_ERROR_BUFFER_TOO_SMALL);
*data_length = attributes->domain_parameters_size;

27
common/mbedtls/psa_crypto_core.h
View file

@ -35,8 +35,7 @@
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
typedef struct
{
typedef struct {
psa_core_key_attributes_t attr;
/*
@ -66,8 +65,7 @@ typedef struct
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
struct key_data
{
struct key_data {
uint8_t *data;
size_t bytes;
} key;
@ -87,8 +85,7 @@ typedef struct
*
* \return 1 if the slot is occupied, 0 otherwise.
*/
static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
{
static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot) {
return (slot->attr.type != 0);
}
@ -100,8 +97,7 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
*
* \return 1 if the slot is locked, 0 otherwise.
*/
static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
{
static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot) {
return (slot->lock_count > 0);
}
@ -114,8 +110,7 @@ static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
* bitwise-anded with \p mask.
*/
static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
uint16_t mask )
{
uint16_t mask) {
return (slot->attr.flags & mask);
}
@ -127,8 +122,7 @@ static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
*/
static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
uint16_t mask,
uint16_t value )
{
uint16_t value) {
slot->attr.flags = ((~mask & slot->attr.flags) |
(mask & value));
}
@ -139,8 +133,7 @@ static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
* \param mask The mask of bits to set.
*/
static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
uint16_t mask )
{
uint16_t mask) {
slot->attr.flags |= mask;
}
@ -150,8 +143,7 @@ static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
* \param mask The mask of bits to clear.
*/
static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
uint16_t mask )
{
uint16_t mask) {
slot->attr.flags &= ~mask;
}
@ -163,8 +155,7 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
* secure element, otherwise the behaviour is undefined.
*/
static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
const psa_key_slot_t *slot )
{
const psa_key_slot_t *slot) {
return (*((psa_key_slot_number_t *)(slot->key.data)));
}
#endif

155
common/mbedtls/psa_crypto_driver_wrappers.c
View file

@ -61,18 +61,15 @@ psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
if (drv->asymmetric == NULL ||
drv->asymmetric->p_sign == NULL )
{
drv->asymmetric->p_sign == NULL) {
/* Key is defined in SE, but we have no way to exercise it */
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -87,8 +84,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -145,18 +141,15 @@ psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
if (drv->asymmetric == NULL ||
drv->asymmetric->p_verify == NULL )
{
drv->asymmetric->p_verify == NULL) {
/* Key is defined in SE, but we have no way to exercise it */
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -171,8 +164,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -239,44 +231,35 @@ psa_status_t psa_driver_wrapper_verify_hash(
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size )
{
size_t *key_buffer_size) {
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
psa_key_type_t key_type = attributes->core.type;
size_t key_bits = attributes->core.bits;
*key_buffer_size = 0;
switch( location )
{
switch (location) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
*key_buffer_size = test_size_function(key_type, key_bits);
return (PSA_SUCCESS);
#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
{
if (PSA_KEY_TYPE_IS_KEY_PAIR(key_type)) {
int public_key_overhead =
((TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1) ?
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) : 0);
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
+ public_key_overhead;
}
else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
{
} else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
}
else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
!PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
{
} else if (!PSA_KEY_TYPE_IS_KEY_PAIR(key_type) &&
!PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
* ((key_bits + 7) / 8);
}
else
{
} else {
return (PSA_ERROR_NOT_SUPPORTED);
}
return (PSA_SUCCESS);
@ -292,8 +275,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
@ -303,12 +285,10 @@ psa_status_t psa_driver_wrapper_generate_key(
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
size_t pubkey_length = 0; /* We don't support this feature yet */
if (drv->key_management == NULL ||
drv->key_management->p_generate == NULL )
{
drv->key_management->p_generate == NULL) {
/* Key is defined as being in SE, but we have no way to generate it */
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -319,13 +299,11 @@ psa_status_t psa_driver_wrapper_generate_key(
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys */
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type)) {
/* Cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_generate_key(
@ -369,8 +347,7 @@ psa_status_t psa_driver_wrapper_import_key(
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits )
{
size_t *bits) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime(attributes));
@ -380,8 +357,7 @@ psa_status_t psa_driver_wrapper_import_key(
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
if (drv->key_management == NULL ||
drv->key_management->p_import == NULL)
return (PSA_ERROR_NOT_SUPPORTED);
@ -404,8 +380,7 @@ psa_status_t psa_driver_wrapper_import_key(
}
#endif /* PSA_CRYPTO_SE_C */
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -450,11 +425,9 @@ psa_status_t psa_driver_wrapper_export_key(
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
if ((drv->key_management == NULL) ||
( drv->key_management->p_export == NULL ) )
{
(drv->key_management->p_export == NULL)) {
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -465,8 +438,7 @@ psa_status_t psa_driver_wrapper_export_key(
}
#endif /* PSA_CRYPTO_SE_C */
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
return (psa_export_key_internal(attributes,
key_buffer,
@ -508,11 +480,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
if ((drv->key_management == NULL) ||
( drv->key_management->p_export_public == NULL ) )
{
(drv->key_management->p_export_public == NULL)) {
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -523,8 +493,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -577,8 +546,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
size_t *output_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
@ -586,8 +554,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
.core = slot->attr
};
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -644,8 +611,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
size_t *output_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
@ -653,8 +619,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
.core = slot->attr
};
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -707,8 +672,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_operation_driver_context_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg )
{
psa_algorithm_t alg) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
@ -716,8 +680,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
.core = slot->attr
};
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -734,8 +697,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
/* Declared with fallback == true */
if (status == PSA_SUCCESS)
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
else
{
else {
mbedtls_platform_zeroize(
operation->ctx,
sizeof(test_transparent_cipher_operation_t));
@ -761,8 +723,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
alg);
if (status == PSA_SUCCESS)
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
else
{
else {
mbedtls_platform_zeroize(
operation->ctx,
sizeof(test_opaque_cipher_operation_t));
@ -788,8 +749,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_operation_driver_context_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg )
{
psa_algorithm_t alg) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
@ -797,8 +757,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
.core = slot->attr
};
switch( location )
{
switch (location) {
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
@ -815,8 +774,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
/* Declared with fallback == true */
if (status == PSA_SUCCESS)
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
else
{
else {
mbedtls_platform_zeroize(
operation->ctx,
sizeof(test_transparent_cipher_operation_t));
@ -842,8 +800,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
alg);
if (status == PSA_SUCCESS)
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
else
{
else {
mbedtls_platform_zeroize(
operation->ctx,
sizeof(test_opaque_cipher_operation_t));
@ -870,11 +827,9 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
psa_operation_driver_context_t *operation,
uint8_t *iv,
size_t iv_size,
size_t *iv_length )
{
size_t *iv_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
switch( operation->id )
{
switch (operation->id) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return (test_transparent_cipher_generate_iv(operation->ctx,
@ -906,11 +861,9 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_operation_driver_context_t *operation,
const uint8_t *iv,
size_t iv_length )
{
size_t iv_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
switch( operation->id )
{
switch (operation->id) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return (test_transparent_cipher_set_iv(operation->ctx,
@ -942,11 +895,9 @@ psa_status_t psa_driver_wrapper_cipher_update(
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
size_t *output_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
switch( operation->id )
{
switch (operation->id) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return (test_transparent_cipher_update(operation->ctx,
@ -985,11 +936,9 @@ psa_status_t psa_driver_wrapper_cipher_finish(
psa_operation_driver_context_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
size_t *output_length) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
switch( operation->id )
{
switch (operation->id) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return (test_transparent_cipher_finish(operation->ctx,
@ -1019,8 +968,7 @@ psa_status_t psa_driver_wrapper_cipher_finish(
}
psa_status_t psa_driver_wrapper_cipher_abort(
psa_operation_driver_context_t *operation )
{
psa_operation_driver_context_t *operation) {
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
@ -1029,8 +977,7 @@ psa_status_t psa_driver_wrapper_cipher_abort(
if (operation->ctx == NULL && operation->id == 0)
return (PSA_SUCCESS);
switch( operation->id )
{
switch (operation->id) {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = test_transparent_cipher_abort(operation->ctx);

103
common/mbedtls/psa_crypto_ecp.c
View file

@ -73,8 +73,7 @@
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
mbedtls_ecp_keypair **p_ecp )
{
mbedtls_ecp_keypair **p_ecp) {
mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
psa_status_t status;
mbedtls_ecp_keypair *ecp = NULL;
@ -82,8 +81,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
int explicit_bits = (curve_bits != 0);
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY )
{
PSA_KEY_TYPE_ECC_GET_FAMILY(type) != PSA_ECC_FAMILY_MONTGOMERY) {
/* A Weierstrass public key is represented as:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
@ -101,14 +99,11 @@ psa_status_t mbedtls_psa_ecp_load_representation(
* format, meaning their curve_bytes is equal to the amount of input. */
}
if( explicit_bits )
{
if (explicit_bits) {
/* With an explicit bit-size, the data must have the matching length. */
if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits))
return (PSA_ERROR_INVALID_ARGUMENT);
}
else
{
} else {
/* We need to infer the bit-size from the data. Since the only
* information we have is the length in bytes, the value of curve_bits
* at this stage is rounded up to the nearest multiple of 8. */
@ -124,8 +119,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
/* Load the group. */
grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
curve_bits, !explicit_bits);
if( grp_id == MBEDTLS_ECP_DP_NONE )
{
if (grp_id == MBEDTLS_ECP_DP_NONE) {
/* We can't distinguish between a nonsensical family/size combination
* (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
* well-regarded curve that Mbed TLS just doesn't know about (which
@ -142,8 +136,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
goto exit;
/* Load the key material. */
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
{
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
/* Load the public value. */
status = mbedtls_to_psa_error(
mbedtls_ecp_point_read_binary(&ecp->grp, &ecp->Q,
@ -157,9 +150,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
mbedtls_ecp_check_pubkey(&ecp->grp, &ecp->Q));
if (status != PSA_SUCCESS)
goto exit;
}
else
{
} else {
/* Load and validate the secret value. */
status = mbedtls_to_psa_error(
mbedtls_ecp_read_key(ecp->grp.id,
@ -172,8 +163,7 @@ psa_status_t mbedtls_psa_ecp_load_representation(
*p_ecp = ecp;
exit:
if( status != PSA_SUCCESS )
{
if (status != PSA_SUCCESS) {
mbedtls_ecp_keypair_free(ecp);
mbedtls_free(ecp);
}
@ -193,8 +183,7 @@ static psa_status_t ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
psa_status_t status;
mbedtls_ecp_keypair *ecp = NULL;
@ -233,15 +222,12 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
mbedtls_ecp_keypair *ecp,
uint8_t *data,
size_t data_size,
size_t *data_length )
{
size_t *data_length) {
psa_status_t status;
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
{
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
/* Check whether the public part is loaded */
if( mbedtls_ecp_is_zero( &ecp->Q ) )
{
if (mbedtls_ecp_is_zero(&ecp->Q)) {
/* Calculate the public key */
status = mbedtls_to_psa_error(
mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
@ -261,9 +247,7 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
memset(data, 0, data_size);
return (status);
}
else
{
} else {
if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits))
return (PSA_ERROR_BUFFER_TOO_SMALL);
@ -283,8 +267,7 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
static psa_status_t ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
@ -310,8 +293,7 @@ static psa_status_t ecp_export_public_key(
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
static psa_status_t ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -334,8 +316,7 @@ static psa_status_t ecp_generate_key(
ret = mbedtls_ecp_gen_key(grp_id, &ecp,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE);
if( ret != 0 )
{
if (ret != 0) {
mbedtls_ecp_keypair_free(&ecp);
return (mbedtls_to_psa_error(ret));
}
@ -362,8 +343,7 @@ static psa_status_t ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -382,14 +362,12 @@ static psa_status_t ecdsa_sign_hash(
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
if( signature_size < 2 * curve_bytes )
{
if (signature_size < 2 * curve_bytes) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
{
if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) {
#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg);
@ -404,9 +382,7 @@ static psa_status_t ecdsa_sign_hash(
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
}
else
{
} else {
(void) alg;
MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ecp->grp, &r, &s, &ecp->d,
hash, hash_length,
@ -436,8 +412,7 @@ static psa_status_t ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -458,8 +433,7 @@ static psa_status_t ecdsa_verify_hash(
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
if( signature_length != 2 * curve_bytes )
{
if (signature_length != 2 * curve_bytes) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -472,8 +446,7 @@ static psa_status_t ecdsa_verify_hash(
curve_bytes));
/* Check whether the public part is loaded. If not, load it. */
if( mbedtls_ecp_is_zero( &ecp->Q ) )
{
if (mbedtls_ecp_is_zero(&ecp->Q)) {
MBEDTLS_MPI_CHK(
mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE));
@ -501,8 +474,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
return (ecp_import_key(attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits));
@ -511,8 +483,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
psa_status_t mbedtls_psa_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
return (ecp_export_public_key(attributes, key_buffer, key_buffer_size,
data, data_size, data_length));
}
@ -523,8 +494,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key(
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
return (ecp_generate_key(attributes, key_buffer, key_buffer_size,
key_buffer_length));
}
@ -538,8 +508,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
return (ecdsa_sign_hash(attributes,
key_buffer, key_buffer_size,
@ -551,8 +520,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
return (ecdsa_verify_hash(attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
@ -575,8 +543,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
return (ecp_import_key(attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits));
@ -585,8 +552,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
return (ecp_export_public_key(attributes, key_buffer, key_buffer_size,
data, data_size, data_length));
}
@ -598,8 +564,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
return (ecp_generate_key(attributes, key_buffer, key_buffer_size,
key_buffer_length));
}
@ -613,8 +578,7 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
#if defined(MBEDTLS_ECDSA_C)
return (ecdsa_sign_hash(attributes,
@ -639,8 +603,7 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
#if defined(MBEDTLS_ECDSA_C)
return (ecdsa_verify_hash(attributes,
key_buffer, key_buffer_size,

3
common/mbedtls/psa_crypto_its.h
View file

@ -45,8 +45,7 @@ typedef uint64_t psa_storage_uid_t;
/**
* \brief A container for metadata associated with a specific uid
*/
struct psa_storage_info_t
{
struct psa_storage_info_t {
uint32_t size; /**< The size of the data associated with a uid **/
psa_storage_create_flags_t flags; /**< The flags set when the uid was created **/
};

12
common/mbedtls/psa_crypto_random_impl.h
View file

@ -89,8 +89,7 @@ int mbedtls_psa_get_random( void *p_rng,
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
{
static inline void mbedtls_psa_drbg_init(mbedtls_psa_drbg_context_t *p_rng) {
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
@ -102,8 +101,7 @@ static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
{
static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng) {
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
@ -116,8 +114,7 @@ static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
* The random generator context is composed of an entropy context and
* a DRBG context.
*/
typedef struct
{
typedef struct {
void (* entropy_init)(mbedtls_entropy_context *ctx);
void (* entropy_free)(mbedtls_entropy_context *ctx);
mbedtls_entropy_context entropy;
@ -182,8 +179,7 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
*/
static inline int mbedtls_psa_drbg_seed(
mbedtls_entropy_context *entropy,
const unsigned char *custom, size_t len )
{
const unsigned char *custom, size_t len) {
#if defined(MBEDTLS_CTR_DRBG_C)
return (mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
mbedtls_entropy_func,

118
common/mbedtls/psa_crypto_rsa.c
View file

@ -79,15 +79,13 @@
* way to return the exact bit size of a key.
* To keep things simple, reject non-byte-aligned key sizes. */
static psa_status_t psa_check_rsa_key_byte_aligned(
const mbedtls_rsa_context *rsa )
{
const mbedtls_rsa_context *rsa) {
mbedtls_mpi n;
psa_status_t status;
mbedtls_mpi_init(&n);
status = mbedtls_to_psa_error(
mbedtls_rsa_export(rsa, &n, NULL, NULL, NULL, NULL));
if( status == PSA_SUCCESS )
{
if (status == PSA_SUCCESS) {
if (mbedtls_mpi_bitlen(&n) % 8 != 0)
status = PSA_ERROR_NOT_SUPPORTED;
}
@ -97,8 +95,7 @@ static psa_status_t psa_check_rsa_key_byte_aligned(
psa_status_t mbedtls_psa_rsa_load_representation(
psa_key_type_t type, const uint8_t *data, size_t data_length,
mbedtls_rsa_context **p_rsa )
{
mbedtls_rsa_context **p_rsa) {
psa_status_t status;
mbedtls_pk_context ctx;
size_t bits;
@ -116,8 +113,7 @@ psa_status_t mbedtls_psa_rsa_load_representation(
/* We have something that the pkparse module recognizes. If it is a
* valid RSA key, store it. */
if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
{
if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@ -126,8 +122,7 @@ psa_status_t mbedtls_psa_rsa_load_representation(
* supports non-byte-aligned key sizes, but not well. For example,
* mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx)));
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
{
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
@ -158,8 +153,7 @@ static psa_status_t rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
psa_status_t status;
mbedtls_rsa_context *rsa = NULL;
@ -194,8 +188,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
mbedtls_rsa_context *rsa,
uint8_t *data,
size_t data_size,
size_t *data_length )
{
size_t *data_length) {
#if defined(MBEDTLS_PK_WRITE_C)
int ret;
mbedtls_pk_context pk;
@ -213,8 +206,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
else
ret = mbedtls_pk_write_pubkey(&pos, data, &pk);
if( ret < 0 )
{
if (ret < 0) {
/* Clean up in case pk_write failed halfway through. */
memset(data, 0, data_size);
return (mbedtls_to_psa_error(ret));
@ -223,13 +215,10 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
/* The mbedtls_pk_xxx functions write to the end of the buffer.
* Move the data to the beginning and erase remaining data
* at the original location. */
if( 2 * (size_t) ret <= data_size )
{
if (2 * (size_t) ret <= data_size) {
memcpy(data, data + data_size - ret, ret);
memset(data + data_size - ret, 0, ret);
}
else if( (size_t) ret < data_size )
{
} else if ((size_t) ret < data_size) {
memmove(data, data + data_size - ret, ret);
memset(data + ret, 0, data_size - ret);
}
@ -249,8 +238,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
static psa_status_t rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
@ -276,13 +264,11 @@ static psa_status_t rsa_export_public_key(
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
{
int *exponent) {
size_t i;
uint32_t acc = 0;
if( domain_parameters_size == 0 )
{
if (domain_parameters_size == 0) {
*exponent = 65537;
return (PSA_SUCCESS);
}
@ -302,8 +288,7 @@ static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
static psa_status_t rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
psa_status_t status;
mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -343,8 +328,7 @@ static psa_status_t rsa_generate_key(
* md_alg. Verify that the hash length is acceptable. */
static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg,
size_t hash_length,
mbedtls_md_type_t *md_alg )
{
mbedtls_md_type_t *md_alg) {
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg);
*md_alg = mbedtls_md_get_type(md_info);
@ -361,8 +345,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
/* For PKCS#1 v1.5 signature, if using a hash, the hash length
* must be correct. */
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) &&
alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
{
alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
if (md_info == NULL)
return (PSA_ERROR_NOT_SUPPORTED);
if (mbedtls_md_get_size(md_info) != hash_length)
@ -372,8 +355,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
#if defined(BUILTIN_ALG_RSA_PSS)
/* PSS requires a hash internally. */
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
if (PSA_ALG_IS_RSA_PSS(alg)) {
if (md_info == NULL)
return (PSA_ERROR_NOT_SUPPORTED);
}
@ -386,8 +368,7 @@ static psa_status_t rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -404,15 +385,13 @@ static psa_status_t rsa_sign_hash(
if (status != PSA_SUCCESS)
goto exit;
if( signature_size < mbedtls_rsa_get_len( rsa ) )
{
if (signature_size < mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
MBEDTLS_MD_NONE);
ret = mbedtls_rsa_pkcs1_sign(rsa,
@ -423,12 +402,10 @@ static psa_status_t rsa_sign_hash(
(unsigned int) hash_length,
hash,
signature);
}
else
} else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
if (PSA_ALG_IS_RSA_PSS(alg)) {
mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
ret = mbedtls_rsa_rsassa_pss_sign(rsa,
mbedtls_psa_get_random,
@ -438,8 +415,7 @@ static psa_status_t rsa_sign_hash(
(unsigned int) hash_length,
hash,
signature);
}
else
} else
#endif /* BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
@ -461,8 +437,7 @@ static psa_status_t rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -479,15 +454,13 @@ static psa_status_t rsa_verify_hash(
if (status != PSA_SUCCESS)
goto exit;
if( signature_length != mbedtls_rsa_get_len( rsa ) )
{
if (signature_length != mbedtls_rsa_get_len(rsa)) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
MBEDTLS_MD_NONE);
ret = mbedtls_rsa_pkcs1_verify(rsa,
@ -498,12 +471,10 @@ static psa_status_t rsa_verify_hash(
(unsigned int) hash_length,
hash,
signature);
}
else
} else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
if (PSA_ALG_IS_RSA_PSS(alg)) {
mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
ret = mbedtls_rsa_rsassa_pss_verify(rsa,
mbedtls_psa_get_random,
@ -513,8 +484,7 @@ static psa_status_t rsa_verify_hash(
(unsigned int) hash_length,
hash,
signature);
}
else
} else
#endif /* BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
@ -545,8 +515,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
return (rsa_import_key(attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits));
@ -555,8 +524,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
psa_status_t mbedtls_psa_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
return (rsa_export_public_key(attributes, key_buffer, key_buffer_size,
data, data_size, data_length));
}
@ -567,8 +535,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
return (rsa_generate_key(attributes, key_buffer, key_buffer_size,
key_buffer_length));
}
@ -580,8 +547,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
return (rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
@ -593,8 +559,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
return (rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
@ -617,8 +582,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
size_t *key_buffer_length, size_t *bits) {
return (rsa_import_key(attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits));
@ -627,8 +591,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
uint8_t *data, size_t data_size, size_t *data_length) {
return (rsa_export_public_key(attributes, key_buffer, key_buffer_size,
data, data_size, data_length));
}
@ -639,8 +602,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) {
return (rsa_generate_key(attributes, key_buffer, key_buffer_size,
key_buffer_length));
}
@ -652,8 +614,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
uint8_t *signature, size_t signature_size, size_t *signature_length) {
#if defined(MBEDTLS_RSA_C) && \
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
return (rsa_sign_hash(
@ -679,8 +640,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
const uint8_t *signature, size_t signature_length) {
#if defined(MBEDTLS_RSA_C) && \
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
return (rsa_verify_hash(

80
common/mbedtls/psa_crypto_se.c
View file

@ -52,19 +52,16 @@
/* This structure is identical to psa_drv_se_context_t declared in
* `crypto_se_driver.h`, except that some parts are writable here
* (non-const, or pointer to non-const). */
typedef struct
{
typedef struct {
void *persistent_data;
size_t persistent_data_size;
uintptr_t transient_data;
} psa_drv_se_internal_context_t;
struct psa_se_drv_table_entry_s
{
struct psa_se_drv_table_entry_s {
psa_key_location_t location;
const psa_drv_se_t *methods;
union
{
union {
psa_drv_se_internal_context_t internal;
psa_drv_se_context_t context;
} u;
@ -73,8 +70,7 @@ struct psa_se_drv_table_entry_s
static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
psa_key_lifetime_t lifetime )
{
psa_key_lifetime_t lifetime) {
size_t i;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
/* In the driver table, location=0 means an entry that isn't used.
@ -83,8 +79,7 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry(
* a driver entry for location 0. */
if (location == 0)
return (NULL);
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
if (driver_table[i].location == location)
return (&driver_table[i]);
}
@ -92,21 +87,18 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry(
}
const psa_drv_se_t *psa_get_se_driver_methods(
const psa_se_drv_table_entry_t *driver )
{
const psa_se_drv_table_entry_t *driver) {
return (driver->methods);
}
psa_drv_se_context_t *psa_get_se_driver_context(
psa_se_drv_table_entry_t *driver )
{
psa_se_drv_table_entry_t *driver) {
return (&driver->u.context);
}
int psa_get_se_driver(psa_key_lifetime_t lifetime,
const psa_drv_se_t **p_methods,
psa_drv_se_context_t **p_drv_context)
{
psa_drv_se_context_t **p_drv_context) {
psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
if (p_methods != NULL)
*p_methods = (driver ? driver->methods : NULL);
@ -123,8 +115,7 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime,
static psa_status_t psa_get_se_driver_its_file_uid(
const psa_se_drv_table_entry_t *driver,
psa_storage_uid_t *uid )
{
psa_storage_uid_t *uid) {
if (driver->location > PSA_MAX_SE_LOCATION)
return (PSA_ERROR_NOT_SUPPORTED);
@ -140,8 +131,7 @@ static psa_status_t psa_get_se_driver_its_file_uid(
}
psa_status_t psa_load_se_persistent_data(
const psa_se_drv_table_entry_t *driver )
{
const psa_se_drv_table_entry_t *driver) {
psa_status_t status;
psa_storage_uid_t uid;
size_t length;
@ -164,8 +154,7 @@ psa_status_t psa_load_se_persistent_data(
}
psa_status_t psa_save_se_persistent_data(
const psa_se_drv_table_entry_t *driver )
{
const psa_se_drv_table_entry_t *driver) {
psa_status_t status;
psa_storage_uid_t uid;
@ -182,8 +171,7 @@ psa_status_t psa_save_se_persistent_data(
0));
}
psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
{
psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location) {
psa_storage_uid_t uid;
if (location > PSA_MAX_SE_LOCATION)
return (PSA_ERROR_NOT_SUPPORTED);
@ -195,8 +183,7 @@ psa_status_t psa_find_se_slot_for_key(
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t *slot_number )
{
psa_key_slot_number_t *slot_number) {
psa_status_t status;
psa_key_location_t key_location =
PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
@ -209,8 +196,7 @@ psa_status_t psa_find_se_slot_for_key(
if (driver->methods->key_management == NULL)
return (PSA_ERROR_NOT_SUPPORTED);
if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS )
{
if (psa_get_key_slot_number(attributes, slot_number) == PSA_SUCCESS) {
/* The application wants to use a specific slot. Allow it if
* the driver supports it. On a system with isolation,
* the crypto service must check that the application is
@ -223,15 +209,11 @@ psa_status_t psa_find_se_slot_for_key(
driver->u.internal.persistent_data,
attributes, method,
*slot_number);
}
else if( method == PSA_KEY_CREATION_REGISTER )
{
} else if (method == PSA_KEY_CREATION_REGISTER) {
/* The application didn't specify a slot number. This doesn't
* make sense when registering a slot. */
return (PSA_ERROR_INVALID_ARGUMENT);
}
else
{
} else {
/* The application didn't tell us which slot to use. Let the driver
* choose. This is the normal case. */
psa_drv_se_allocate_key_t p_allocate =
@ -247,8 +229,7 @@ psa_status_t psa_find_se_slot_for_key(
}
psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t slot_number )
{
psa_key_slot_number_t slot_number) {
psa_status_t status;
psa_status_t storage_status;
/* Normally a missing method would mean that the action is not
@ -270,17 +251,14 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
return (status == PSA_SUCCESS ? storage_status : status);
}
psa_status_t psa_init_all_se_drivers( void )
{
psa_status_t psa_init_all_se_drivers(void) {
size_t i;
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
psa_se_drv_table_entry_t *driver = &driver_table[i];
if (driver->location == 0)
continue; /* skipping unused entry */
const psa_drv_se_t *methods = psa_get_se_driver_methods(driver);
if( methods->p_init != NULL )
{
if (methods->p_init != NULL) {
psa_status_t status = methods->p_init(
&driver->u.context,
driver->u.internal.persistent_data,
@ -303,8 +281,7 @@ psa_status_t psa_init_all_se_drivers( void )
psa_status_t psa_register_se_driver(
psa_key_location_t location,
const psa_drv_se_t *methods)
{
const psa_drv_se_t *methods) {
size_t i;
psa_status_t status;
@ -321,8 +298,7 @@ psa_status_t psa_register_se_driver(
if (location > PSA_MAX_SE_LOCATION)
return (PSA_ERROR_NOT_SUPPORTED);
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
if (driver_table[i].location == 0)
break;
/* Check that location isn't already in use up to the first free
@ -339,12 +315,10 @@ psa_status_t psa_register_se_driver(
driver_table[i].u.internal.persistent_data_size =
methods->persistent_data_size;
if( methods->persistent_data_size != 0 )
{
if (methods->persistent_data_size != 0) {
driver_table[i].u.internal.persistent_data =
mbedtls_calloc(1, methods->persistent_data_size);
if( driver_table[i].u.internal.persistent_data == NULL )
{
if (driver_table[i].u.internal.persistent_data == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
}
@ -363,11 +337,9 @@ error:
return (status);
}
void psa_unregister_all_se_drivers( void )
{
void psa_unregister_all_se_drivers(void) {
size_t i;
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
if (driver_table[i].u.internal.persistent_data != NULL)
mbedtls_free(driver_table[i].u.internal.persistent_data);
}

Some files were not shown because too many files have changed in this diff Show more