Merge tag 'mbedtls-2.16.0' into all_sh-2.14
Merge the work on all.sh that was done on mbedtls-2.14.0 with the changes from mbedtls-2.14.0 to mbedtls-2.16.0. There is a merge conflict in test/scripts/all.sh, which is the only file that was modified in the all.sh work branch. I resolved it by taking the copy from the all.sh branch and applying the changes between mbedtls-2.14.0 and mbedtls-2.16.0. These changes consisted of two commits: * "Add tests to all.sh for CHECK_PARAMS edge cases": adds two test components which are reproduced here as test_check_params_without_platform and component_test_check_params_silent. * "tests: Backup config.h before modifying it": moot because the component framework introduced in the all.sh branch backs up config.h systematically.
This commit is contained in:
commit
b28636b865
181 changed files with 10527 additions and 2455 deletions
|
@ -4,6 +4,13 @@ compiler:
|
|||
- gcc
|
||||
sudo: false
|
||||
cache: ccache
|
||||
|
||||
# blocklist
|
||||
branches:
|
||||
except:
|
||||
- development-psa
|
||||
- coverity_scan
|
||||
|
||||
script:
|
||||
- tests/scripts/recursion.pl library/*.c
|
||||
- tests/scripts/check-generated-files.sh
|
||||
|
@ -34,7 +41,7 @@ addons:
|
|||
coverity_scan:
|
||||
project:
|
||||
name: "ARMmbed/mbedtls"
|
||||
notification_email: p.j.bakker@polarssl.org
|
||||
notification_email: simon.butcher@arm.com
|
||||
build_command_prepend:
|
||||
build_command: make
|
||||
branch_pattern: coverity_scan
|
||||
|
|
86
ChangeLog
86
ChangeLog
|
@ -1,5 +1,91 @@
|
|||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.16.0 branch released 2018-12-21
|
||||
|
||||
Features
|
||||
* Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation
|
||||
of parameters in the API. This allows detection of obvious misuses of the
|
||||
API, such as passing NULL pointers. The API of existing functions hasn't
|
||||
changed, but requirements on parameters have been made more explicit in
|
||||
the documentation. See the corresponding API documentation for each
|
||||
function to see for which parameter values it is defined. This feature is
|
||||
disabled by default. See its API documentation in config.h for additional
|
||||
steps you have to take when enabling it.
|
||||
|
||||
API Changes
|
||||
* The following functions in the random generator modules have been
|
||||
deprecated and replaced as shown below. The new functions change
|
||||
the return type from void to int to allow returning error codes when
|
||||
using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
|
||||
primitive. Fixes #1798.
|
||||
mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
|
||||
mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
|
||||
* Extend ECDH interface to enable alternative implementations.
|
||||
* Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for
|
||||
ARIA, CAMELLIA and Blowfish. These error codes will be replaced by
|
||||
the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
|
||||
* Additional parameter validation checks have been added for the following
|
||||
modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH,
|
||||
ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI.
|
||||
Where modules have had parameter validation added, existing parameter
|
||||
checks may have changed. Some modules, such as Chacha20 had existing
|
||||
parameter validation whereas other modules had little. This has now been
|
||||
changed so that the same level of validation is present in all modules, and
|
||||
that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
|
||||
is off. That means that checks which were previously present by default
|
||||
will no longer be.
|
||||
|
||||
New deprecations
|
||||
* Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
|
||||
in favor of functions that can return an error code.
|
||||
|
||||
Bugfix
|
||||
* Fix for Clang, which was reporting a warning for the bignum.c inline
|
||||
assembly for AMD64 targets creating string literals greater than those
|
||||
permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482.
|
||||
* Fix runtime error in `mbedtls_platform_entropy_poll()` when run
|
||||
through qemu user emulation. Reported and fix suggested by randombit
|
||||
in #1212. Fixes #1212.
|
||||
* Fix an unsafe bounds check when restoring an SSL session from a ticket.
|
||||
This could lead to a buffer overflow, but only in case ticket authentication
|
||||
was broken. Reported and fix suggested by Guido Vranken in #659.
|
||||
* Add explicit integer to enumeration type casts to example program
|
||||
programs/pkey/gen_key which previously led to compilation failure
|
||||
on some toolchains. Reported by phoenixmcallister. Fixes #2170.
|
||||
* Fix double initialization of ECC hardware that made some accelerators
|
||||
hang.
|
||||
* Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
|
||||
of check for certificate/key matching. Reported by Attila Molnar, #507.
|
||||
|
||||
= mbed TLS 2.14.1 branch released 2018-11-30
|
||||
|
||||
Security
|
||||
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
|
||||
decryption that could lead to a Bleichenbacher-style padding oracle
|
||||
attack. In TLS, this affects servers that accept ciphersuites based on
|
||||
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||
(EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham
|
||||
(University of Adelaide), Daniel Genkin (University of Michigan),
|
||||
Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
|
||||
(University of Adelaide, Data61). The attack is described in more detail
|
||||
in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608
|
||||
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
|
||||
via branching and memory access patterns. An attacker who could submit
|
||||
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
|
||||
of the decryption and not its result could nonetheless decrypt RSA
|
||||
plaintexts and forge RSA signatures. Other asymmetric algorithms may
|
||||
have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
|
||||
Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
|
||||
* Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
|
||||
modules.
|
||||
|
||||
API Changes
|
||||
* The new functions mbedtls_ctr_drbg_update_ret() and
|
||||
mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update()
|
||||
and mbedtls_hmac_drbg_update() respectively, but the new functions
|
||||
report errors whereas the old functions return void. We recommend that
|
||||
applications use the new functions.
|
||||
|
||||
= mbed TLS 2.14.0 branch released 2018-11-19
|
||||
|
||||
Security
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.14.0 source code documentation
|
||||
* @mainpage mbed TLS v2.16.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.14.0"
|
||||
PROJECT_NAME = "mbed TLS v2.16.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
|
|
@ -121,7 +121,7 @@ typedef struct mbedtls_aes_xts_context
|
|||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES context to initialize.
|
||||
* \param ctx The AES context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
||||
|
||||
|
@ -129,6 +129,8 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
|||
* \brief This function releases and clears the specified AES context.
|
||||
*
|
||||
* \param ctx The AES context to clear.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
* Otherwise, the context must have been at least initialized.
|
||||
*/
|
||||
void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
||||
|
||||
|
@ -139,7 +141,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
|||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES XTS context to initialize.
|
||||
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
|
||||
|
||||
|
@ -147,6 +149,8 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
|
|||
* \brief This function releases and clears the specified AES XTS context.
|
||||
*
|
||||
* \param ctx The AES XTS context to clear.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
* Otherwise, the context must have been at least initialized.
|
||||
*/
|
||||
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
@ -155,7 +159,9 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
|
|||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The encryption key.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
|
@ -171,7 +177,9 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The decryption key.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
|
@ -189,8 +197,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
* sets the encryption key.
|
||||
*
|
||||
* \param ctx The AES XTS context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The encryption key. This is comprised of the XTS key1
|
||||
* concatenated with the XTS key2.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of \p key passed in bits. Valid options are:
|
||||
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
|
||||
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
|
||||
|
@ -207,8 +217,10 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
|||
* sets the decryption key.
|
||||
*
|
||||
* \param ctx The AES XTS context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The decryption key. This is comprised of the XTS key1
|
||||
* concatenated with the XTS key2.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of \p key passed in bits. Valid options are:
|
||||
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
|
||||
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
|
||||
|
@ -234,10 +246,13 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
|||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and at least \c 16 Bytes long.
|
||||
* \param output The buffer where the output data will be written.
|
||||
* It must be writeable and at least \c 16 Bytes long.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -260,8 +275,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the AES block size of 16 Bytes.
|
||||
* \note This function operates on full blocks, that is, the input size
|
||||
* must be a multiple of the AES block size of \c 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
|
@ -272,13 +287,17 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* multiple of the block size (\c 16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
|
@ -306,9 +325,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
|
||||
*
|
||||
* \param ctx The AES XTS context to use for AES XTS operations.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of a data unit in bytes. This can be any
|
||||
* \param length The length of a data unit in Bytes. This can be any
|
||||
* length between 16 bytes and 2^24 bytes inclusive
|
||||
* (between 1 and 2^20 block cipher blocks).
|
||||
* \param data_unit The address of the data unit encoded as an array of 16
|
||||
|
@ -316,15 +336,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
* is typically the index of the block device sector that
|
||||
* contains the data.
|
||||
* \param input The buffer holding the input data (which is an entire
|
||||
* data unit). This function reads \p length bytes from \p
|
||||
* data unit). This function reads \p length Bytes from \p
|
||||
* input.
|
||||
* \param output The buffer holding the output data (which is an entire
|
||||
* data unit). This function writes \p length bytes to \p
|
||||
* data unit). This function writes \p length Bytes to \p
|
||||
* output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
|
||||
* smaller than an AES block in size (16 bytes) or if \p
|
||||
* smaller than an AES block in size (16 Bytes) or if \p
|
||||
* length is larger than 2^20 blocks (16 MiB).
|
||||
*/
|
||||
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
||||
|
@ -360,13 +380,18 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* It must point to a valid \c size_t.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -401,12 +426,16 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT
|
||||
* \param length The length of the input data.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -451,11 +480,16 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
* will compromise security.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* It must point to a valid \c size_t.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -527,15 +561,21 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
|||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* It must point to a valid \c size_t.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* It must be a readable-writeable buffer of \c 16 Bytes.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* It must be a readable-writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -588,7 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
* \brief Deprecated internal AES block encryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
|
||||
* \deprecated Superseded by mbedtls_internal_aes_encrypt()
|
||||
*
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input Plaintext block.
|
||||
|
@ -602,7 +642,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
* \brief Deprecated internal AES block decryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
|
||||
* \deprecated Superseded by mbedtls_internal_aes_decrypt()
|
||||
*
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input Ciphertext block.
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
* \file aesni.h
|
||||
*
|
||||
* \brief AES-NI for hardware AES acceleration on some Intel processors
|
||||
*
|
||||
* \warning These functions are only for internal use by other library
|
||||
* functions; you must not call them directly.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
|
@ -42,7 +45,10 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief AES-NI features detection routine
|
||||
* \brief Internal function to detect the AES-NI feature in CPUs.
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param what The feature to detect
|
||||
* (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
|
||||
|
@ -52,7 +58,10 @@ extern "C" {
|
|||
int mbedtls_aesni_has_support( unsigned int what );
|
||||
|
||||
/**
|
||||
* \brief AES-NI AES-ECB block en(de)cryption
|
||||
* \brief Internal AES-NI AES-ECB block encryption and decryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
|
@ -62,12 +71,15 @@ int mbedtls_aesni_has_support( unsigned int what );
|
|||
* \return 0 on success (cannot fail)
|
||||
*/
|
||||
int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief GCM multiplication: c = a * b in GF(2^128)
|
||||
* \brief Internal GCM multiplication: c = a * b in GF(2^128)
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param c Result
|
||||
* \param a First operand
|
||||
|
@ -77,21 +89,29 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
* elements of GF(2^128) as per the GCM spec.
|
||||
*/
|
||||
void mbedtls_aesni_gcm_mult( unsigned char c[16],
|
||||
const unsigned char a[16],
|
||||
const unsigned char b[16] );
|
||||
const unsigned char a[16],
|
||||
const unsigned char b[16] );
|
||||
|
||||
/**
|
||||
* \brief Compute decryption round keys from encryption round keys
|
||||
* \brief Internal round key inversion. This function computes
|
||||
* decryption round keys from the encryption round keys.
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param invkey Round keys for the equivalent inverse cipher
|
||||
* \param fwdkey Original round keys (for encryption)
|
||||
* \param nr Number of rounds (that is, number of round keys minus one)
|
||||
*/
|
||||
void mbedtls_aesni_inverse_key( unsigned char *invkey,
|
||||
const unsigned char *fwdkey, int nr );
|
||||
const unsigned char *fwdkey,
|
||||
int nr );
|
||||
|
||||
/**
|
||||
* \brief Perform key expansion (for encryption)
|
||||
* \brief Internal key expansion for encryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param rk Destination buffer where the round keys are written
|
||||
* \param key Encryption key
|
||||
|
@ -100,8 +120,8 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey,
|
|||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int mbedtls_aesni_setkey_enc( unsigned char *rk,
|
||||
const unsigned char *key,
|
||||
size_t bits );
|
||||
const unsigned char *key,
|
||||
size_t bits );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -39,6 +39,8 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
|
||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
|
@ -46,8 +48,12 @@
|
|||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
|
||||
*/
|
||||
|
@ -85,14 +91,16 @@ mbedtls_aria_context;
|
|||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The ARIA context to initialize.
|
||||
* \param ctx The ARIA context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aria_init( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ARIA context.
|
||||
*
|
||||
* \param ctx The ARIA context to clear.
|
||||
* \param ctx The ARIA context to clear. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not \c NULL,
|
||||
* it must point to an initialized ARIA context.
|
||||
*/
|
||||
void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
||||
|
||||
|
@ -100,14 +108,16 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
|||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* This must be initialized.
|
||||
* \param key The encryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The size of \p key in Bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
|
@ -117,13 +127,16 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
|||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The decryption key.
|
||||
* This must be initialized.
|
||||
* \param key The decryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
|
@ -142,10 +155,12 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
|||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
|
@ -177,16 +192,21 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
|||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_ARIA_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_ARIA_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* This must be a readable buffer of size 16 Bytes.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
|
@ -221,15 +241,22 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
|||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_ARIA_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_ARIA_DECRYPT for decryption.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* This must not be larger than 15.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* This must be a readable buffer of size 16 Bytes.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
|
@ -299,17 +326,24 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
|||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* \param nc_off The offset in Bytes in the current \p stream_block,
|
||||
* for resuming within the current cipher stream. The
|
||||
* offset pointer should be \c 0 at the start of a
|
||||
* stream. This must not be larger than \c 15 Bytes.
|
||||
* \param nonce_counter The 128-bit nonce and counter. This must point to
|
||||
* a read/write buffer of length \c 16 bytes.
|
||||
* \param stream_block The saved stream block for resuming. This must
|
||||
* point to a read/write buffer of length \c 16 bytes.
|
||||
* This is overwritten by the function.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
|
||||
size_t length,
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -33,6 +33,8 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_BLOWFISH_ENCRYPT 1
|
||||
#define MBEDTLS_BLOWFISH_DECRYPT 0
|
||||
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
|
||||
|
@ -40,14 +42,17 @@
|
|||
#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
|
||||
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -71,40 +76,53 @@ mbedtls_blowfish_context;
|
|||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize Blowfish context
|
||||
* \brief Initialize a Blowfish context.
|
||||
*
|
||||
* \param ctx Blowfish context to be initialized
|
||||
* \param ctx The Blowfish context to be initialized.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear Blowfish context
|
||||
* \brief Clear a Blowfish context.
|
||||
*
|
||||
* \param ctx Blowfish context to be cleared
|
||||
* \param ctx The Blowfish context to be cleared.
|
||||
* This may be \c NULL, in which case this function
|
||||
* returns immediately. If it is not \c NULL, it must
|
||||
* point to an initialized Blowfish context.
|
||||
*/
|
||||
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Blowfish key schedule
|
||||
* \brief Perform a Blowfish key schedule operation.
|
||||
*
|
||||
* \param ctx Blowfish context to be initialized
|
||||
* \param key encryption key
|
||||
* \param keybits must be between 32 and 448 bits
|
||||
* \param ctx The Blowfish context to perform the key schedule on.
|
||||
* \param key The encryption key. This must be a readable buffer of
|
||||
* length \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be between
|
||||
* \c 32 and \c 448 and a multiple of \c 8.
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Blowfish-ECB block encryption/decryption
|
||||
* \brief Perform a Blowfish-ECB block encryption/decryption operation.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
|
||||
* \param input 8-byte input block
|
||||
* \param output 8-byte output block
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param input The input block. This must be a readable buffer
|
||||
* of size \c 8 Bytes.
|
||||
* \param output The output block. This must be a writable buffer
|
||||
* of size \c 8 Bytes.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
|
@ -113,9 +131,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief Blowfish-CBC buffer encryption/decryption
|
||||
* Length should be a multiple of the block
|
||||
* size (8 bytes)
|
||||
* \brief Perform a Blowfish-CBC buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
|
@ -125,15 +141,22 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
|||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes. This must be
|
||||
* multiple of \c 8.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 8 Bytes. It is updated by this function.
|
||||
* \param input The input data. This must be a readable buffer of length
|
||||
* \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of length
|
||||
* \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
|
@ -145,7 +168,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief Blowfish CFB buffer encryption/decryption.
|
||||
* \brief Perform a Blowfish CFB buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
|
@ -155,15 +178,25 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
|||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv_off offset in IV (updated after use)
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv_off The offset in the initialiation vector.
|
||||
* The value pointed to must be smaller than \c 8 Bytes.
|
||||
* It is updated by this function to support the aforementioned
|
||||
* streaming usage.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of size \c 8 Bytes. It is updated after use.
|
||||
* \param input The input data. This must be a readable buffer of length
|
||||
* \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of length
|
||||
* \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
|
@ -176,7 +209,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief Blowfish-CTR buffer encryption/decryption
|
||||
* \brief Perform a Blowfish-CTR buffer encryption/decryption operation.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
|
@ -219,18 +252,24 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
|||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param length The length of the data
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 64-bit nonce and counter.
|
||||
* \param stream_block The saved stream-block for resuming. Is overwritten
|
||||
* by the function.
|
||||
* \param input The input data stream
|
||||
* \param output The output data stream
|
||||
* within current cipher stream). The offset pointer
|
||||
* should be \c 0 at the start of a stream and must be
|
||||
* smaller than \c 8. It is updated by this function.
|
||||
* \param nonce_counter The 64-bit nonce and counter. This must point to a
|
||||
* read/write buffer of length \c 8 Bytes.
|
||||
* \param stream_block The saved stream-block for resuming. This must point to
|
||||
* a read/write buffer of length \c 8 Bytes.
|
||||
* \param input The input data. This must be a readable buffer of
|
||||
* length \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of
|
||||
* length \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
||||
size_t length,
|
||||
|
|
|
@ -170,19 +170,19 @@
|
|||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"xorq %%r8, %%r8 \n\t"
|
||||
"xorq %%r8, %%r8\n"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"movq (%%rsi), %%rax \n\t" \
|
||||
"mulq %%rbx \n\t" \
|
||||
"addq $8, %%rsi \n\t" \
|
||||
"addq %%rcx, %%rax \n\t" \
|
||||
"movq %%r8, %%rcx \n\t" \
|
||||
"adcq $0, %%rdx \n\t" \
|
||||
"nop \n\t" \
|
||||
"addq %%rax, (%%rdi) \n\t" \
|
||||
"adcq %%rdx, %%rcx \n\t" \
|
||||
"addq $8, %%rdi \n\t"
|
||||
"movq (%%rsi), %%rax\n" \
|
||||
"mulq %%rbx\n" \
|
||||
"addq $8, %%rsi\n" \
|
||||
"addq %%rcx, %%rax\n" \
|
||||
"movq %%r8, %%rcx\n" \
|
||||
"adcq $0, %%rdx\n" \
|
||||
"nop \n" \
|
||||
"addq %%rax, (%%rdi)\n" \
|
||||
"adcq %%rdx, %%rcx\n" \
|
||||
"addq $8, %%rdi\n"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
: "+c" (c), "+D" (d), "+S" (s) \
|
||||
|
|
|
@ -33,11 +33,17 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_CAMELLIA_ENCRYPT 1
|
||||
#define MBEDTLS_CAMELLIA_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
|
@ -66,52 +72,68 @@ mbedtls_camellia_context;
|
|||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize CAMELLIA context
|
||||
* \brief Initialize a CAMELLIA context.
|
||||
*
|
||||
* \param ctx CAMELLIA context to be initialized
|
||||
* \param ctx The CAMELLIA context to be initialized.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear CAMELLIA context
|
||||
* \brief Clear a CAMELLIA context.
|
||||
*
|
||||
* \param ctx CAMELLIA context to be cleared
|
||||
* \param ctx The CAMELLIA context to be cleared. This may be \c NULL,
|
||||
* in which case this function returns immediately. If it is not
|
||||
* \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA key schedule (encryption)
|
||||
* \brief Perform a CAMELLIA key schedule operation for encryption.
|
||||
*
|
||||
* \param ctx CAMELLIA context to be initialized
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized.
|
||||
* \param key The encryption key to use. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be either \c 128,
|
||||
* \c 192 or \c 256.
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA key schedule (decryption)
|
||||
* \brief Perform a CAMELLIA key schedule operation for decryption.
|
||||
*
|
||||
* \param ctx CAMELLIA context to be initialized
|
||||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized.
|
||||
* \param key The decryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be either \c 128,
|
||||
* \c 192 or \c 256.
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA-ECB block encryption/decryption
|
||||
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param input The input block. This must be a readable buffer
|
||||
* of size \c 16 Bytes.
|
||||
* \param output The output block. This must be a writable buffer
|
||||
* of size \c 16 Bytes.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
|
@ -120,9 +142,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief CAMELLIA-CBC buffer encryption/decryption
|
||||
* Length should be a multiple of the block
|
||||
* size (16 bytes)
|
||||
* \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
|
@ -132,15 +152,22 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param length The length in Bytes of the input data \p input.
|
||||
* This must be a multiple of \c 16 Bytes.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 16 Bytes. It is updated to allow streaming
|
||||
* use as explained above.
|
||||
* \param input The buffer holding the input data. This must point to a
|
||||
* readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must point to a
|
||||
* writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
|
@ -152,11 +179,14 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief CAMELLIA-CFB128 buffer encryption/decryption
|
||||
* \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption
|
||||
* operation.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
|
||||
* \note Due to the nature of CFB mode, you should use the same
|
||||
* key for both encryption and decryption. In particular, calls
|
||||
* to this function should be preceded by a key-schedule via
|
||||
* mbedtls_camellia_setkey_enc() regardless of whether \p mode
|
||||
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
|
@ -166,16 +196,24 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
|||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv_off offset in IV (updated after use)
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param length The length of the input data \p input. Any value is allowed.
|
||||
* \param iv_off The current offset in the IV. This must be smaller
|
||||
* than \c 16 Bytes. It is updated after this call to allow
|
||||
* the aforementioned streaming usage.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 16 Bytes. It is updated after this call to
|
||||
* allow the aforementioned streaming usage.
|
||||
* \param input The buffer holding the input data. This must be a readable
|
||||
* buffer of size \p length Bytes.
|
||||
* \param output The buffer to hold the output data. This must be a writable
|
||||
* buffer of length \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
|
@ -188,11 +226,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief CAMELLIA-CTR buffer encryption/decryption
|
||||
* \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation.
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* *note Due to the nature of CTR mode, you should use the same
|
||||
* key for both encryption and decryption. In particular, calls
|
||||
* to this function should be preceded by a key-schedule via
|
||||
* mbedtls_camellia_setkey_enc() regardless of whether \p mode
|
||||
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
|
@ -215,41 +255,49 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
|||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
* For example, you might reserve the first \c 12 Bytes for the
|
||||
* per-message nonce, and the last \c 4 Bytes for internal use.
|
||||
* In that case, before calling this function on a new message you
|
||||
* need to set the first \c 12 Bytes of \p nonce_counter to your
|
||||
* chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
|
||||
* (which will cause \p stream_block to be ignored). That way, you
|
||||
* can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
|
||||
* each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
* it) needs to be communicated with the ciphertext and must be
|
||||
* unique. The recommended way to ensure uniqueness is to use a
|
||||
* message counter. An alternative is to generate random nonces,
|
||||
* but this limits the number of messages that can be securely
|
||||
* encrypted: for example, with 96-bit random nonces, you should
|
||||
* not encrypt more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a CAMELLIA block is 16 bytes.
|
||||
* that a CAMELLIA block is \c 16 Bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* Any value is allowed.
|
||||
* \param nc_off The offset in the current \p stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream-block for resuming. Is overwritten
|
||||
* by the function.
|
||||
* \param input The input data stream
|
||||
* \param output The output data stream
|
||||
* should be \c 0 at the start of a stream. It is updated
|
||||
* at the end of this call.
|
||||
* \param nonce_counter The 128-bit nonce and counter. This must be a read/write
|
||||
* buffer of length \c 16 Bytes.
|
||||
* \param stream_block The saved stream-block for resuming. This must be a
|
||||
* read/write buffer of length \c 16 Bytes.
|
||||
* \param input The input data stream. This must be a readable buffer of
|
||||
* size \p length Bytes.
|
||||
* \param output The output data stream. This must be a writable buffer
|
||||
* of size \p length Bytes.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
|
||||
size_t length,
|
||||
|
|
|
@ -57,7 +57,6 @@
|
|||
/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -85,7 +84,7 @@ mbedtls_ccm_context;
|
|||
* to make references valid, and prepare the context
|
||||
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
|
||||
*
|
||||
* \param ctx The CCM context to initialize.
|
||||
* \param ctx The CCM context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
||||
|
||||
|
@ -93,9 +92,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
|||
* \brief This function initializes the CCM context set in the
|
||||
* \p ctx parameter and sets the encryption key.
|
||||
*
|
||||
* \param ctx The CCM context to initialize.
|
||||
* \param ctx The CCM context to initialize. This must be an initialized
|
||||
* context.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param key The encryption key. This must not be \c NULL.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -110,7 +110,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
* \brief This function releases and clears the specified CCM context
|
||||
* and underlying cipher sub-context.
|
||||
*
|
||||
* \param ctx The CCM context to clear.
|
||||
* \param ctx The CCM context to clear. If this is \c NULL, the function
|
||||
* has no effect. Otherwise, this must be initialized.
|
||||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
||||
|
||||
|
@ -123,19 +124,27 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param ctx The CCM context to use for encryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field.
|
||||
* \param add The additional data field. If \p add_len is greater than
|
||||
* zero, \p add must be a readable buffer of at least that
|
||||
* length.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the authentication field.
|
||||
* This must be less than `2^16 - 2^8`.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
|
@ -161,23 +170,30 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* the tag length has to be encoded into the \p iv passed to
|
||||
* this function.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param ctx The CCM context to use for encryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field.
|
||||
* \param add The additional data field. This must be a readable buffer of
|
||||
* at least \p add_len Bytes.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the authentication field.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 0, 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \warning Passing 0 as \p tag_len means that the message is no
|
||||
* \warning Passing \c 0 as \p tag_len means that the message is no
|
||||
* longer authenticated.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -193,20 +209,27 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \brief This function performs a CCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \param ctx The CCM context to use for decryption.
|
||||
* \param ctx The CCM context to use for decryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field.
|
||||
* \param add The additional data field. This must be a readable buffer
|
||||
* of at least that \p add_len Bytes..
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the authentication field.
|
||||
* \param tag_len The length of the authentication field in Bytes.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return \c 0 on success. This indicates that the message is authentic.
|
||||
|
@ -228,23 +251,30 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
* this function as \p tag_len. (\p tag needs to be adjusted
|
||||
* accordingly.)
|
||||
*
|
||||
* \param ctx The CCM context to use for decryption.
|
||||
* \param ctx The CCM context to use for decryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field.
|
||||
* \param add The additional data field. This must be a readable buffer of
|
||||
* at least that \p add_len Bytes.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the authentication field.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field in Bytes.
|
||||
* 0, 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \warning Passing 0 as \p tag_len means that the message is no
|
||||
* \warning Passing \c 0 as \p tag_len means that the message is nos
|
||||
* longer authenticated.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
|
|
@ -83,13 +83,18 @@ mbedtls_chacha20_context;
|
|||
* \c mbedtls_chacha20_free().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ChaCha20 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20 context.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to clear. This may be \c NULL,
|
||||
* in which case this function is a no-op. If it is not
|
||||
* \c NULL, it must point to an initialized context.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to clear.
|
||||
*/
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
|
||||
|
||||
|
@ -102,7 +107,9 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
|
|||
* \c mbedtls_chacha_update().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the key should be bound.
|
||||
* \param key The encryption/decryption key. Must be 32 bytes in length.
|
||||
* It must be initialized.
|
||||
* \param key The encryption/decryption key. This must be \c 32 Bytes
|
||||
* in length.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
|
||||
|
@ -121,8 +128,9 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
|||
* messages encrypted with the same nonce and key.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the nonce should be bound.
|
||||
* \param nonce The nonce. Must be 12 bytes in size.
|
||||
* \param counter The initial counter value. This is usually 0.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
|
||||
|
@ -150,16 +158,16 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||
* key and nonce.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to use for encryption or decryption.
|
||||
* \param size The length of the input data in bytes.
|
||||
* It must be initialized and bound to a key and nonce.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be able to hold \p size bytes.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
|
||||
* output pointers are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
||||
size_t size,
|
||||
|
@ -180,19 +188,19 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||
* \note The \p input and \p output pointers must either be equal or
|
||||
* point to non-overlapping buffers.
|
||||
*
|
||||
* \param key The encryption/decryption key. Must be 32 bytes in length.
|
||||
* \param nonce The nonce. Must be 12 bytes in size.
|
||||
* \param counter The initial counter value. This is usually 0.
|
||||
* \param size The length of the input data in bytes.
|
||||
* \param key The encryption/decryption key.
|
||||
* This must be \c 32 Bytes in length.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be able to hold \p size bytes.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
|
||||
* or output is NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_crypt( const unsigned char key[32],
|
||||
const unsigned char nonce[12],
|
||||
|
|
|
@ -115,27 +115,29 @@ mbedtls_chachapoly_context;
|
|||
* all previous outputs of \c mbedtls_chachapoly_update(),
|
||||
* otherwise you can now safely use the plaintext.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to initialize.
|
||||
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ChaCha20-Poly1305 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20-Poly1305 context.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to clear.
|
||||
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op.
|
||||
*/
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the ChaCha20-Poly1305 symmetric encryption key.
|
||||
* \brief This function sets the ChaCha20-Poly1305
|
||||
* symmetric encryption key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to which the key should be
|
||||
* bound.
|
||||
* \param key The 256-bit (32 bytes) key.
|
||||
* bound. This must be initialized.
|
||||
* \param key The \c 256 Bit (\c 32 Bytes) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p key are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
@ -155,14 +157,15 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context.
|
||||
* \param nonce The nonce/IV to use for the message. Must be 12 bytes.
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param nonce The nonce/IV to use for the message.
|
||||
* This must be a redable buffer of length \c 12 Bytes.
|
||||
* \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
|
||||
* #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char nonce[12],
|
||||
|
@ -193,11 +196,12 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param aad_len The length (in bytes) of the AAD. The length has no
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param aad_len The length in Bytes of the AAD. The length has no
|
||||
* restrictions.
|
||||
* \param aad Buffer containing the AAD.
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
|
@ -227,20 +231,19 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param len The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be NULL if len == 0.
|
||||
* \param output The buffer to where the encrypted or decrypted data is written.
|
||||
* Must be able to hold \p len bytes.
|
||||
* This pointer can be NULL if len == 0.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data is
|
||||
* written. This must be able to hold \p len bytes.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx, \p input, or \p output are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
||||
size_t len,
|
||||
|
@ -251,18 +254,17 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
|||
* \brief This function finished the ChaCha20-Poly1305 operation and
|
||||
* generates the MAC (authentication tag).
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param mac The buffer to where the 128-bit (16 bytes) MAC is written.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p mac are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
@ -280,20 +282,21 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
|||
* and key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* This must be initialized.
|
||||
* \param length The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated data (AAD).
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* \param aad The buffer containing the additional authenticated
|
||||
* data (AAD). This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param output The buffer to where the encrypted or decrypted data is written.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data
|
||||
* is written. This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param tag The buffer to where the computed 128-bit (16 bytes) MAC
|
||||
* is written. This must not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if one or more of the required parameters are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
|
@ -312,22 +315,22 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
|||
* \c mbedtls_chachapoly_setkey().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* \param length The length (in bytes) of the data to decrypt.
|
||||
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
|
||||
* \param length The length (in Bytes) of the data to decrypt.
|
||||
* \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated data (AAD).
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param tag The buffer holding the authentication tag.
|
||||
* This must be a readable buffer of length \c 16 Bytes.
|
||||
* \param input The buffer containing the data to decrypt.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the decrypted data is written.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if one or more of the required parameters are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
|
||||
* if the data was not authentic.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
|
|
|
@ -114,6 +114,7 @@
|
|||
defined(MBEDTLS_ECDSA_SIGN_ALT) || \
|
||||
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
|
||||
defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
|
||||
defined(MBEDTLS_ECP_INTERNAL_ALT) || \
|
||||
defined(MBEDTLS_ECP_ALT) )
|
||||
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
|
||||
#endif
|
||||
|
@ -137,6 +138,10 @@
|
|||
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
|
||||
!defined(MBEDTLS_SHA256_C))
|
||||
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#define MBEDTLS_CIPHER_MODE_AEAD
|
||||
|
@ -336,11 +337,12 @@ const int *mbedtls_cipher_list( void );
|
|||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher name.
|
||||
*
|
||||
* \param cipher_name Name of the cipher to search for.
|
||||
* \param cipher_name Name of the cipher to search for. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_name.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
|
@ -352,7 +354,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
|
|||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_type.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
|
@ -368,7 +370,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
|
|||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_id.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
|
@ -376,6 +378,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
|
|||
|
||||
/**
|
||||
* \brief This function initializes a \p cipher_context as NONE.
|
||||
*
|
||||
* \param ctx The context to be initialized. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
@ -383,6 +387,10 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
|
|||
* \brief This function frees and clears the cipher-specific
|
||||
* context of \p ctx. Freeing \p ctx itself remains the
|
||||
* responsibility of the caller.
|
||||
*
|
||||
* \param ctx The context to be freed. If this is \c NULL, the
|
||||
* function has no effect, otherwise this must point to an
|
||||
* initialized context.
|
||||
*/
|
||||
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
@ -392,7 +400,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
|||
* structure with the appropriate values. It also clears
|
||||
* the structure.
|
||||
*
|
||||
* \param ctx The context to initialize. May not be NULL.
|
||||
* \param ctx The context to initialize. This must be initialized.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -405,19 +413,22 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
|||
* In future versions, the caller will be required to call
|
||||
* mbedtls_cipher_init() on the structure first.
|
||||
*/
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
||||
const mbedtls_cipher_info_t *cipher_info );
|
||||
|
||||
/**
|
||||
* \brief This function returns the block size of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The size of the blocks of the cipher.
|
||||
* \return 0 if \p ctx has not been initialized.
|
||||
* \return The block size of the underlying cipher.
|
||||
* \return \c 0 if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
|
||||
static inline unsigned int mbedtls_cipher_get_block_size(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->block_size;
|
||||
|
@ -427,14 +438,16 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c
|
|||
* \brief This function returns the mode of operation for
|
||||
* the cipher. For example, MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The mode of operation.
|
||||
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_MODE_NONE;
|
||||
|
||||
return ctx->cipher_info->mode;
|
||||
|
@ -444,15 +457,17 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl
|
|||
* \brief This function returns the size of the IV or nonce
|
||||
* of the cipher, in Bytes.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The recommended IV size if no IV has been set.
|
||||
* \return \c 0 for ciphers not using an IV or a nonce.
|
||||
* \return The actual size if an IV has been set.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
|
||||
static inline int mbedtls_cipher_get_iv_size(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
if( ctx->iv_size != 0 )
|
||||
|
@ -464,14 +479,17 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct
|
|||
/**
|
||||
* \brief This function returns the type of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The type of the cipher.
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_CIPHER_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_CIPHER_NONE;
|
||||
|
||||
return ctx->cipher_info->type;
|
||||
|
@ -481,14 +499,16 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe
|
|||
* \brief This function returns the name of the given cipher
|
||||
* as a string.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The name of the cipher.
|
||||
* \return NULL if \p ctx has not been not initialized.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
|
||||
static inline const char *mbedtls_cipher_get_name(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->name;
|
||||
|
@ -497,15 +517,18 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_
|
|||
/**
|
||||
* \brief This function returns the key length of the cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The key length of the cipher in bits.
|
||||
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* initialized.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
|
||||
static inline int mbedtls_cipher_get_key_bitlen(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_KEY_LENGTH_NONE;
|
||||
|
||||
return (int) ctx->cipher_info->key_bitlen;
|
||||
|
@ -514,14 +537,17 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t
|
|||
/**
|
||||
* \brief This function returns the operation of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_OPERATION_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_OPERATION_NONE;
|
||||
|
||||
return ctx->operation;
|
||||
|
@ -530,11 +556,11 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
|
|||
/**
|
||||
* \brief This function sets the key to use with the given context.
|
||||
*
|
||||
* \param ctx The generic cipher context. May not be NULL. Must have
|
||||
* been initialized using mbedtls_cipher_info_from_type()
|
||||
* or mbedtls_cipher_info_from_string().
|
||||
* \param key The key to use.
|
||||
* \param key_bitlen The key length to use, in bits.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param key The key to use. This must be a readable buffer of at
|
||||
* least \p key_bitlen Bits.
|
||||
* \param key_bitlen The key length to use, in Bits.
|
||||
* \param operation The operation that the key will be used for:
|
||||
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
*
|
||||
|
@ -543,8 +569,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
|
|||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
int key_bitlen, const mbedtls_operation_t operation );
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key,
|
||||
int key_bitlen,
|
||||
const mbedtls_operation_t operation );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/**
|
||||
|
@ -553,7 +581,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
*
|
||||
* The default passing mode is PKCS7 padding.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param mode The padding mode.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -562,7 +591,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
|
||||
mbedtls_cipher_padding_t mode );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
/**
|
||||
|
@ -572,8 +602,10 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
|
|||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
|
||||
* must be a readable buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
|
@ -582,12 +614,13 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
|
|||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len );
|
||||
const unsigned char *iv,
|
||||
size_t iv_len );
|
||||
|
||||
/**
|
||||
* \brief This function resets the cipher state.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
|
@ -599,11 +632,13 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
|||
/**
|
||||
* \brief This function adds additional data for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* Must be called exactly once, after mbedtls_cipher_reset().
|
||||
* This must be called exactly once, after
|
||||
* mbedtls_cipher_reset().
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ad The additional data to use.
|
||||
* \param ad_len the Length of \p ad.
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param ad The additional data to use. This must be a readable
|
||||
* buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len the Length of \p ad Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
|
@ -627,14 +662,17 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
* mbedtls_cipher_finish(), must have \p ilen as a
|
||||
* multiple of the block size of the cipher.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. Must be able to hold at
|
||||
* least \p ilen + block_size. Must not be the same buffer
|
||||
* as input.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least `ilen + block_size`. This must not be the
|
||||
* same buffer as \p input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
|
@ -652,9 +690,12 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
* contained in it is padded to the size of
|
||||
* the last block, and written to the \p output buffer.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param output The buffer to write data to. Needs block_size available.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param output The buffer to write data to. This needs to be a writable
|
||||
* buffer of at least \p block_size Bytes.
|
||||
* \param olen The length of the data written to the \p output buffer.
|
||||
* This may not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
|
@ -672,10 +713,14 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief This function writes a tag for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
* This must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param tag The buffer to write the tag to.
|
||||
* \param ctx The generic cipher context. This must be initialized,
|
||||
* bound to a key, and have just completed a cipher
|
||||
* operation through mbedtls_cipher_finish() the tag for
|
||||
* which should be written.
|
||||
* \param tag The buffer to write the tag to. This must be a writable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to write.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -687,10 +732,11 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief This function checks the tag for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
* This must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param tag The buffer holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to check.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -704,18 +750,22 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
|||
* \brief The generic all-in-one encryption/decryption function,
|
||||
* for all ciphers except AEAD constructs.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size
|
||||
* IV.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. Must be able to hold at
|
||||
* least \p ilen + block_size. Must not be the same buffer
|
||||
* as input.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least `ilen + block_size`. This must not be the
|
||||
* same buffer as \p input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, use \p iv = NULL and \p iv_len = 0.
|
||||
|
@ -738,19 +788,26 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief The generic autenticated encryption (AEAD) function.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to authenticate.
|
||||
* \param ad The additional data to authenticate. This must be a
|
||||
* readable buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data.
|
||||
* Must be able to hold at least \p ilen.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least \p ilen Bytes.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* \param tag The buffer for the authentication tag.
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
* \param tag The buffer for the authentication tag. This must be a
|
||||
* writable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The desired length of the authentication tag.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -772,19 +829,26 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* and bound to a key.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to be authenticated.
|
||||
* \param ad The additional data to be authenticated. This must be a
|
||||
* readable buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data.
|
||||
* Must be able to hold at least \p ilen.
|
||||
* This must be able to hold at least \p ilen Bytes.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* \param tag The buffer holding the authentication tag.
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
* \param tag The buffer holding the authentication tag. This must be
|
||||
* a readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication tag.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
|
|
@ -256,6 +256,48 @@
|
|||
*/
|
||||
//#define MBEDTLS_DEPRECATED_REMOVED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CHECK_PARAMS
|
||||
*
|
||||
* This configuration option controls whether the library validates more of
|
||||
* the parameters passed to it.
|
||||
*
|
||||
* When this flag is not defined, the library only attempts to validate an
|
||||
* input parameter if: (1) they may come from the outside world (such as the
|
||||
* network, the filesystem, etc.) or (2) not validating them could result in
|
||||
* internal memory errors such as overflowing a buffer controlled by the
|
||||
* library. On the other hand, it doesn't attempt to validate parameters whose
|
||||
* values are fully controlled by the application (such as pointers).
|
||||
*
|
||||
* When this flag is defined, the library additionally attempts to validate
|
||||
* parameters that are fully controlled by the application, and should always
|
||||
* be valid if the application code is fully correct and trusted.
|
||||
*
|
||||
* For example, when a function accepts as input a pointer to a buffer that may
|
||||
* contain untrusted data, and its documentation mentions that this pointer
|
||||
* must not be NULL:
|
||||
* - the pointer is checked to be non-NULL only if this option is enabled
|
||||
* - the content of the buffer is always validated
|
||||
*
|
||||
* When this flag is defined, if a library function receives a parameter that
|
||||
* is invalid, it will:
|
||||
* - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
|
||||
* call to the function mbedtls_param_failed()
|
||||
* - immediately return (with a specific error code unless the function
|
||||
* returns void and can't communicate an error).
|
||||
*
|
||||
* When defining this flag, you also need to:
|
||||
* - either provide a definition of the function mbedtls_param_failed() in
|
||||
* your application (see platform_util.h for its prototype) as the library
|
||||
* calls that function, but does not provide a default definition for it,
|
||||
* - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
|
||||
* below if the above mechanism is not flexible enough to suit your needs.
|
||||
* See the documentation of this macro later in this file.
|
||||
*
|
||||
* Uncomment to enable validation of application-controlled parameters.
|
||||
*/
|
||||
//#define MBEDTLS_CHECK_PARAMS
|
||||
|
||||
/* \} name SECTION: System support */
|
||||
|
||||
/**
|
||||
|
@ -414,11 +456,11 @@
|
|||
* unsigned char mbedtls_internal_ecp_grp_capable(
|
||||
* const mbedtls_ecp_group *grp )
|
||||
* int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
|
||||
* void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
|
||||
* void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
|
||||
* The mbedtls_internal_ecp_grp_capable function should return 1 if the
|
||||
* replacement functions implement arithmetic for the given group and 0
|
||||
* otherwise.
|
||||
* The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
|
||||
* The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
|
||||
* called before and after each point operation and provide an opportunity to
|
||||
* implement optimized set up and tear down instructions.
|
||||
*
|
||||
|
@ -2996,6 +3038,36 @@
|
|||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
|
||||
/**
|
||||
* \brief This macro is invoked by the library when an invalid parameter
|
||||
* is detected that is only checked with MBEDTLS_CHECK_PARAMS
|
||||
* (see the documentation of that option for context).
|
||||
*
|
||||
* When you leave this undefined here, a default definition is
|
||||
* provided that invokes the function mbedtls_param_failed(),
|
||||
* which is declared in platform_util.h for the benefit of the
|
||||
* library, but that you need to define in your application.
|
||||
*
|
||||
* When you define this here, this replaces the default
|
||||
* definition in platform_util.h (which no longer declares the
|
||||
* function mbedtls_param_failed()) and it is your responsibility
|
||||
* to make sure this macro expands to something suitable (in
|
||||
* particular, that all the necessary declarations are visible
|
||||
* from within the library - you can ensure that by providing
|
||||
* them in this file next to the macro definition).
|
||||
*
|
||||
* Note that you may define this macro to expand to nothing, in
|
||||
* which case you don't have to worry about declarations or
|
||||
* definitions. However, you will then be notified about invalid
|
||||
* parameters only in non-void functions, and void function will
|
||||
* just silently return early on invalid parameters, which
|
||||
* partially negates the benefits of enabling
|
||||
* #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
|
||||
*
|
||||
* \param cond The expression that should evaluate to true, but doesn't.
|
||||
*/
|
||||
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
@ -3004,31 +3076,65 @@
|
|||
|
||||
/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
*
|
||||
* Maximum fragment length in bytes.
|
||||
* Maximum length (in bytes) of incoming and outgoing plaintext fragments.
|
||||
*
|
||||
* Determines the size of both the incoming and outgoing TLS I/O buffers.
|
||||
* This determines the size of both the incoming and outgoing TLS I/O buffers
|
||||
* in such a way that both are capable of holding the specified amount of
|
||||
* plaintext data, regardless of the protection mechanism used.
|
||||
*
|
||||
* Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
* will override this length by setting maximum incoming and/or outgoing
|
||||
* fragment length, respectively.
|
||||
* To configure incoming and outgoing I/O buffers separately, use
|
||||
* #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
|
||||
* which overwrite the value set by this option.
|
||||
*
|
||||
* \note When using a value less than the default of 16KB on the client, it is
|
||||
* recommended to use the Maximum Fragment Length (MFL) extension to
|
||||
* inform the server about this limitation. On the server, there
|
||||
* is no supported, standardized way of informing the client about
|
||||
* restriction on the maximum size of incoming messages, and unless
|
||||
* the limitation has been communicated by other means, it is recommended
|
||||
* to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
* while keeping the default value of 16KB for the incoming buffer.
|
||||
*
|
||||
* Uncomment to set the maximum plaintext size of both
|
||||
* incoming and outgoing I/O buffers.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
|
||||
|
||||
/** \def MBEDTLS_SSL_IN_CONTENT_LEN
|
||||
*
|
||||
* Maximum incoming fragment length in bytes.
|
||||
* Maximum length (in bytes) of incoming plaintext fragments.
|
||||
*
|
||||
* Uncomment to set the size of the inward TLS buffer independently of the
|
||||
* outward buffer.
|
||||
* This determines the size of the incoming TLS I/O buffer in such a way
|
||||
* that it is capable of holding the specified amount of plaintext data,
|
||||
* regardless of the protection mechanism used.
|
||||
*
|
||||
* If this option is undefined, it inherits its value from
|
||||
* #MBEDTLS_SSL_MAX_CONTENT_LEN.
|
||||
*
|
||||
* \note When using a value less than the default of 16KB on the client, it is
|
||||
* recommended to use the Maximum Fragment Length (MFL) extension to
|
||||
* inform the server about this limitation. On the server, there
|
||||
* is no supported, standardized way of informing the client about
|
||||
* restriction on the maximum size of incoming messages, and unless
|
||||
* the limitation has been communicated by other means, it is recommended
|
||||
* to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
* while keeping the default value of 16KB for the incoming buffer.
|
||||
*
|
||||
* Uncomment to set the maximum plaintext size of the incoming I/O buffer
|
||||
* independently of the outgoing I/O buffer.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
||||
|
||||
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
*
|
||||
* Maximum outgoing fragment length in bytes.
|
||||
* Maximum length (in bytes) of outgoing plaintext fragments.
|
||||
*
|
||||
* Uncomment to set the size of the outward TLS buffer independently of the
|
||||
* inward buffer.
|
||||
* This determines the size of the outgoing TLS I/O buffer in such a way
|
||||
* that it is capable of holding the specified amount of plaintext data,
|
||||
* regardless of the protection mechanism used.
|
||||
*
|
||||
* If this option undefined, it inherits its value from
|
||||
* #MBEDTLS_SSL_MAX_CONTENT_LEN.
|
||||
*
|
||||
* It is possible to save RAM by setting a smaller outward buffer, while keeping
|
||||
* the default inward 16384 byte buffer to conform to the TLS specification.
|
||||
|
@ -3038,11 +3144,8 @@
|
|||
* The specific size requirement depends on the configured ciphers and any
|
||||
* certificate data which is sent during the handshake.
|
||||
*
|
||||
* For absolute minimum RAM usage, it's best to enable
|
||||
* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
|
||||
* reduces both incoming and outgoing buffer sizes. However this is only
|
||||
* guaranteed if the other end of the connection also supports the TLS
|
||||
* max_fragment_len extension. Otherwise the connection may fail.
|
||||
* Uncomment to set the maximum plaintext size of the outgoing I/O buffer
|
||||
* independently of the incoming I/O buffer.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
|
||||
|
||||
|
|
|
@ -239,18 +239,20 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
|||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \note If \p add_len is greater than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
* \param add_len Length of \p additional in bytes. This must be at
|
||||
* most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
|
||||
* \p add_len is more than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
|
||||
* \return An error from the underlying AES cipher on failure.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief This function updates a CTR_DRBG instance with additional
|
||||
|
@ -290,6 +292,35 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||
unsigned char *output, size_t output_len );
|
||||
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ctr_drbg_update_ret()
|
||||
* in 2.16.0.
|
||||
*
|
||||
* \note If \p add_len is greater than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
|
||||
mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len );
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief This function writes a seed file.
|
||||
|
|
|
@ -65,6 +65,11 @@
|
|||
mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
|
||||
mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DEBUG_C */
|
||||
|
||||
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
|
||||
|
@ -73,6 +78,7 @@
|
|||
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
|
@ -221,6 +227,36 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
const char *text, const mbedtls_x509_crt *crt );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_DEBUG_ECDH_Q,
|
||||
MBEDTLS_DEBUG_ECDH_QP,
|
||||
MBEDTLS_DEBUG_ECDH_Z,
|
||||
} mbedtls_debug_ecdh_attr;
|
||||
|
||||
/**
|
||||
* \brief Print a field of the ECDH structure in the SSL context to the debug
|
||||
* output. This function is always used through the
|
||||
* MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
|
||||
* and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param ecdh the ECDH context
|
||||
* \param attr the identifier of the attribute being output
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const mbedtls_ecdh_context *ecdh,
|
||||
mbedtls_debug_ecdh_attr attr );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -127,9 +127,15 @@ mbedtls_dhm_context;
|
|||
void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function parses the ServerKeyExchange parameters.
|
||||
* \brief This function parses the DHM parameters in a
|
||||
* TLS ServerKeyExchange handshake message
|
||||
* (DHM modulus, generator, and public key).
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \note In a TLS handshake, this is the how the client
|
||||
* sets up its DHM context from the server's public
|
||||
* DHM key material.
|
||||
*
|
||||
* \param ctx The DHM context to use. This must be initialized.
|
||||
* \param p On input, *p must be the start of the input buffer.
|
||||
* On output, *p is updated to point to the end of the data
|
||||
* that has been read. On success, this is the first byte
|
||||
|
@ -143,31 +149,37 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
|
|||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
||||
unsigned char **p,
|
||||
const unsigned char *end );
|
||||
unsigned char **p,
|
||||
const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function sets up and writes the ServerKeyExchange
|
||||
* parameters.
|
||||
* \brief This function generates a DHM key pair and exports its
|
||||
* public part together with the DHM parameters in the format
|
||||
* used in a TLS ServerKeyExchange handshake message.
|
||||
*
|
||||
* \note The destination buffer must be large enough to hold
|
||||
* the reduced binary presentation of the modulus, the generator
|
||||
* and the public key, each wrapped with a 2-byte length field.
|
||||
* It is the responsibility of the caller to ensure that enough
|
||||
* space is available. Refer to \c mbedtls_mpi_size to computing
|
||||
* the byte-size of an MPI.
|
||||
*
|
||||
* \note This function assumes that \c ctx->P and \c ctx->G
|
||||
* have already been properly set. For that, use
|
||||
* \note This function assumes that the DHM parameters \c ctx->P
|
||||
* and \c ctx->G have already been properly set. For that, use
|
||||
* mbedtls_dhm_set_group() below in conjunction with
|
||||
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \note In a TLS handshake, this is the how the server generates
|
||||
* and exports its DHM key material.
|
||||
*
|
||||
* \param ctx The DHM context to use. This must be initialized
|
||||
* and have the DHM parameters set. It may or may not
|
||||
* already have imported the peer's public key.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param olen The number of characters written.
|
||||
* \param output The destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param olen The address at which to store the number of Bytes
|
||||
* written on success. This must not be \c NULL.
|
||||
* \param output The destination buffer. This must be a writable buffer of
|
||||
* sufficient size to hold the reduced binary presentation of
|
||||
* the modulus, the generator and the public key, each wrapped
|
||||
* with a 2-byte length field. It is the responsibility of the
|
||||
* caller to ensure that enough space is available. Refer to
|
||||
* mbedtls_mpi_size() to computing the byte-size of an MPI.
|
||||
* \param f_rng The RNG function. Must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context parameter.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
|
@ -180,12 +192,14 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
/**
|
||||
* \brief This function sets the prime modulus and generator.
|
||||
*
|
||||
* \note This function can be used to set \p P, \p G
|
||||
* \note This function can be used to set \c ctx->P, \c ctx->G
|
||||
* in preparation for mbedtls_dhm_make_params().
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param P The MPI holding the DHM prime modulus.
|
||||
* \param G The MPI holding the DHM generator.
|
||||
* \param ctx The DHM context to configure. This must be initialized.
|
||||
* \param P The MPI holding the DHM prime modulus. This must be
|
||||
* an initialized MPI.
|
||||
* \param G The MPI holding the DHM generator. This must be an
|
||||
* initialized MPI.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
|
@ -195,11 +209,17 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
|||
const mbedtls_mpi *G );
|
||||
|
||||
/**
|
||||
* \brief This function imports the public value of the peer, G^Y.
|
||||
* \brief This function imports the raw public value of the peer.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param input The input buffer containing the G^Y value of the peer.
|
||||
* \param ilen The size of the input buffer.
|
||||
* \note In a TLS handshake, this is the how the server imports
|
||||
* the Client's public DHM key.
|
||||
*
|
||||
* \param ctx The DHM context to use. This must be initialized and have
|
||||
* its DHM parameters set, e.g. via mbedtls_dhm_set_group().
|
||||
* It may or may not already have generated its own private key.
|
||||
* \param input The input buffer containing the \c G^Y value of the peer.
|
||||
* This must be a readable buffer of size \p ilen Bytes.
|
||||
* \param ilen The size of the input buffer \p input in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
|
@ -208,21 +228,25 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
|||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function creates its own private key, \c X, and
|
||||
* exports \c G^X.
|
||||
* \brief This function creates a DHM key pair and exports
|
||||
* the raw public key in big-endian format.
|
||||
*
|
||||
* \note The destination buffer is always fully written
|
||||
* so as to contain a big-endian representation of G^X mod P.
|
||||
* If it is larger than ctx->len, it is padded accordingly
|
||||
* If it is larger than \c ctx->len, it is padded accordingly
|
||||
* with zero-bytes at the beginning.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param ctx The DHM context to use. This must be initialized and
|
||||
* have the DHM parameters set. It may or may not already
|
||||
* have imported the peer's public key.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param output The destination buffer.
|
||||
* \param olen The length of the destination buffer. Must be at least
|
||||
* equal to ctx->len (the size of \c P).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param output The destination buffer. This must be a writable buffer of
|
||||
* size \p olen Bytes.
|
||||
* \param olen The length of the destination buffer. This must be at least
|
||||
* equal to `ctx->len` (the size of \c P).
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
|
@ -233,22 +257,27 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function derives and exports the shared secret
|
||||
* \c (G^Y)^X mod \c P.
|
||||
* \brief This function derives and exports the shared secret
|
||||
* \c (G^Y)^X mod \c P.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our private key \c X is re-used, and not used
|
||||
* otherwise. We recommend always passing a non-NULL
|
||||
* \p f_rng argument.
|
||||
* \note If \p f_rng is not \c NULL, it is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our private key \c X is re-used, and not used
|
||||
* otherwise. We recommend always passing a non-NULL
|
||||
* \p f_rng argument.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param output The destination buffer.
|
||||
* \param output_size The size of the destination buffer. Must be at least
|
||||
* the size of ctx->len (the size of \c P).
|
||||
* \param ctx The DHM context to use. This must be initialized
|
||||
* and have its own private key generated and the peer's
|
||||
* public key imported.
|
||||
* \param output The buffer to write the generated shared key to. This
|
||||
* must be a writable buffer of size \p output_size Bytes.
|
||||
* \param output_size The size of the destination buffer. This must be at
|
||||
* least the size of \c ctx->len (the size of \c P).
|
||||
* \param olen On exit, holds the actual number of Bytes written.
|
||||
* \param f_rng The RNG function, for blinding purposes.
|
||||
* \param p_rng The RNG context.
|
||||
* \param f_rng The RNG function, for blinding purposes. This may
|
||||
* b \c NULL if blinding isn't needed.
|
||||
* \param p_rng The RNG context. This may be \c NULL if \p f_rng
|
||||
* doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
|
@ -259,9 +288,12 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function frees and clears the components of a DHM context.
|
||||
* \brief This function frees and clears the components
|
||||
* of a DHM context.
|
||||
*
|
||||
* \param ctx The DHM context to free and clear.
|
||||
* \param ctx The DHM context to free and clear. This may be \c NULL,
|
||||
* in which case this function is a no-op. If it is not \c NULL,
|
||||
* it must point to an initialized DHM context.
|
||||
*/
|
||||
void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
|
||||
|
||||
|
@ -270,17 +302,19 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
|
|||
/**
|
||||
* \brief This function parses DHM parameters in PEM or DER format.
|
||||
*
|
||||
* \param dhm The DHM context to initialize.
|
||||
* \param dhmin The input buffer.
|
||||
* \param dhminlen The size of the buffer, including the terminating null
|
||||
* Byte for PEM data.
|
||||
* \param dhm The DHM context to import the DHM parameters into.
|
||||
* This must be initialized.
|
||||
* \param dhmin The input buffer. This must be a readable buffer of
|
||||
* length \p dhminlen Bytes.
|
||||
* \param dhminlen The size of the input buffer \p dhmin, including the
|
||||
* terminating \c NULL Byte for PEM data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
|
||||
* code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
||||
size_t dhminlen );
|
||||
size_t dhminlen );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/** \ingroup x509_module */
|
||||
|
@ -288,11 +322,13 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
|||
* \brief This function loads and parses DHM parameters from a file.
|
||||
*
|
||||
* \param dhm The DHM context to load the parameters to.
|
||||
* This must be initialized.
|
||||
* \param path The filename to read the DHM parameters from.
|
||||
* This must not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
@ -353,15 +389,6 @@ int mbedtls_dhm_self_test( int verbose );
|
|||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_constant_t) ( VAL ) )
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#endif /* ! MBEDTLS_DEPRECATED_WARNING */
|
||||
|
||||
/**
|
||||
* \warning The origin of the primes in RFC 5114 is not documented and
|
||||
* their use therefore constitutes a security risk!
|
||||
|
|
|
@ -36,6 +36,18 @@
|
|||
|
||||
#include "ecp.h"
|
||||
|
||||
/*
|
||||
* Use a backward compatible ECDH context.
|
||||
*
|
||||
* This flag is always enabled for now and future versions might add a
|
||||
* configuration option that conditionally undefines this flag.
|
||||
* The configuration option in question may have a different name.
|
||||
*
|
||||
* Features undefining this flag, must have a warning in their description in
|
||||
* config.h stating that the feature breaks backward compatibility.
|
||||
*/
|
||||
#define MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -49,6 +61,39 @@ typedef enum
|
|||
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
|
||||
} mbedtls_ecdh_side;
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
/**
|
||||
* Defines the ECDH implementation used.
|
||||
*
|
||||
* Later versions of the library may add new variants, therefore users should
|
||||
* not make any assumptions about them.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
|
||||
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
|
||||
} mbedtls_ecdh_variant;
|
||||
|
||||
/**
|
||||
* The context used by the default ECDH implementation.
|
||||
*
|
||||
* Later versions might change the structure of this context, therefore users
|
||||
* should not make any assumptions about the structure of
|
||||
* mbedtls_ecdh_context_mbed.
|
||||
*/
|
||||
typedef struct mbedtls_ecdh_context_mbed
|
||||
{
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
||||
mbedtls_mpi z; /*!< The shared secret. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
||||
#endif
|
||||
} mbedtls_ecdh_context_mbed;
|
||||
#endif
|
||||
|
||||
/**
|
||||
*
|
||||
* \warning Performing multiple operations concurrently on the same
|
||||
|
@ -58,6 +103,7 @@ typedef enum
|
|||
*/
|
||||
typedef struct mbedtls_ecdh_context
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
|
@ -70,7 +116,26 @@ typedef struct mbedtls_ecdh_context
|
|||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
int restart_enabled; /*!< The flag for restartable mode. */
|
||||
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
#else
|
||||
uint8_t point_format; /*!< The format of point export in TLS messages
|
||||
as defined in RFC 4492. */
|
||||
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
|
||||
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
|
||||
union
|
||||
{
|
||||
mbedtls_ecdh_context_mbed mbed_ecdh;
|
||||
} ctx; /*!< Implementation-specific context. The
|
||||
context in use is specified by the \c var
|
||||
field. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
|
||||
an alternative implementation not supporting
|
||||
restartable mode must return
|
||||
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
|
||||
if this flag is set. */
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
|
||||
}
|
||||
mbedtls_ecdh_context;
|
||||
|
||||
|
@ -84,11 +149,16 @@ mbedtls_ecdh_context;
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param grp The ECP group to use. This must be initialized and have
|
||||
* domain parameters loaded, for example through
|
||||
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
||||
* \param d The destination MPI (private key).
|
||||
* This must be initialized.
|
||||
* \param Q The destination point (public key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX or
|
||||
|
@ -111,12 +181,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param grp The ECP group to use. This must be initialized and have
|
||||
* domain parameters loaded, for example through
|
||||
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
||||
* \param z The destination MPI (shared secret).
|
||||
* This must be initialized.
|
||||
* \param Q The public key from another party.
|
||||
* This must be initialized.
|
||||
* \param d Our secret exponent (private key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function. This may be \c NULL if randomization
|
||||
* of intermediate results during the ECP computations is
|
||||
* not needed (discouraged). See the documentation of
|
||||
* mbedtls_ecp_mul() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a
|
||||
* context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX or
|
||||
|
@ -130,36 +210,57 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
|||
/**
|
||||
* \brief This function initializes an ECDH context.
|
||||
*
|
||||
* \param ctx The ECDH context to initialize.
|
||||
* \param ctx The ECDH context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function frees a context.
|
||||
* \brief This function sets up the ECDH context with the information
|
||||
* given.
|
||||
*
|
||||
* \param ctx The context to free.
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ServerKeyExchange payload.
|
||||
* This function should be called after mbedtls_ecdh_init() but
|
||||
* before mbedtls_ecdh_make_params(). There is no need to call
|
||||
* this function before mbedtls_ecdh_read_params().
|
||||
*
|
||||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
* \param ctx The ECDH context to set up. This must be initialized.
|
||||
* \param grp_id The group id of the group to set up the context for.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
|
||||
mbedtls_ecp_group_id grp_id );
|
||||
|
||||
/**
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx The context to free. This may be \c NULL, in which
|
||||
* case this function does nothing. If it is not \c NULL,
|
||||
* it must point to an initialized ECDH context.
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates an EC key pair and exports its
|
||||
* in the format used in a TLS ServerKeyExchange handshake
|
||||
* message.
|
||||
*
|
||||
* This is the second function used by a TLS server for ECDHE
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup().)
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, for example via mbedtls_ecdh_setup().
|
||||
* \param olen The address at which to store the number of Bytes written.
|
||||
* \param buf The destination buffer. This must be a writable buffer of
|
||||
* length \p blen Bytes.
|
||||
* \param blen The length of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
|
@ -172,24 +273,32 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ServerKeyExhange
|
||||
* payload.
|
||||
* \brief This function parses the ECDHE parameters in a
|
||||
* TLS ServerKeyExchange handshake message.
|
||||
*
|
||||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
* \note In a TLS handshake, this is the how the client
|
||||
* sets up its ECDHE context from the server's public
|
||||
* ECDHE key material.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
* \param ctx The ECDHE context to use. This must be initialized.
|
||||
* \param buf On input, \c *buf must be the start of the input buffer.
|
||||
* On output, \c *buf is updated to point to the end of the
|
||||
* data that has been read. On success, this is the first byte
|
||||
* past the end of the ServerKeyExchange parameters.
|
||||
* On error, this is the point at which an error has been
|
||||
* detected, which is usually not useful except to debug
|
||||
* failures.
|
||||
* \param end The end of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function sets up an ECDH context from an EC key.
|
||||
|
@ -200,33 +309,40 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key: 1: Our key, or
|
||||
* 0: The key of the peer.
|
||||
* \param ctx The ECDH context to set up. This must be initialized.
|
||||
* \param key The EC key to use. This must be initialized.
|
||||
* \param side Defines the source of the key. Possible values are:
|
||||
* - #MBEDTLS_ECDH_OURS: The key is ours.
|
||||
* - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ClientKeyExchange payload.
|
||||
* \brief This function generates a public key and exports it
|
||||
* as a TLS ClientKeyExchange payload.
|
||||
*
|
||||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, the latter usually by
|
||||
* mbedtls_ecdh_read_params().
|
||||
* \param olen The address at which to store the number of Bytes written.
|
||||
* This must not be \c NULL.
|
||||
* \param buf The destination buffer. This must be a writable buffer
|
||||
* of length \p blen Bytes.
|
||||
* \param blen The size of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
|
@ -239,23 +355,26 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ClientKeyExchange
|
||||
* payload.
|
||||
* \brief This function parses and processes the ECDHE payload of a
|
||||
* TLS ClientKeyExchange message.
|
||||
*
|
||||
* This is the second function used by a TLS server for ECDH(E)
|
||||
* ciphersuites.
|
||||
* This is the third function used by a TLS server for ECDH(E)
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup() and
|
||||
* mbedtls_ecdh_make_params().)
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, for example via mbedtls_ecdh_setup().
|
||||
* \param buf The pointer to the ClientKeyExchange payload. This must
|
||||
* be a readable buffer of length \p blen Bytes.
|
||||
* \param blen The length of the input buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief This function derives and exports the shared secret.
|
||||
|
@ -268,13 +387,19 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
|||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and have its own private key generated and the peer's
|
||||
* public key imported.
|
||||
* \param olen The address at which to store the total number of
|
||||
* Bytes written on success. This must not be \c NULL.
|
||||
* \param buf The buffer to write the generated shared key to. This
|
||||
* must be a writable buffer of size \p blen Bytes.
|
||||
* \param blen The length of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function, for blinding purposes. This may
|
||||
* b \c NULL if blinding isn't needed.
|
||||
* \param p_rng The RNG context. This may be \c NULL if \p f_rng
|
||||
* doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
|
@ -297,7 +422,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
* computations once enabled, except by free-ing the context,
|
||||
* which cancels possible in-progress operations.
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param ctx The ECDH context to use. This must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
|
|
@ -118,7 +118,8 @@ typedef void mbedtls_ecdsa_restart_ctx;
|
|||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note The deterministic version is usually preferred.
|
||||
* \note The deterministic version implemented in
|
||||
* mbedtls_ecdsa_sign_det() is usually preferred.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
|
@ -128,14 +129,22 @@ typedef void mbedtls_ecdsa_restart_ctx;
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param grp The context for the elliptic curve to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param r The MPI context in which to store the first part
|
||||
* the signature. This must be initialized.
|
||||
* \param s The MPI context in which to store the second part
|
||||
* the signature. This must be initialized.
|
||||
* \param d The private signing key. This must be initialized.
|
||||
* \param buf The content to be signed. This is usually the hash of
|
||||
* the original data to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context parameter.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX
|
||||
|
@ -162,21 +171,29 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
* \param grp The context for the elliptic curve to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param r The MPI context in which to store the first part
|
||||
* the signature. This must be initialized.
|
||||
* \param s The MPI context in which to store the second part
|
||||
* the signature. This must be initialized.
|
||||
* \param d The private signing key. This must be initialized
|
||||
* and setup, for example through mbedtls_ecp_gen_privkey().
|
||||
* \param buf The hashed content to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param md_alg The hash algorithm used to hash the original data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg );
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
||||
mbedtls_mpi *s, const mbedtls_mpi *d,
|
||||
const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
|
@ -191,12 +208,19 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param Q The public key to use for verification.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param buf The hashed content that was signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param Q The public key to use for verification. This must be
|
||||
* initialized and setup.
|
||||
* \param r The first integer of the signature.
|
||||
* This must be initialized.
|
||||
* \param s The second integer of the signature.
|
||||
* This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
|
||||
|
@ -205,8 +229,9 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
|
||||
const mbedtls_mpi *s);
|
||||
|
||||
/**
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
|
@ -223,11 +248,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
|
@ -236,20 +256,32 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param f_rng The RNG function. This must not be \c NULL if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
|
||||
* it is unused and may be set to \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -265,15 +297,28 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param rs_ctx The restart context (NULL disables restart).
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param f_rng The RNG function. This must not be \c NULL if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
|
||||
* it is unused and may be set to \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
|
||||
* \param rs_ctx The restart context to use. This may be \c NULL to disable
|
||||
* restarting. If it is not \c NULL, it must point to an
|
||||
* initialized restart context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
|
@ -309,11 +354,6 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
|||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if a
|
||||
* 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
|
@ -325,12 +365,20 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
|||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
||||
* Mbed TLS version 2.0 and later.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
|
@ -355,11 +403,14 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and public key bound to it.
|
||||
* \param hash The message hash that was signed. This must be a readable
|
||||
* buffer of length \p size Bytes.
|
||||
* \param hlen The size of the hash \p hash.
|
||||
* \param sig The signature to read and verify. This must be a readable
|
||||
* buffer of length \p slen Bytes.
|
||||
* \param slen The size of \p sig in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
|
@ -382,12 +433,17 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
|||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
* \param rs_ctx The restart context (NULL disables restart).
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and public key bound to it.
|
||||
* \param hash The message hash that was signed. This must be a readable
|
||||
* buffer of length \p size Bytes.
|
||||
* \param hlen The size of the hash \p hash.
|
||||
* \param sig The signature to read and verify. This must be a readable
|
||||
* buffer of length \p slen Bytes.
|
||||
* \param slen The size of \p sig in Bytes.
|
||||
* \param rs_ctx The restart context to use. This may be \c NULL to disable
|
||||
* restarting. If it is not \c NULL, it must point to an
|
||||
* initialized restart context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
|
@ -409,10 +465,12 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
|
|||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* This must be initialized.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
|
@ -421,40 +479,55 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
|||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function sets an ECDSA context from an EC key pair.
|
||||
* \brief This function sets up an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to set.
|
||||
* \param key The EC key to use.
|
||||
* \param ctx The ECDSA context to setup. This must be initialized.
|
||||
* \param key The EC key to use. This must be initialized and hold
|
||||
* a private-public key pair or a public key. In the former
|
||||
* case, the ECDSA context may be used for signature creation
|
||||
* and verification after this call. In the latter case, it
|
||||
* may be used for signature verification.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
|
||||
const mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief This function initializes an ECDSA context.
|
||||
*
|
||||
* \param ctx The ECDSA context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function frees an ECDSA context.
|
||||
*
|
||||
* \param ctx The ECDSA context to free.
|
||||
* \param ctx The ECDSA context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Initialize a restart context
|
||||
* \brief Initialize a restart context.
|
||||
*
|
||||
* \param ctx The restart context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a restart context
|
||||
* \brief Free the components of a restart context.
|
||||
*
|
||||
* \param ctx The restart context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
|
|
@ -92,28 +92,33 @@ typedef struct mbedtls_ecjpake_context
|
|||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* (just makes it ready for setup() or free()).
|
||||
* \brief Initialize an ECJPAKE context.
|
||||
*
|
||||
* \param ctx context to initialize
|
||||
* \param ctx The ECJPAKE context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set up a context for use
|
||||
* \brief Set up an ECJPAKE context for use.
|
||||
*
|
||||
* \note Currently the only values for hash/curve allowed by the
|
||||
* standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
|
||||
* standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
|
||||
*
|
||||
* \param ctx context to set up
|
||||
* \param role Our role: client or server
|
||||
* \param hash hash function to use (MBEDTLS_MD_XXX)
|
||||
* \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
|
||||
* \param secret pre-shared secret (passphrase)
|
||||
* \param len length of the shared secret
|
||||
* \param ctx The ECJPAKE context to set up. This must be initialized.
|
||||
* \param role The role of the caller. This must be either
|
||||
* #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
|
||||
* \param hash The identifier of the hash function to use,
|
||||
* for example #MBEDTLS_MD_SHA256.
|
||||
* \param curve The identifier of the elliptic curve to use,
|
||||
* for example #MBEDTLS_ECP_DP_SECP256R1.
|
||||
* \param secret The pre-shared secret (passphrase). This must be
|
||||
* a readable buffer of length \p len Bytes. It need
|
||||
* only be valid for the duration of this call.
|
||||
* \param len The length of the pre-shared secret \p secret.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
||||
mbedtls_ecjpake_role role,
|
||||
|
@ -123,29 +128,34 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
|||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Check if a context is ready for use
|
||||
* \brief Check if an ECJPAKE context is ready for use.
|
||||
*
|
||||
* \param ctx Context to check
|
||||
* \param ctx The ECJPAKE context to check. This must be
|
||||
* initialized.
|
||||
*
|
||||
* \return 0 if the context is ready for use,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
|
||||
* \return \c 0 if the context is ready for use.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
|
||||
*/
|
||||
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate and write the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes)
|
||||
* excluding extension type and length bytes).
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param ctx The ECJPAKE context to use. This must be
|
||||
* initialized and set up.
|
||||
* \param buf The buffer to write the contents to. This must be a
|
||||
* writable buffer of length \p len Bytes.
|
||||
* \param len The length of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number
|
||||
* of Bytes written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
|
@ -155,14 +165,16 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
|||
/**
|
||||
* \brief Read and process the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes)
|
||||
* excluding extension type and length bytes).
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Pointer to extension contents
|
||||
* \param len Extension length
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized
|
||||
* and set up.
|
||||
* \param buf The buffer holding the first round message. This must
|
||||
* be a readable buffer of length \p len Bytes.
|
||||
* \param len The length in Bytes of \p buf.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
|
@ -170,17 +182,21 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
|||
|
||||
/**
|
||||
* \brief Generate and write the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange)
|
||||
* (TLS: contents of the Client/ServerKeyExchange).
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized,
|
||||
* set up, and already have performed round one.
|
||||
* \param buf The buffer to write the round two contents to.
|
||||
* This must be a writable buffer of length \p len Bytes.
|
||||
* \param len The size of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number of Bytes
|
||||
* written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
|
@ -189,14 +205,16 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
|||
|
||||
/**
|
||||
* \brief Read and process the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange)
|
||||
* (TLS: contents of the Client/ServerKeyExchange).
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Pointer to the message
|
||||
* \param len Message length
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized
|
||||
* and set up and already have performed round one.
|
||||
* \param buf The buffer holding the second round message. This must
|
||||
* be a readable buffer of length \p len Bytes.
|
||||
* \param len The length in Bytes of \p buf.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
|
@ -204,17 +222,21 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
|||
|
||||
/**
|
||||
* \brief Derive the shared secret
|
||||
* (TLS: Pre-Master Secret)
|
||||
* (TLS: Pre-Master Secret).
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized,
|
||||
* set up and have performed both round one and two.
|
||||
* \param buf The buffer to write the derived secret to. This must
|
||||
* be a writable buffer of length \p len Bytes.
|
||||
* \param len The length of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number of Bytes
|
||||
* written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
|
@ -222,14 +244,15 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Free a context's content
|
||||
* \brief This clears an ECJPAKE context and frees any
|
||||
* embedded data structure.
|
||||
*
|
||||
* \param ctx context to free
|
||||
* \param ctx The ECJPAKE context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it is not
|
||||
* \c NULL, it must point to an initialized ECJPAKE context.
|
||||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
|
|
|
@ -159,6 +159,10 @@ mbedtls_ecp_point;
|
|||
* additions or subtractions. Therefore, it is only an approximative modular
|
||||
* reduction. It must return 0 on success and non-zero on failure.
|
||||
*
|
||||
* \note Alternative implementations must keep the group IDs distinct. If
|
||||
* two group structures have the same ID, then they must be
|
||||
* identical.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_ecp_group
|
||||
{
|
||||
|
@ -493,24 +497,37 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
|
|||
|
||||
/**
|
||||
* \brief This function frees the components of an ECP group.
|
||||
* \param grp The group to free.
|
||||
*
|
||||
* \param grp The group to free. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not
|
||||
* \c NULL, it must point to an initialized ECP group.
|
||||
*/
|
||||
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
|
||||
|
||||
/**
|
||||
* \brief This function frees the components of a key pair.
|
||||
* \param key The key pair to free.
|
||||
*
|
||||
* \param key The key pair to free. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not
|
||||
* \c NULL, it must point to an initialized ECP key pair.
|
||||
*/
|
||||
void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Initialize a restart context
|
||||
* \brief Initialize a restart context.
|
||||
*
|
||||
* \param ctx The restart context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a restart context
|
||||
* \brief Free the components of a restart context.
|
||||
*
|
||||
* \param ctx The restart context to free. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not
|
||||
* \c NULL, it must point to an initialized restart context.
|
||||
*/
|
||||
void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
@ -519,11 +536,12 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
|
|||
* \brief This function copies the contents of point \p Q into
|
||||
* point \p P.
|
||||
*
|
||||
* \param P The destination point.
|
||||
* \param Q The source point.
|
||||
* \param P The destination point. This must be initialized.
|
||||
* \param Q The source point. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return Another negative error code for other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
|
||||
|
||||
|
@ -531,31 +549,35 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
|
|||
* \brief This function copies the contents of group \p src into
|
||||
* group \p dst.
|
||||
*
|
||||
* \param dst The destination group.
|
||||
* \param src The source group.
|
||||
* \param dst The destination group. This must be initialized.
|
||||
* \param src The source group. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
|
||||
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
|
||||
const mbedtls_ecp_group *src );
|
||||
|
||||
/**
|
||||
* \brief This function sets a point to zero.
|
||||
* \brief This function sets a point to the point at infinity.
|
||||
*
|
||||
* \param pt The point to set.
|
||||
* \param pt The point to set. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief This function checks if a point is zero.
|
||||
* \brief This function checks if a point is the point at infinity.
|
||||
*
|
||||
* \param pt The point to test.
|
||||
* \param pt The point to test. This must be initialized.
|
||||
*
|
||||
* \return \c 1 if the point is zero.
|
||||
* \return \c 0 if the point is non-zero.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
|
||||
|
||||
|
@ -565,8 +587,8 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
|
|||
* \note This assumes that the points are normalized. Otherwise,
|
||||
* they may compare as "not equal" even if they are.
|
||||
*
|
||||
* \param P The first point to compare.
|
||||
* \param Q The second point to compare.
|
||||
* \param P The first point to compare. This must be initialized.
|
||||
* \param Q The second point to compare. This must be initialized.
|
||||
*
|
||||
* \return \c 0 if the points are equal.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
|
||||
|
@ -578,7 +600,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
|
|||
* \brief This function imports a non-zero point from two ASCII
|
||||
* strings.
|
||||
*
|
||||
* \param P The destination point.
|
||||
* \param P The destination point. This must be initialized.
|
||||
* \param radix The numeric base of the input.
|
||||
* \param x The first affine coordinate, as a null-terminated string.
|
||||
* \param y The second affine coordinate, as a null-terminated string.
|
||||
|
@ -593,15 +615,21 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
|
|||
* \brief This function exports a point into unsigned binary data.
|
||||
*
|
||||
* \param grp The group to which the point should belong.
|
||||
* \param P The point to export.
|
||||
* \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro.
|
||||
* \param olen The length of the output.
|
||||
* \param buf The output buffer.
|
||||
* \param buflen The length of the output buffer.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param P The point to export. This must be initialized.
|
||||
* \param format The point format. This must be either
|
||||
* #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
|
||||
* \param olen The address at which to store the length of
|
||||
* the output in Bytes. This must not be \c NULL.
|
||||
* \param buf The output buffer. This must be a writable buffer
|
||||
* of length \p buflen Bytes.
|
||||
* \param buflen The length of the output buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
* or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
|
||||
* is too small to hold the point.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
|
||||
int format, size_t *olen,
|
||||
|
@ -615,108 +643,158 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_
|
|||
* for that.
|
||||
*
|
||||
* \param grp The group to which the point should belong.
|
||||
* \param P The point to import.
|
||||
* \param buf The input buffer.
|
||||
* \param ilen The length of the input.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param P The destination context to import the point to.
|
||||
* This must be initialized.
|
||||
* \param buf The input buffer. This must be a readable buffer
|
||||
* of length \p ilen Bytes.
|
||||
* \param ilen The length of the input buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
|
||||
* is not implemented.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
|
||||
const unsigned char *buf, size_t ilen );
|
||||
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *P,
|
||||
const unsigned char *buf, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function imports a point from a TLS ECPoint record.
|
||||
*
|
||||
* \note On function return, \p buf is updated to point to immediately
|
||||
* \note On function return, \p *buf is updated to point immediately
|
||||
* after the ECPoint record.
|
||||
*
|
||||
* \param grp The ECP group used.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param pt The destination point.
|
||||
* \param buf The address of the pointer to the start of the input buffer.
|
||||
* \param len The length of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
|
||||
const unsigned char **buf, size_t len );
|
||||
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt,
|
||||
const unsigned char **buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function exports a point as a TLS ECPoint record.
|
||||
* \brief This function exports a point as a TLS ECPoint record
|
||||
* defined in RFC 4492, Section 5.4.
|
||||
*
|
||||
* \param grp The ECP group used.
|
||||
* \param pt The point format to export to. The point format is an
|
||||
* \c MBEDTLS_ECP_PF_XXX constant.
|
||||
* \param format The export format.
|
||||
* \param olen The length of the data written.
|
||||
* \param buf The buffer to write to.
|
||||
* \param blen The length of the buffer.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param pt The point to be exported. This must be initialized.
|
||||
* \param format The point format to use. This must be either
|
||||
* #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
|
||||
* \param olen The address at which to store the length in Bytes
|
||||
* of the data written.
|
||||
* \param buf The target buffer. This must be a writable buffer of
|
||||
* length \p blen Bytes.
|
||||
* \param blen The length of the target buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or
|
||||
* #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
|
||||
* is too small to hold the exported point.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *pt,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief This function sets a group using standardized domain parameters.
|
||||
* \brief This function sets up an ECP group context
|
||||
* from a standardized set of domain parameters.
|
||||
*
|
||||
* \note The index should be a value of the NamedCurve enum,
|
||||
* as defined in <em>RFC-4492: Elliptic Curve Cryptography
|
||||
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
|
||||
* usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
|
||||
*
|
||||
* \param grp The destination group.
|
||||
* \param grp The group context to setup. This must be initialized.
|
||||
* \param id The identifier of the domain parameter set to load.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.
|
||||
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
|
||||
* correspond to a known group.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
|
||||
|
||||
/**
|
||||
* \brief This function sets a group from a TLS ECParameters record.
|
||||
* \brief This function sets up an ECP group context from a TLS
|
||||
* ECParameters record as defined in RFC 4492, Section 5.4.
|
||||
*
|
||||
* \note \p buf is updated to point right after the ECParameters record
|
||||
* on exit.
|
||||
* \note The read pointer \p buf is updated to point right after
|
||||
* the ECParameters record on exit.
|
||||
*
|
||||
* \param grp The destination group.
|
||||
* \param grp The group context to setup. This must be initialized.
|
||||
* \param buf The address of the pointer to the start of the input buffer.
|
||||
* \param len The length of the buffer.
|
||||
* \param len The length of the input buffer \c *buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
|
||||
* recognized.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
|
||||
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
|
||||
const unsigned char **buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function writes the TLS ECParameters record for a group.
|
||||
* \brief This function extracts an elliptic curve group ID from a
|
||||
* TLS ECParameters record as defined in RFC 4492, Section 5.4.
|
||||
*
|
||||
* \param grp The ECP group used.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The buffer to write to.
|
||||
* \param blen The length of the buffer.
|
||||
* \note The read pointer \p buf is updated to point right after
|
||||
* the ECParameters record on exit.
|
||||
*
|
||||
* \param grp The address at which to store the group id.
|
||||
* This must not be \c NULL.
|
||||
* \param buf The address of the pointer to the start of the input buffer.
|
||||
* \param len The length of the input buffer \c *buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
|
||||
* recognized.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
|
||||
const unsigned char **buf,
|
||||
size_t len );
|
||||
/**
|
||||
* \brief This function exports an elliptic curve as a TLS
|
||||
* ECParameters record as defined in RFC 4492, Section 5.4.
|
||||
*
|
||||
* \param grp The ECP group to be exported.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param olen The address at which to store the number of Bytes written.
|
||||
* This must not be \c NULL.
|
||||
* \param buf The buffer to write to. This must be a writable buffer
|
||||
* of length \p blen Bytes.
|
||||
* \param blen The length of the output buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
|
||||
* buffer is too small to hold the exported group.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
|
||||
size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief This function performs multiplication of a point by
|
||||
* an integer: \p R = \p m * \p P.
|
||||
* \brief This function performs a scalar multiplication of a point
|
||||
* by an integer: \p R = \p m * \p P.
|
||||
*
|
||||
* It is not thread-safe to use same group in multiple threads.
|
||||
*
|
||||
|
@ -730,17 +808,22 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
|||
* targeting these results. We recommend always providing
|
||||
* a non-NULL \p f_rng. The overhead is negligible.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param m The integer by which to multiply.
|
||||
* \param P The point to multiply.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param R The point in which to store the result of the calculation.
|
||||
* This must be initialized.
|
||||
* \param m The integer by which to multiply. This must be initialized.
|
||||
* \param P The point to multiply. This must be initialized.
|
||||
* \param f_rng The RNG function. This may be \c NULL if randomization
|
||||
* of intermediate results isn't desired (discouraged).
|
||||
* \param p_rng The RNG context to be passed to \p p_rng.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
|
||||
* key, or \p P is not a valid public key.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
|
@ -756,12 +839,16 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
* it can return early and restart according to the limit set
|
||||
* with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param m The integer by which to multiply.
|
||||
* \param P The point to multiply.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param R The point in which to store the result of the calculation.
|
||||
* This must be initialized.
|
||||
* \param m The integer by which to multiply. This must be initialized.
|
||||
* \param P The point to multiply. This must be initialized.
|
||||
* \param f_rng The RNG function. This may be \c NULL if randomization
|
||||
* of intermediate results isn't desired (discouraged).
|
||||
* \param p_rng The RNG context to be passed to \p p_rng.
|
||||
* \param rs_ctx The restart context (NULL disables restart).
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -770,6 +857,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
|
@ -785,18 +873,25 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
* \note In contrast to mbedtls_ecp_mul(), this function does not
|
||||
* guarantee a constant execution flow and timing.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param R The point in which to store the result of the calculation.
|
||||
* This must be initialized.
|
||||
* \param m The integer by which to multiply \p P.
|
||||
* \param P The point to multiply by \p m.
|
||||
* This must be initialized.
|
||||
* \param P The point to multiply by \p m. This must be initialized.
|
||||
* \param n The integer by which to multiply \p Q.
|
||||
* This must be initialized.
|
||||
* \param Q The point to be multiplied by \p n.
|
||||
* This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
|
||||
* valid private keys, or \p P or \p Q are not valid public
|
||||
* keys.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
|
@ -813,12 +908,18 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param R The point in which to store the result of the calculation.
|
||||
* This must be initialized.
|
||||
* \param m The integer by which to multiply \p P.
|
||||
* \param P The point to multiply by \p m.
|
||||
* This must be initialized.
|
||||
* \param P The point to multiply by \p m. This must be initialized.
|
||||
* \param n The integer by which to multiply \p Q.
|
||||
* This must be initialized.
|
||||
* \param Q The point to be multiplied by \p n.
|
||||
* This must be initialized.
|
||||
* \param rs_ctx The restart context (NULL disables restart).
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -828,6 +929,7 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_muladd_restartable(
|
||||
mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
|
@ -852,38 +954,51 @@ int mbedtls_ecp_muladd_restartable(
|
|||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \param grp The curve the point should lie on.
|
||||
* \param pt The point to check.
|
||||
* \param grp The ECP group the point should belong to.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param pt The point to check. This must be initialized.
|
||||
*
|
||||
* \return \c 0 if the point is a valid public key.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
|
||||
* a valid public key for the given curve.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
|
||||
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief This function checks that an \p mbedtls_mpi is a valid private
|
||||
* key for this curve.
|
||||
* \brief This function checks that an \p mbedtls_mpi is a
|
||||
* valid private key for this curve.
|
||||
*
|
||||
* \note This function uses bare components rather than an
|
||||
* ::mbedtls_ecp_keypair structure to ease use with other
|
||||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \param grp The group used.
|
||||
* \param d The integer to check.
|
||||
* \param grp The ECP group the private key should belong to.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param d The integer to check. This must be initialized.
|
||||
*
|
||||
* \return \c 0 if the point is a valid private key.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
|
||||
* private key for the given curve.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_mpi *d );
|
||||
|
||||
/**
|
||||
* \brief This function generates a private key.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param d The destination MPI (secret part).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param grp The ECP group to generate a private key for.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param d The destination MPI (secret part). This must be initialized.
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
|
@ -903,22 +1018,29 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
|||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param G The chosen base point.
|
||||
* \param grp The ECP group to generate a key pair for.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param G The base point to use. This must be initialized
|
||||
* and belong to \p grp. It replaces the default base
|
||||
* point \c grp->G used by mbedtls_ecp_gen_keypair().
|
||||
* \param d The destination MPI (secret part).
|
||||
* This must be initialized.
|
||||
* \param Q The destination point (public part).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *G,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
const mbedtls_ecp_point *G,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function generates an ECP keypair.
|
||||
|
@ -928,34 +1050,42 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param grp The ECP group to generate a key pair for.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param d The destination MPI (secret part).
|
||||
* This must be initialized.
|
||||
* \param Q The destination point (public part).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
|
||||
mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function generates an ECP key.
|
||||
*
|
||||
* \param grp_id The ECP group identifier.
|
||||
* \param key The destination key.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param key The destination key. This must be initialized.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function checks that the keypair objects
|
||||
|
@ -963,16 +1093,19 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
|||
* same public point, and that the private key in
|
||||
* \p prv is consistent with the public key.
|
||||
*
|
||||
* \param pub The keypair structure holding the public key.
|
||||
* If it contains a private key, that part is ignored.
|
||||
* \param pub The keypair structure holding the public key. This
|
||||
* must be initialized. If it contains a private key, that
|
||||
* part is ignored.
|
||||
* \param prv The keypair structure holding the full keypair.
|
||||
* This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success, meaning that the keys are valid and match.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
|
||||
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
|
||||
const mbedtls_ecp_keypair *prv );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
|
|
|
@ -74,9 +74,9 @@
|
|||
* MD4 1 0x002D-0x002D
|
||||
* MD5 1 0x002F-0x002F
|
||||
* RIPEMD160 1 0x0031-0x0031
|
||||
* SHA1 1 0x0035-0x0035
|
||||
* SHA256 1 0x0037-0x0037
|
||||
* SHA512 1 0x0039-0x0039
|
||||
* SHA1 1 0x0035-0x0035 0x0073-0x0073
|
||||
* SHA256 1 0x0037-0x0037 0x0074-0x0074
|
||||
* SHA512 1 0x0039-0x0039 0x0075-0x0075
|
||||
* CHACHA20 3 0x0051-0x0055
|
||||
* POLY1305 3 0x0057-0x005B
|
||||
* CHACHAPOLY 2 0x0054-0x0056
|
||||
|
|
|
@ -85,7 +85,7 @@ mbedtls_gcm_context;
|
|||
* cipher, nor set the key. For this purpose, use
|
||||
* mbedtls_gcm_setkey().
|
||||
*
|
||||
* \param ctx The GCM context to initialize.
|
||||
* \param ctx The GCM context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
||||
|
||||
|
@ -93,9 +93,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
|||
* \brief This function associates a GCM context with a
|
||||
* cipher algorithm and a key.
|
||||
*
|
||||
* \param ctx The GCM context to initialize.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param key The encryption key. This must be a readable buffer of at
|
||||
* least \p keybits bits.
|
||||
* \param keybits The key size in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
|
@ -122,7 +123,8 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
* authentic. You should use this function to perform encryption
|
||||
* only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
|
||||
*
|
||||
* \param ctx The GCM context to use for encryption or decryption.
|
||||
* \param ctx The GCM context to use for encryption or decryption. This
|
||||
* must be initialized.
|
||||
* \param mode The operation to perform:
|
||||
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
|
||||
* The ciphertext is written to \p output and the
|
||||
|
@ -136,21 +138,27 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
* calling this function in decryption mode.
|
||||
* \param length The length of the input data, which is equal to the length
|
||||
* of the output data.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv The initialization vector. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add The buffer holding the additional data. This must be of at
|
||||
* least that size in Bytes.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param input The buffer holding the input data. Its size is \b length.
|
||||
* \param output The buffer for holding the output data. It must have room
|
||||
* for \b length bytes.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param output The buffer for holding the output data. If \p length is greater
|
||||
* than zero, this must be a writable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param tag_len The length of the tag to generate.
|
||||
* \param tag The buffer for holding the tag.
|
||||
* \param tag The buffer for holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
*
|
||||
* \return \c 0 if the encryption or decryption was performed
|
||||
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
|
||||
* this does not indicate that the data is authentic.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
|
||||
* a cipher-specific error code if the encryption
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||
* not valid or a cipher-specific error code if the encryption
|
||||
* or decryption failed.
|
||||
*/
|
||||
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||
|
@ -173,23 +181,30 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param length The length of the ciphertext to decrypt, which is also
|
||||
* the length of the decrypted plaintext.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv The initialization vector. This must be a readable buffer
|
||||
* of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add The buffer holding the additional data. This must be of at
|
||||
* least that size in Bytes.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param tag The buffer holding the tag to verify.
|
||||
* \param tag The buffer holding the tag to verify. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to verify.
|
||||
* \param input The buffer holding the ciphertext. Its size is \b length.
|
||||
* \param output The buffer for holding the decrypted plaintext. It must
|
||||
* have room for \b length bytes.
|
||||
* \param input The buffer holding the ciphertext. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size.
|
||||
* \param output The buffer for holding the decrypted plaintext. If \p length
|
||||
* is greater than zero, this must be a writable buffer of at
|
||||
* least that size.
|
||||
*
|
||||
* \return \c 0 if successful and authenticated.
|
||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
|
||||
* a cipher-specific error code if the decryption failed.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||
* not valid or a cipher-specific error code if the decryption
|
||||
* failed.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -206,15 +221,16 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
* \brief This function starts a GCM encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv The initialization vector. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or NULL
|
||||
* if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0,
|
||||
* \p add is NULL.
|
||||
* \param add The buffer holding the additional data, or \c NULL
|
||||
* if \p add_len is \c 0.
|
||||
* \param add_len The length of the additional data. If \c 0,
|
||||
* \p add may be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -237,11 +253,15 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param output The buffer for holding the output data. If \p length is
|
||||
* greater than zero, this must be a writable buffer of at
|
||||
* least that size in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
|
@ -258,9 +278,11 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
* It wraps up the GCM stream, and generates the
|
||||
* tag. The tag can have a maximum length of 16 Bytes.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param tag The buffer for holding the tag.
|
||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param tag The buffer for holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to generate. This must be at least
|
||||
* four.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
|
@ -273,7 +295,8 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||
* \brief This function clears a GCM context and the underlying
|
||||
* cipher sub-context.
|
||||
*
|
||||
* \param ctx The GCM context to clear.
|
||||
* \param ctx The GCM context to clear. If this is \c NULL, the call has
|
||||
* no effect. Otherwise, this must be initialized.
|
||||
*/
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||
|
||||
|
|
|
@ -195,10 +195,13 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
|
|||
* \param additional Additional data to update state with, or NULL
|
||||
* \param add_len Length of additional data, or 0
|
||||
*
|
||||
* \return \c 0 on success, or an error from the underlying
|
||||
* hash calculation.
|
||||
*
|
||||
* \note Additional data is optional, pass NULL and 0 as second
|
||||
* third argument if no additional data is being used.
|
||||
*/
|
||||
void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
|
||||
int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
|
@ -257,6 +260,31 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len
|
|||
*/
|
||||
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief HMAC_DRBG update state
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
|
||||
* in 2.16.0.
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param additional Additional data to update state with, or NULL
|
||||
* \param add_len Length of additional data, or 0
|
||||
*
|
||||
* \note Additional data is optional, pass NULL and 0 as second
|
||||
* third argument if no additional data is being used.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
|
||||
mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
|
|
|
@ -3,6 +3,9 @@
|
|||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
|
||||
* processors
|
||||
*
|
||||
* \warning These functions are only for internal use by other library
|
||||
* functions; you must not call them directly.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
|
@ -57,7 +60,10 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief PadLock detection routine
|
||||
* \brief Internal PadLock detection routine
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param feature The feature to detect
|
||||
*
|
||||
|
@ -66,7 +72,10 @@ extern "C" {
|
|||
int mbedtls_padlock_has_support( int feature );
|
||||
|
||||
/**
|
||||
* \brief PadLock AES-ECB block en(de)cryption
|
||||
* \brief Internal PadLock AES-ECB block en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
|
@ -76,12 +85,15 @@ int mbedtls_padlock_has_support( int feature );
|
|||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief PadLock AES-CBC buffer en(de)cryption
|
||||
* \brief Internal PadLock AES-CBC buffer en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
|
@ -93,11 +105,11 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
|
|||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -197,23 +197,35 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
|
|||
const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a mbedtls_pk_context (as NONE)
|
||||
* \brief Initialize a #mbedtls_pk_context (as NONE).
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_pk_init( mbedtls_pk_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free a mbedtls_pk_context
|
||||
* \brief Free the components of a #mbedtls_pk_context.
|
||||
*
|
||||
* \param ctx The context to clear. It must have been initialized.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
*/
|
||||
void mbedtls_pk_free( mbedtls_pk_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Initialize a restart context
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a restart context
|
||||
*
|
||||
* \param ctx The context to clear. It must have been initialized.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
*/
|
||||
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
@ -222,7 +234,8 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
|
|||
* \brief Initialize a PK context with the information given
|
||||
* and allocates the type-specific PK subcontext.
|
||||
*
|
||||
* \param ctx Context to initialize. Must be empty (type NONE).
|
||||
* \param ctx Context to initialize. It must not have been set
|
||||
* up yet (type #MBEDTLS_PK_NONE).
|
||||
* \param info Information to use
|
||||
*
|
||||
* \return 0 on success,
|
||||
|
@ -238,7 +251,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
|
|||
/**
|
||||
* \brief Initialize an RSA-alt context
|
||||
*
|
||||
* \param ctx Context to initialize. Must be empty (type NONE).
|
||||
* \param ctx Context to initialize. It must not have been set
|
||||
* up yet (type #MBEDTLS_PK_NONE).
|
||||
* \param key RSA key pointer
|
||||
* \param decrypt_func Decryption function
|
||||
* \param sign_func Signing function
|
||||
|
@ -258,7 +272,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
|
|||
/**
|
||||
* \brief Get the size in bits of the underlying key
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
*
|
||||
* \return Key size in bits, or 0 on error
|
||||
*/
|
||||
|
@ -266,7 +280,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
|
|||
|
||||
/**
|
||||
* \brief Get the length in bytes of the underlying key
|
||||
* \param ctx Context to use
|
||||
*
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
*
|
||||
* \return Key length in bytes, or 0 on error
|
||||
*/
|
||||
|
@ -278,18 +293,21 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
|
|||
/**
|
||||
* \brief Tell if a context can do the operation given by type
|
||||
*
|
||||
* \param ctx Context to test
|
||||
* \param type Target type
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
* \param type The desired type.
|
||||
*
|
||||
* \return 0 if context can't do the operations,
|
||||
* 1 otherwise.
|
||||
* \return 1 if the context can do operations on the given type.
|
||||
* \return 0 if the context cannot do the operations on the given
|
||||
* type. This is always the case for a context that has
|
||||
* been initialized but not set up, or that has been
|
||||
* cleared with mbedtls_pk_free().
|
||||
*/
|
||||
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
|
||||
|
||||
/**
|
||||
* \brief Verify signature (including padding if relevant).
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -322,7 +340,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_verify().
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -346,7 +364,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
|||
*
|
||||
* \param type Signature type (inc. possible padding type) to verify
|
||||
* \param options Pointer to type-specific options, or NULL
|
||||
* \param ctx PK context to use
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -377,7 +395,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
/**
|
||||
* \brief Make signature, including padding if relevant.
|
||||
*
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -411,7 +430,8 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_sign().
|
||||
*
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -435,7 +455,8 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
|||
/**
|
||||
* \brief Decrypt message (including padding if relevant).
|
||||
*
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param input Input to decrypt
|
||||
* \param ilen Input size
|
||||
* \param output Decrypted output
|
||||
|
@ -456,7 +477,7 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
|
|||
/**
|
||||
* \brief Encrypt message (including padding if relevant).
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param input Message to encrypt
|
||||
* \param ilen Message size
|
||||
* \param output Encrypted output
|
||||
|
@ -487,7 +508,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
|
|||
/**
|
||||
* \brief Export debug information
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
* \param items Place to write debug items
|
||||
*
|
||||
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
|
||||
|
@ -497,7 +518,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item
|
|||
/**
|
||||
* \brief Access the type name
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
*
|
||||
* \return Type name on success, or "invalid PK"
|
||||
*/
|
||||
|
@ -506,9 +527,10 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
|
|||
/**
|
||||
* \brief Get the key type
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
*
|
||||
* \return Type on success, or MBEDTLS_PK_NONE
|
||||
* \return Type on success.
|
||||
* \return #MBEDTLS_PK_NONE for a context that has not been set up.
|
||||
*/
|
||||
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
|
||||
|
||||
|
@ -517,12 +539,22 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
|
|||
/**
|
||||
* \brief Parse a private key in PEM or DER format
|
||||
*
|
||||
* \param ctx key to be initialized
|
||||
* \param key input buffer
|
||||
* \param keylen size of the buffer
|
||||
* (including the terminating null byte for PEM data)
|
||||
* \param pwd password for decryption (optional)
|
||||
* \param pwdlen size of the password
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param key Input buffer to parse.
|
||||
* The buffer must contain the input exactly, with no
|
||||
* extra trailing material. For PEM, the buffer must
|
||||
* contain a null-terminated string.
|
||||
* \param keylen Size of \b key in bytes.
|
||||
* For PEM data, this includes the terminating null byte,
|
||||
* so \p keylen must be equal to `strlen(key) + 1`.
|
||||
* \param pwd Optional password for decryption.
|
||||
* Pass \c NULL if expecting a non-encrypted key.
|
||||
* Pass a string of \p pwdlen bytes if expecting an encrypted
|
||||
* key; a non-encrypted key will also be accepted.
|
||||
* The empty password is not supported.
|
||||
* \param pwdlen Size of the password in bytes.
|
||||
* Ignored if \p pwd is \c NULL.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
|
@ -540,10 +572,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
|
|||
/**
|
||||
* \brief Parse a public key in PEM or DER format
|
||||
*
|
||||
* \param ctx key to be initialized
|
||||
* \param key input buffer
|
||||
* \param keylen size of the buffer
|
||||
* (including the terminating null byte for PEM data)
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param key Input buffer to parse.
|
||||
* The buffer must contain the input exactly, with no
|
||||
* extra trailing material. For PEM, the buffer must
|
||||
* contain a null-terminated string.
|
||||
* \param keylen Size of \b key in bytes.
|
||||
* For PEM data, this includes the terminating null byte,
|
||||
* so \p keylen must be equal to `strlen(key) + 1`.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
|
@ -561,9 +598,14 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
/**
|
||||
* \brief Load and parse a private key
|
||||
*
|
||||
* \param ctx key to be initialized
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param path filename to read the private key from
|
||||
* \param password password to decrypt the file (can be NULL)
|
||||
* \param password Optional password to decrypt the file.
|
||||
* Pass \c NULL if expecting a non-encrypted key.
|
||||
* Pass a null-terminated string if expecting an encrypted
|
||||
* key; a non-encrypted key will also be accepted.
|
||||
* The empty password is not supported.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
|
@ -580,7 +622,8 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
|||
/**
|
||||
* \brief Load and parse a public key
|
||||
*
|
||||
* \param ctx key to be initialized
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param path filename to read the public key from
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
|
@ -603,7 +646,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
|||
* return value to determine where you should start
|
||||
* using the buffer
|
||||
*
|
||||
* \param ctx private to write away
|
||||
* \param ctx PK context which must contain a valid private key.
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
*
|
||||
|
@ -618,7 +661,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_
|
|||
* return value to determine where you should start
|
||||
* using the buffer
|
||||
*
|
||||
* \param ctx public key to write away
|
||||
* \param ctx PK context which must contain a valid public or private key.
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
*
|
||||
|
@ -631,9 +674,10 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si
|
|||
/**
|
||||
* \brief Write a public key to a PEM string
|
||||
*
|
||||
* \param ctx public key to write away
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
* \param ctx PK context which must contain a valid public or private key.
|
||||
* \param buf Buffer to write to. The output includes a
|
||||
* terminating null byte.
|
||||
* \param size Size of the buffer in bytes.
|
||||
*
|
||||
* \return 0 if successful, or a specific error code
|
||||
*/
|
||||
|
@ -642,9 +686,10 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si
|
|||
/**
|
||||
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
|
||||
*
|
||||
* \param ctx private to write away
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
* \param ctx PK context which must contain a valid private key.
|
||||
* \param buf Buffer to write to. The output includes a
|
||||
* terminating null byte.
|
||||
* \param size Size of the buffer in bytes.
|
||||
*
|
||||
* \return 0 if successful, or a specific error code
|
||||
*/
|
||||
|
@ -663,7 +708,8 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_
|
|||
*
|
||||
* \param p the position in the ASN.1 data
|
||||
* \param end end of the buffer
|
||||
* \param pk the key to fill
|
||||
* \param pk The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK error code
|
||||
*/
|
||||
|
@ -678,7 +724,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
|||
*
|
||||
* \param p reference to current position pointer
|
||||
* \param start start of the buffer (for bounds-checking)
|
||||
* \param key public key to write away
|
||||
* \param key PK context which must contain a valid public or private key.
|
||||
*
|
||||
* \return the length written or a negative error code
|
||||
*/
|
||||
|
|
|
@ -46,6 +46,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
/**
|
||||
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||
* for pbeWithSHAAnd128BitRC4
|
||||
|
@ -87,6 +89,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
|||
const unsigned char *input, size_t len,
|
||||
unsigned char *output );
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief The PKCS#12 derivation function uses a password and a salt
|
||||
* to produce pseudo-random bits for a particular "purpose".
|
||||
|
|
|
@ -44,6 +44,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
/**
|
||||
* \brief PKCS#5 PBES2 function
|
||||
*
|
||||
|
@ -62,6 +64,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output );
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief PKCS#5 PBKDF2 using HMAC
|
||||
*
|
||||
|
|
|
@ -41,6 +41,88 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
|
||||
#if defined(MBEDTLS_PARAM_FAILED)
|
||||
/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
|
||||
*
|
||||
* This flag can be used to check whether it is safe to assume that
|
||||
* MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
|
||||
*/
|
||||
#define MBEDTLS_PARAM_FAILED_ALT
|
||||
#else /* MBEDTLS_PARAM_FAILED */
|
||||
#define MBEDTLS_PARAM_FAILED( cond ) \
|
||||
mbedtls_param_failed( #cond, __FILE__, __LINE__ )
|
||||
|
||||
/**
|
||||
* \brief User supplied callback function for parameter validation failure.
|
||||
* See #MBEDTLS_CHECK_PARAMS for context.
|
||||
*
|
||||
* This function will be called unless an alternative treatement
|
||||
* is defined through the #MBEDTLS_PARAM_FAILED macro.
|
||||
*
|
||||
* This function can return, and the operation will be aborted, or
|
||||
* alternatively, through use of setjmp()/longjmp() can resume
|
||||
* execution in the application code.
|
||||
*
|
||||
* \param failure_condition The assertion that didn't hold.
|
||||
* \param file The file where the assertion failed.
|
||||
* \param line The line in the file where the assertion failed.
|
||||
*/
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line );
|
||||
#endif /* MBEDTLS_PARAM_FAILED */
|
||||
|
||||
/* Internal macro meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
|
||||
do { \
|
||||
if( !(cond) ) \
|
||||
{ \
|
||||
MBEDTLS_PARAM_FAILED( cond ); \
|
||||
return( ret ); \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
/* Internal macro meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
|
||||
do { \
|
||||
if( !(cond) ) \
|
||||
{ \
|
||||
MBEDTLS_PARAM_FAILED( cond ); \
|
||||
return; \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
#else /* MBEDTLS_CHECK_PARAMS */
|
||||
|
||||
/* Internal macros meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
|
||||
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
|
||||
|
||||
#endif /* MBEDTLS_CHECK_PARAMS */
|
||||
|
||||
/* Internal helper macros for deprecating API constants. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
|
||||
* to avoid conflict with other headers which define and use
|
||||
* it, too. We might want to move all these definitions here at
|
||||
* some point for uniformity. */
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_string_constant_t) ( VAL ) )
|
||||
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#else /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
|
|
|
@ -84,14 +84,18 @@ mbedtls_poly1305_context;
|
|||
* \c mbedtls_poly1305_finish(), then finally
|
||||
* \c mbedtls_poly1305_free().
|
||||
*
|
||||
* \param ctx The Poly1305 context to initialize.
|
||||
* \param ctx The Poly1305 context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified Poly1305 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* Poly1305 context.
|
||||
*
|
||||
* \param ctx The Poly1305 context to clear.
|
||||
* \param ctx The Poly1305 context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op. If it is not \c NULL, it must
|
||||
* point to an initialized Poly1305 context.
|
||||
*/
|
||||
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
|
||||
|
||||
|
@ -102,11 +106,11 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
|
|||
* invocation of Poly1305.
|
||||
*
|
||||
* \param ctx The Poly1305 context to which the key should be bound.
|
||||
* \param key The buffer containing the 256-bit key.
|
||||
* This must be initialized.
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or key are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
@ -120,13 +124,14 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
|||
* It can be called repeatedly to process a stream of data.
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* \param ilen The length of the input data (in bytes). Any value is accepted.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or input are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -137,12 +142,12 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
* Authentication Code (MAC).
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* \param mac The buffer to where the MAC is written. Must be big enough
|
||||
* to hold the 16-byte MAC.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mac The buffer to where the MAC is written. This must
|
||||
* be a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
@ -154,16 +159,16 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
|||
* \warning The key must be unique and unpredictable for each
|
||||
* invocation of Poly1305.
|
||||
*
|
||||
* \param key The buffer containing the 256-bit key.
|
||||
* \param ilen The length of the input data (in bytes). Any value is accepted.
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param mac The buffer to where the MAC is written. Must be big enough
|
||||
* to hold the 16-byte MAC.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param mac The buffer to where the MAC is written. This must be
|
||||
* a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if key, input, or mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_mac( const unsigned char key[32],
|
||||
const unsigned char *input,
|
||||
|
|
|
@ -158,15 +158,16 @@ mbedtls_rsa_context;
|
|||
* making signatures, but can be overriden for verifying them.
|
||||
* If set to #MBEDTLS_MD_NONE, it is always overriden.
|
||||
*
|
||||
* \param ctx The RSA context to initialize.
|
||||
* \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
|
||||
* #MBEDTLS_RSA_PKCS_V21.
|
||||
* \param hash_id The hash identifier of #mbedtls_md_type_t type, if
|
||||
* \p padding is #MBEDTLS_RSA_PKCS_V21.
|
||||
* \param ctx The RSA context to initialize. This must not be \c NULL.
|
||||
* \param padding The padding mode to use. This must be either
|
||||
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
|
||||
* \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
|
||||
* \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
|
||||
* otherwise.
|
||||
*/
|
||||
void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
||||
int padding,
|
||||
int hash_id);
|
||||
int hash_id );
|
||||
|
||||
/**
|
||||
* \brief This function imports a set of core parameters into an
|
||||
|
@ -188,11 +189,11 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
|||
* for the lifetime of the RSA context being set up.
|
||||
*
|
||||
* \param ctx The initialized RSA context to store the parameters in.
|
||||
* \param N The RSA modulus, or NULL.
|
||||
* \param P The first prime factor of \p N, or NULL.
|
||||
* \param Q The second prime factor of \p N, or NULL.
|
||||
* \param D The private exponent, or NULL.
|
||||
* \param E The public exponent, or NULL.
|
||||
* \param N The RSA modulus. This may be \c NULL.
|
||||
* \param P The first prime factor of \p N. This may be \c NULL.
|
||||
* \param Q The second prime factor of \p N. This may be \c NULL.
|
||||
* \param D The private exponent. This may be \c NULL.
|
||||
* \param E The public exponent. This may be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A non-zero error code on failure.
|
||||
|
@ -222,16 +223,16 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
|||
* for the lifetime of the RSA context being set up.
|
||||
*
|
||||
* \param ctx The initialized RSA context to store the parameters in.
|
||||
* \param N The RSA modulus, or NULL.
|
||||
* \param N_len The Byte length of \p N, ignored if \p N == NULL.
|
||||
* \param P The first prime factor of \p N, or NULL.
|
||||
* \param P_len The Byte length of \p P, ignored if \p P == NULL.
|
||||
* \param Q The second prime factor of \p N, or NULL.
|
||||
* \param Q_len The Byte length of \p Q, ignored if \p Q == NULL.
|
||||
* \param D The private exponent, or NULL.
|
||||
* \param D_len The Byte length of \p D, ignored if \p D == NULL.
|
||||
* \param E The public exponent, or NULL.
|
||||
* \param E_len The Byte length of \p E, ignored if \p E == NULL.
|
||||
* \param N The RSA modulus. This may be \c NULL.
|
||||
* \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
|
||||
* \param P The first prime factor of \p N. This may be \c NULL.
|
||||
* \param P_len The Byte length of \p P; it ns ignored if \p P == NULL.
|
||||
* \param Q The second prime factor of \p N. This may be \c NULL.
|
||||
* \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
|
||||
* \param D The private exponent. This may be \c NULL.
|
||||
* \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
|
||||
* \param E The public exponent. This may be \c NULL.
|
||||
* \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A non-zero error code on failure.
|
||||
|
@ -299,11 +300,16 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
|
|||
* the RSA context stays intact and remains usable.
|
||||
*
|
||||
* \param ctx The initialized RSA context.
|
||||
* \param N The MPI to hold the RSA modulus, or NULL.
|
||||
* \param P The MPI to hold the first prime factor of \p N, or NULL.
|
||||
* \param Q The MPI to hold the second prime factor of \p N, or NULL.
|
||||
* \param D The MPI to hold the private exponent, or NULL.
|
||||
* \param E The MPI to hold the public exponent, or NULL.
|
||||
* \param N The MPI to hold the RSA modulus.
|
||||
* This may be \c NULL if this field need not be exported.
|
||||
* \param P The MPI to hold the first prime factor of \p N.
|
||||
* This may be \c NULL if this field need not be exported.
|
||||
* \param Q The MPI to hold the second prime factor of \p N.
|
||||
* This may be \c NULL if this field need not be exported.
|
||||
* \param D The MPI to hold the private exponent.
|
||||
* This may be \c NULL if this field need not be exported.
|
||||
* \param E The MPI to hold the public exponent.
|
||||
* This may be \c NULL if this field need not be exported.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
|
||||
|
@ -341,17 +347,20 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
|||
* buffer pointers are NULL.
|
||||
*
|
||||
* \param ctx The initialized RSA context.
|
||||
* \param N The Byte array to store the RSA modulus, or NULL.
|
||||
* \param N The Byte array to store the RSA modulus,
|
||||
* or \c NULL if this field need not be exported.
|
||||
* \param N_len The size of the buffer for the modulus.
|
||||
* \param P The Byte array to hold the first prime factor of \p N, or
|
||||
* NULL.
|
||||
* \param P The Byte array to hold the first prime factor of \p N,
|
||||
* or \c NULL if this field need not be exported.
|
||||
* \param P_len The size of the buffer for the first prime factor.
|
||||
* \param Q The Byte array to hold the second prime factor of \p N, or
|
||||
* NULL.
|
||||
* \param Q The Byte array to hold the second prime factor of \p N,
|
||||
* or \c NULL if this field need not be exported.
|
||||
* \param Q_len The size of the buffer for the second prime factor.
|
||||
* \param D The Byte array to hold the private exponent, or NULL.
|
||||
* \param D The Byte array to hold the private exponent,
|
||||
* or \c NULL if this field need not be exported.
|
||||
* \param D_len The size of the buffer for the private exponent.
|
||||
* \param E The Byte array to hold the public exponent, or NULL.
|
||||
* \param E The Byte array to hold the public exponent,
|
||||
* or \c NULL if this field need not be exported.
|
||||
* \param E_len The size of the buffer for the public exponent.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -375,9 +384,12 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
|||
* mbedtls_rsa_deduce_opt().
|
||||
*
|
||||
* \param ctx The initialized RSA context.
|
||||
* \param DP The MPI to hold D modulo P-1, or NULL.
|
||||
* \param DQ The MPI to hold D modulo Q-1, or NULL.
|
||||
* \param QP The MPI to hold modular inverse of Q modulo P, or NULL.
|
||||
* \param DP The MPI to hold \c D modulo `P-1`,
|
||||
* or \c NULL if it need not be exported.
|
||||
* \param DQ The MPI to hold \c D modulo `Q-1`,
|
||||
* or \c NULL if it need not be exported.
|
||||
* \param QP The MPI to hold modular inverse of \c Q modulo \c P,
|
||||
* or \c NULL if it need not be exported.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A non-zero error code on failure.
|
||||
|
@ -390,13 +402,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
|||
* \brief This function sets padding for an already initialized RSA
|
||||
* context. See mbedtls_rsa_init() for details.
|
||||
*
|
||||
* \param ctx The RSA context to be set.
|
||||
* \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
|
||||
* #MBEDTLS_RSA_PKCS_V21.
|
||||
* \param ctx The initialized RSA context to be configured.
|
||||
* \param padding The padding mode to use. This must be either
|
||||
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
|
||||
* \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
|
||||
*/
|
||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
||||
int hash_id);
|
||||
int hash_id );
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the length of RSA modulus in Bytes.
|
||||
|
@ -414,11 +426,14 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
|
|||
* \note mbedtls_rsa_init() must be called before this function,
|
||||
* to set up the RSA context.
|
||||
*
|
||||
* \param ctx The RSA context used to hold the key.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param ctx The initialized RSA context used to hold the key.
|
||||
* \param f_rng The RNG function to be used for key generation.
|
||||
* This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng.
|
||||
* This may be \c NULL if \p f_rng doesn't need a context.
|
||||
* \param nbits The size of the public key in bits.
|
||||
* \param exponent The public exponent. For example, 65537.
|
||||
* \param exponent The public exponent to use. For example, \c 65537.
|
||||
* This must be odd and greater than \c 1.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -436,7 +451,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
* enough information is present to perform an RSA public key
|
||||
* operation using mbedtls_rsa_public().
|
||||
*
|
||||
* \param ctx The RSA context to check.
|
||||
* \param ctx The initialized RSA context to check.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -475,7 +490,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
|
|||
* parameters, which goes beyond what is effectively checkable
|
||||
* by the library.</li></ul>
|
||||
*
|
||||
* \param ctx The RSA context to check.
|
||||
* \param ctx The initialized RSA context to check.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -487,8 +502,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
|
|||
*
|
||||
* It checks each of the contexts, and makes sure they match.
|
||||
*
|
||||
* \param pub The RSA context holding the public key.
|
||||
* \param prv The RSA context holding the private key.
|
||||
* \param pub The initialized RSA context holding the public key.
|
||||
* \param prv The initialized RSA context holding the private key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -499,18 +514,19 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
|||
/**
|
||||
* \brief This function performs an RSA public key operation.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param input The input buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
* \param output The output buffer. This must be a writable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \note This function does not handle message padding.
|
||||
*
|
||||
* \note Make sure to set \p input[0] = 0 or ensure that
|
||||
* input is smaller than \p N.
|
||||
*
|
||||
* \note The input and output buffers must be large
|
||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param input The input buffer.
|
||||
* \param output The output buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
|
@ -521,9 +537,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
/**
|
||||
* \brief This function performs an RSA private key operation.
|
||||
*
|
||||
* \note The input and output buffers must be large
|
||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note Blinding is used if and only if a PRNG is provided.
|
||||
*
|
||||
* \note If blinding is used, both the base of exponentation
|
||||
|
@ -535,11 +548,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
* Future versions of the library may enforce the presence
|
||||
* of a PRNG.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for blinding.
|
||||
* \param p_rng The RNG context.
|
||||
* \param input The input buffer.
|
||||
* \param output The output buffer.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function, used for blinding. It is discouraged
|
||||
* and deprecated to pass \c NULL here, in which case
|
||||
* blinding will be omitted.
|
||||
* \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
|
||||
* \param input The input buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
* \param output The output buffer. This must be a writable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -558,9 +578,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* It is the generic wrapper for performing a PKCS#1 encryption
|
||||
* operation using the \p mode from the context.
|
||||
*
|
||||
* \note The input and output buffers must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -570,14 +587,24 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1
|
||||
* encoding, and #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ilen The length of the plaintext.
|
||||
* \param input The buffer holding the data to encrypt.
|
||||
* \param output The buffer used to hold the ciphertext.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
|
||||
* encoding, and for PKCS#1 v1.5 padding encoding when used
|
||||
* with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
|
||||
* padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
|
||||
* it is used for blinding and should be provided in this
|
||||
* case; see mbedtls_rsa_private() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. May be
|
||||
* \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
|
||||
* need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param ilen The length of the plaintext in Bytes.
|
||||
* \param input The input data to encrypt. This must be a readable
|
||||
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||
* \param output The output buffer. This must be a writable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -593,9 +620,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 encryption operation
|
||||
* (RSAES-PKCS1-v1_5-ENCRYPT).
|
||||
*
|
||||
* \note The output buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -605,14 +629,22 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for padding and
|
||||
* #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ilen The length of the plaintext.
|
||||
* \param input The buffer holding the data to encrypt.
|
||||
* \param output The buffer used to hold the ciphertext.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. It is needed for padding generation
|
||||
* if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
|
||||
* #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
|
||||
* blinding and should be provided; see mbedtls_rsa_private().
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng is \c NULL or if \p f_rng
|
||||
* doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param ilen The length of the plaintext in Bytes.
|
||||
* \param input The input data to encrypt. This must be a readable
|
||||
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||
* \param output The output buffer. This must be a writable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -640,16 +672,23 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1
|
||||
* encoding and #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initnialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. This is needed for padding
|
||||
* generation and must be provided.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param label The buffer holding the custom label to use.
|
||||
* \param label_len The length of the label.
|
||||
* \param ilen The length of the plaintext.
|
||||
* \param input The buffer holding the data to encrypt.
|
||||
* \param output The buffer used to hold the ciphertext.
|
||||
* This must be a readable buffer of length \p label_len
|
||||
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||
* \param label_len The length of the label in Bytes.
|
||||
* \param ilen The length of the plaintext buffer \p input in Bytes.
|
||||
* \param input The input data to encrypt. This must be a readable
|
||||
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||
* \param output The output buffer. This must be a writable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -677,9 +716,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
* hold the decryption of the particular ciphertext provided,
|
||||
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \note The input buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -689,14 +725,23 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param olen The length of the plaintext.
|
||||
* \param input The buffer holding the encrypted data.
|
||||
* \param output The buffer used to hold the plaintext.
|
||||
* \param output_max_len The maximum length of the output buffer.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. If \p mode is
|
||||
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param olen The address at which to store the length of
|
||||
* the plaintext. This must not be \c NULL.
|
||||
* \param input The ciphertext buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
* \param output The buffer used to hold the plaintext. This must
|
||||
* be a writable buffer of length \p output_max_len Bytes.
|
||||
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -720,9 +765,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
* hold the decryption of the particular ciphertext provided,
|
||||
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \note The input buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -732,14 +774,23 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param olen The length of the plaintext.
|
||||
* \param input The buffer holding the encrypted data.
|
||||
* \param output The buffer to hold the plaintext.
|
||||
* \param output_max_len The maximum length of the output buffer.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. If \p mode is
|
||||
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param olen The address at which to store the length of
|
||||
* the plaintext. This must not be \c NULL.
|
||||
* \param input The ciphertext buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
* \param output The buffer used to hold the plaintext. This must
|
||||
* be a writable buffer of length \p output_max_len Bytes.
|
||||
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -765,9 +816,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
* ciphertext provided, the function returns
|
||||
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \note The input buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -777,16 +825,27 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. If \p mode is
|
||||
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param label The buffer holding the custom label to use.
|
||||
* \param label_len The length of the label.
|
||||
* \param olen The length of the plaintext.
|
||||
* \param input The buffer holding the encrypted data.
|
||||
* \param output The buffer to hold the plaintext.
|
||||
* \param output_max_len The maximum length of the output buffer.
|
||||
* This must be a readable buffer of length \p label_len
|
||||
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||
* \param label_len The length of the label in Bytes.
|
||||
* \param olen The address at which to store the length of
|
||||
* the plaintext. This must not be \c NULL.
|
||||
* \param input The ciphertext buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
* \param output The buffer used to hold the plaintext. This must
|
||||
* be a writable buffer of length \p output_max_len Bytes.
|
||||
* \param output_max_len The length in Bytes of the output buffer \p output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -824,16 +883,28 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
|
||||
* #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
|
||||
* this must be provided. If the padding mode is PKCS#1 v1.5 and
|
||||
* \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
|
||||
* and should be provided; see mbedtls_rsa_private() for more
|
||||
* more. It is ignored otherwise.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer to hold the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer to hold the signature. This must be a writable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the signing operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -851,9 +922,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 signature
|
||||
* operation (RSASSA-PKCS1-v1_5-SIGN).
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -863,15 +931,27 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. If \p mode is
|
||||
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer to hold the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer to hold the signature. This must be a writable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the signing operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -889,9 +969,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||
* operation (RSASSA-PSS-SIGN).
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note The \p hash_id in the RSA context is the one used for the
|
||||
* encoding. \p md_alg in the function call is the type of hash
|
||||
* that is encoded. According to <em>RFC-3447: Public-Key
|
||||
|
@ -918,16 +995,24 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA context.
|
||||
* \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
|
||||
* #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. It must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer to hold the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer to hold the signature. This must be a writable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the signing operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -948,9 +1033,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
* This is the generic wrapper for performing a PKCS#1
|
||||
* verification using the mode from the context.
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note For PKCS#1 v2.1 encoding, see comments on
|
||||
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
|
||||
* \p hash_id.
|
||||
|
@ -964,15 +1046,26 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA public key context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer holding the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer holding the signature. This must be a readable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the verify operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -990,9 +1083,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 verification
|
||||
* operation (RSASSA-PKCS1-v1_5-VERIFY).
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
|
@ -1002,15 +1092,26 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA public key context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer holding the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer holding the signature. This must be a readable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the verify operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -1031,9 +1132,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
* The hash function for the MGF mask generating function
|
||||
* is that specified in the RSA context.
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note The \p hash_id in the RSA context is the one used for the
|
||||
* verification. \p md_alg in the function call is the type of
|
||||
* hash that is verified. According to <em>RFC-3447: Public-Key
|
||||
|
@ -1051,15 +1149,26 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The RSA public key context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param sig The buffer holding the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param sig The buffer holding the signature. This must be a readable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the verify operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -1085,19 +1194,29 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
*
|
||||
* \note The \p hash_id in the RSA context is ignored.
|
||||
*
|
||||
* \param ctx The RSA public key context.
|
||||
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
|
||||
* \param p_rng The RNG context.
|
||||
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest. Only used if \p md_alg is
|
||||
* #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest.
|
||||
* \param mgf1_hash_id The message digest used for mask generation.
|
||||
* \param expected_salt_len The length of the salt used in padding. Use
|
||||
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
|
||||
* \param sig The buffer holding the ciphertext.
|
||||
* \param hashlen The length of the message digest.
|
||||
* This is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param mgf1_hash_id The message digest used for mask generation.
|
||||
* \param expected_salt_len The length of the salt used in padding. Use
|
||||
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
|
||||
* \param sig The buffer holding the signature. This must be a readable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
*
|
||||
* \return \c 0 if the verify operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
|
@ -1116,8 +1235,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
/**
|
||||
* \brief This function copies the components of an RSA context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The source context.
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The source context. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
|
||||
|
@ -1127,7 +1246,9 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
|||
/**
|
||||
* \brief This function frees the components of an RSA key.
|
||||
*
|
||||
* \param ctx The RSA Context to free.
|
||||
* \param ctx The RSA context to free. May be \c NULL, in which case
|
||||
* this function is a no-op. If it is not \c NULL, it must
|
||||
* point to an initialized RSA context.
|
||||
*/
|
||||
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
|
||||
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
|
||||
/* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< SHA-1 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -79,6 +80,7 @@ mbedtls_sha1_context;
|
|||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
@ -90,7 +92,10 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear.
|
||||
* \param ctx The SHA-1 context to clear. This may be \c NULL,
|
||||
* in which case this function does nothing. If it is
|
||||
* not \c NULL, it must point to an initialized
|
||||
* SHA-1 context.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
@ -102,8 +107,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param dst The SHA-1 context to clone to.
|
||||
* \param src The SHA-1 context to clone from.
|
||||
* \param dst The SHA-1 context to clone to. This must be initialized.
|
||||
* \param src The SHA-1 context to clone from. This must be initialized.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
|
@ -116,9 +121,10 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
* \param ctx The SHA-1 context to initialize. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
||||
|
@ -131,11 +137,14 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param ctx The SHA-1 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -149,10 +158,13 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* \param ctx The SHA-1 context to use. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-1 checksum result. This must be a writable
|
||||
* buffer of length \c 20 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
@ -164,10 +176,12 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
|||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
* \param ctx The SHA-1 context to use. This must be initialized.
|
||||
* \param data The data block being processed. This must be a
|
||||
* readable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
|
@ -188,7 +202,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
* \param ctx The SHA-1 context to initialize. This must be initialized.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
@ -203,9 +217,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param ctx The SHA-1 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
|
@ -222,9 +238,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param ctx The SHA-1 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* This must be a writable buffer of length \c 20 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
@ -238,8 +255,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param ctx The SHA-1 context. This must be initialized.
|
||||
* \param data The data block being processed.
|
||||
* This must be a readable buffer of length \c 64 bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
|
@ -262,10 +280,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* This must be a writable buffer of length \c 20 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_ret( const unsigned char *input,
|
||||
|
@ -294,8 +315,10 @@ int mbedtls_sha1_ret( const unsigned char *input,
|
|||
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
* \param output The SHA-1 checksum result. This must be a writable
|
||||
* buffer of size \c 20 Bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
|
||||
/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -71,22 +72,24 @@ mbedtls_sha256_context;
|
|||
/**
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to clear.
|
||||
* \param ctx The SHA-256 context to clear. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not \c NULL,
|
||||
* it must point to an initialized SHA-256 context.
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-256 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The context to clone. This must be initialized.
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
@ -95,11 +98,12 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
|||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 This determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
|
@ -107,11 +111,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
|||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -121,10 +128,13 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
|||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* This must be a writable buffer of length \c 32 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
@ -134,10 +144,12 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
|||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must
|
||||
* be a readable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
@ -152,12 +164,11 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
|
@ -168,9 +179,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-256 context to use. This must be
|
||||
* initialized and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -182,8 +195,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param ctx The SHA-256 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
@ -195,8 +210,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must be
|
||||
* a readable buffer of size \c 64 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
@ -214,11 +230,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
|||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must
|
||||
* be a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -244,11 +262,13 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
|
||||
/* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< SHA-512 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -70,22 +71,26 @@ mbedtls_sha512_context;
|
|||
/**
|
||||
* \brief This function initializes a SHA-512 context.
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param ctx The SHA-512 context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-512 context.
|
||||
*
|
||||
* \param ctx The SHA-512 context to clear.
|
||||
* \param ctx The SHA-512 context to clear. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must point to an initialized
|
||||
* SHA-512 context.
|
||||
*/
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-512 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The context to clone. This must be initialized.
|
||||
*/
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src );
|
||||
|
@ -94,11 +99,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
|||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
* \param ctx The SHA-512 context to use. This must be initialized.
|
||||
* \param is384 Determines which function to use. This must be
|
||||
* either \c for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
|
||||
|
||||
|
@ -106,11 +112,14 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
|
|||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -121,10 +130,13 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
|||
* the result to the output buffer. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* This must be a writable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
@ -133,10 +145,12 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
|||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-512 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This
|
||||
* must be a readable buffer of length \c 128 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
|
@ -152,9 +166,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
* \param ctx The SHA-512 context to use. This must be initialized.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512 or \c 1 for SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 );
|
||||
|
@ -165,9 +179,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -179,8 +195,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-384 or SHA-512 checksum result. This must
|
||||
* be a writable buffer of size \c 64 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
@ -192,8 +210,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-512 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must be
|
||||
* a readable buffer of length \c 128 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
||||
mbedtls_sha512_context *ctx,
|
||||
|
@ -212,13 +231,16 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
|||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param input The buffer holding the input data. This must be
|
||||
* a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
* This must be a writable buffer of length \c 64 Bytes.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -243,11 +265,13 @@ int mbedtls_sha512_ret( const unsigned char *input,
|
|||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
* \param input The buffer holding the data. This must be a
|
||||
* readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-384 or SHA-512 checksum result. This must
|
||||
* be a writable buffer of length \c 64 Bytes.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
|
|
@ -2044,6 +2044,14 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
|
|||
* whether it matches those preferences - the server can then
|
||||
* decide what it wants to do with it.
|
||||
*
|
||||
* \note The provided \p pk_key needs to match the public key in the
|
||||
* first certificate in \p own_cert, or all handshakes using
|
||||
* that certificate will fail. It is your responsibility
|
||||
* to ensure that; this function will not perform any check.
|
||||
* You may use mbedtls_pk_check_pair() in order to perform
|
||||
* this check yourself, but be aware that this function can
|
||||
* be computationally expensive on some key types.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param own_cert own public certificate chain
|
||||
* \param pk_key own private key
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 14
|
||||
#define MBEDTLS_VERSION_MINOR 16
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
|
@ -47,9 +47,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x020E0000
|
||||
#define MBEDTLS_VERSION_STRING "2.14.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.14.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02100000
|
||||
#define MBEDTLS_VERSION_STRING "2.16.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -232,19 +232,34 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
|
|||
size_t buflen );
|
||||
|
||||
/**
|
||||
* \brief Parse one or more certificates and add them
|
||||
* to the chained list. Parses permissively. If some
|
||||
* certificates can be parsed, the result is the number
|
||||
* of failed certificates it encountered. If none complete
|
||||
* correctly, the first error is returned.
|
||||
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
|
||||
* certificates and add them to the chained list.
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the certificate data in PEM or DER format
|
||||
* \param buflen size of the buffer
|
||||
* (including the terminating null byte for PEM data)
|
||||
* For CRTs in PEM encoding, the function parses permissively:
|
||||
* if at least one certificate can be parsed, the function
|
||||
* returns the number of certificates for which parsing failed
|
||||
* (hence \c 0 if all certificates were parsed successfully).
|
||||
* If no certificate could be parsed, the function returns
|
||||
* the first (negative) error encountered during parsing.
|
||||
*
|
||||
* PEM encoded certificates may be interleaved by other data
|
||||
* such as human readable descriptions of their content, as
|
||||
* long as the certificates are enclosed in the PEM specific
|
||||
* '-----{BEGIN/END} CERTIFICATE-----' delimiters.
|
||||
*
|
||||
* \param chain The chain to which to add the parsed certificates.
|
||||
* \param buf The buffer holding the certificate data in PEM or DER format.
|
||||
* For certificates in PEM encoding, this may be a concatenation
|
||||
* of multiple certificates; for DER encoding, the buffer must
|
||||
* comprise exactly one certificate.
|
||||
* \param buflen The size of \p buf, including the terminating \c NULL byte
|
||||
* in case of PEM encoded data.
|
||||
*
|
||||
* \return \c 0 if all certificates were parsed successfully.
|
||||
* \return The (positive) number of certificates that couldn't
|
||||
* be parsed if parsing was partly successful (see above).
|
||||
* \return A negative X509 or PEM error code otherwise.
|
||||
*
|
||||
* \return 0 if all certificates parsed successfully, a positive number
|
||||
* if partly successful or a specific X509 or PEM error code
|
||||
*/
|
||||
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
|
||||
|
||||
|
|
|
@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.14.0 SOVERSION 3)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.14.0 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.14.0 SOVERSION 12)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
|
121
library/aes.c
121
library/aes.c
|
@ -56,6 +56,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define AES_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
|
||||
#define AES_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -511,6 +517,8 @@ static void aes_gen_tables( void )
|
|||
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
||||
{
|
||||
AES_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
||||
}
|
||||
|
||||
|
@ -525,12 +533,17 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
|
|||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
|
||||
{
|
||||
AES_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_aes_init( &ctx->crypt );
|
||||
mbedtls_aes_init( &ctx->tweak );
|
||||
}
|
||||
|
||||
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_aes_free( &ctx->crypt );
|
||||
mbedtls_aes_free( &ctx->tweak );
|
||||
}
|
||||
|
@ -546,14 +559,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
unsigned int i;
|
||||
uint32_t *RK;
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
|
||||
}
|
||||
#endif
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
switch( keybits )
|
||||
{
|
||||
|
@ -563,6 +570,14 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||
if( aes_padlock_ace == -1 )
|
||||
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
||||
|
@ -662,6 +677,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
uint32_t *RK;
|
||||
uint32_t *SK;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
mbedtls_aes_init( &cty );
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||
|
@ -752,6 +770,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
|||
const unsigned char *key1, *key2;
|
||||
unsigned int key1bits, key2bits;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
|
||||
&key2, &key2bits );
|
||||
if( ret != 0 )
|
||||
|
@ -774,6 +795,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
|||
const unsigned char *key1, *key2;
|
||||
unsigned int key1bits, key2bits;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
|
||||
&key2, &key2bits );
|
||||
if( ret != 0 )
|
||||
|
@ -977,10 +1001,16 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
* AES-ECB block encryption/decryption
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
|
||||
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
|
||||
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
|
||||
|
@ -1018,6 +1048,13 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
int i;
|
||||
unsigned char temp[16];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( length % 16 )
|
||||
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||
|
||||
|
@ -1143,6 +1180,13 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||
unsigned char prev_tweak[16];
|
||||
unsigned char tmp[16];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( data_unit != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
/* Data units must be at least 16 bytes long. */
|
||||
if( length < 16 )
|
||||
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||
|
@ -1242,7 +1286,20 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv_off != NULL );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
|
||||
if( n > 15 )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
|
@ -1280,15 +1337,21 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
* AES-CFB8 buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
unsigned char c;
|
||||
unsigned char ov[17];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
while( length-- )
|
||||
{
|
||||
memcpy( ov, iv, 16 );
|
||||
|
@ -1321,7 +1384,18 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( iv_off != NULL );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
|
||||
if( n > 15 )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
|
@ -1356,7 +1430,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( nc_off != NULL );
|
||||
AES_VALIDATE_RET( nonce_counter != NULL );
|
||||
AES_VALIDATE_RET( stream_block != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
|
||||
if ( n > 0x0F )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
|
|
@ -55,6 +55,12 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define ARIA_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
|
||||
#define ARIA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -449,9 +455,11 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
|||
|
||||
int i;
|
||||
uint32_t w[4][4], *w2;
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( key != NULL );
|
||||
|
||||
if( keybits != 128 && keybits != 192 && keybits != 256 )
|
||||
return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH );
|
||||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||
|
||||
/* Copy key to W0 (and potential remainder to W1) */
|
||||
GET_UINT32_LE( w[0][0], key, 0 );
|
||||
|
@ -503,6 +511,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
|||
const unsigned char *key, unsigned int keybits )
|
||||
{
|
||||
int i, j, k, ret;
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
|
||||
if( ret != 0 )
|
||||
|
@ -539,6 +549,9 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
|||
int i;
|
||||
|
||||
uint32_t a, b, c, d;
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( input != NULL );
|
||||
ARIA_VALIDATE_RET( output != NULL );
|
||||
|
||||
GET_UINT32_LE( a, input, 0 );
|
||||
GET_UINT32_LE( b, input, 4 );
|
||||
|
@ -586,6 +599,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
|||
/* Initialize context */
|
||||
void mbedtls_aria_init( mbedtls_aria_context *ctx )
|
||||
{
|
||||
ARIA_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_aria_context ) );
|
||||
}
|
||||
|
||||
|
@ -612,6 +626,13 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
|||
int i;
|
||||
unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
|
||||
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
|
||||
mode == MBEDTLS_ARIA_DECRYPT );
|
||||
ARIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
ARIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
ARIA_VALIDATE_RET( iv != NULL );
|
||||
|
||||
if( length % MBEDTLS_ARIA_BLOCKSIZE )
|
||||
return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
|
||||
|
||||
|
@ -665,7 +686,23 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
unsigned char c;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
|
||||
mode == MBEDTLS_ARIA_DECRYPT );
|
||||
ARIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
ARIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
ARIA_VALIDATE_RET( iv != NULL );
|
||||
ARIA_VALIDATE_RET( iv_off != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
|
||||
/* An overly large value of n can lead to an unlimited
|
||||
* buffer overflow. Therefore, guard against this
|
||||
* outside of parameter validation. */
|
||||
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
|
||||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_ARIA_DECRYPT )
|
||||
{
|
||||
|
@ -713,7 +750,21 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
size_t n;
|
||||
|
||||
ARIA_VALIDATE_RET( ctx != NULL );
|
||||
ARIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
ARIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
ARIA_VALIDATE_RET( nonce_counter != NULL );
|
||||
ARIA_VALIDATE_RET( stream_block != NULL );
|
||||
ARIA_VALIDATE_RET( nc_off != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
/* An overly large value of n can lead to an unlimited
|
||||
* buffer overflow. Therefore, guard against this
|
||||
* outside of parameter validation. */
|
||||
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
|
||||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
|
|
|
@ -331,14 +331,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
|
|||
return( (int) len );
|
||||
}
|
||||
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
|
||||
|
||||
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
|
||||
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
|
||||
static mbedtls_asn1_named_data *asn1_find_named_data(
|
||||
mbedtls_asn1_named_data *list,
|
||||
const char *oid, size_t len )
|
||||
{
|
||||
while( list != NULL )
|
||||
{
|
||||
if( list->oid.len == len &&
|
||||
memcmp( list->oid.p, oid, len ) == 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
list = list->next;
|
||||
}
|
||||
|
||||
return( list );
|
||||
}
|
||||
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
|
||||
mbedtls_asn1_named_data **head,
|
||||
const char *oid, size_t oid_len,
|
||||
const unsigned char *val,
|
||||
size_t val_len )
|
||||
{
|
||||
mbedtls_asn1_named_data *cur;
|
||||
|
||||
if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
|
||||
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
|
||||
{
|
||||
// Add new entry if not present yet based on OID
|
||||
//
|
||||
|
|
179
library/bignum.c
179
library/bignum.c
|
@ -59,6 +59,11 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#define MPI_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
|
||||
#define MPI_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
|
||||
#define biL (ciL << 3) /* bits in limb */
|
||||
#define biH (ciL << 2) /* half limb size */
|
||||
|
@ -83,8 +88,7 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
|
|||
*/
|
||||
void mbedtls_mpi_init( mbedtls_mpi *X )
|
||||
{
|
||||
if( X == NULL )
|
||||
return;
|
||||
MPI_VALIDATE( X != NULL );
|
||||
|
||||
X->s = 1;
|
||||
X->n = 0;
|
||||
|
@ -116,6 +120,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X )
|
|||
int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
|
||||
{
|
||||
mbedtls_mpi_uint *p;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
@ -147,6 +152,10 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
|||
{
|
||||
mbedtls_mpi_uint *p;
|
||||
size_t i;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
/* Actually resize up in this case */
|
||||
if( X->n <= nblimbs )
|
||||
|
@ -183,6 +192,8 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
|
|||
{
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( Y != NULL );
|
||||
|
||||
if( X == Y )
|
||||
return( 0 );
|
||||
|
@ -222,6 +233,8 @@ cleanup:
|
|||
void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
|
||||
{
|
||||
mbedtls_mpi T;
|
||||
MPI_VALIDATE( X != NULL );
|
||||
MPI_VALIDATE( Y != NULL );
|
||||
|
||||
memcpy( &T, X, sizeof( mbedtls_mpi ) );
|
||||
memcpy( X, Y, sizeof( mbedtls_mpi ) );
|
||||
|
@ -237,6 +250,8 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned
|
|||
{
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( Y != NULL );
|
||||
|
||||
/* make sure assign is 0 or 1 in a time-constant manner */
|
||||
assign = (assign | (unsigned char)-assign) >> 7;
|
||||
|
@ -266,6 +281,8 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw
|
|||
int ret, s;
|
||||
size_t i;
|
||||
mbedtls_mpi_uint tmp;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( Y != NULL );
|
||||
|
||||
if( X == Y )
|
||||
return( 0 );
|
||||
|
@ -298,6 +315,7 @@ cleanup:
|
|||
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
|
||||
{
|
||||
int ret;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
|
||||
memset( X->p, 0, X->n * ciL );
|
||||
|
@ -315,12 +333,18 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
|
||||
{
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
if( X->n * biL <= pos )
|
||||
return( 0 );
|
||||
|
||||
return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
|
||||
}
|
||||
|
||||
/* Get a specific byte, without range checks. */
|
||||
#define GET_BYTE( X, i ) \
|
||||
( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
|
||||
|
||||
/*
|
||||
* Set a bit to a specific value of 0 or 1
|
||||
*/
|
||||
|
@ -329,6 +353,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
|
|||
int ret = 0;
|
||||
size_t off = pos / biL;
|
||||
size_t idx = pos % biL;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
if( val != 0 && val != 1 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
@ -355,6 +380,7 @@ cleanup:
|
|||
size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
|
||||
{
|
||||
size_t i, j, count = 0;
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
|
||||
|
||||
for( i = 0; i < X->n; i++ )
|
||||
for( j = 0; j < biL; j++, count++ )
|
||||
|
@ -435,6 +461,8 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
|||
size_t i, j, slen, n;
|
||||
mbedtls_mpi_uint d;
|
||||
mbedtls_mpi T;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( s != NULL );
|
||||
|
||||
if( radix < 2 || radix > 16 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
@ -535,6 +563,9 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
|
|||
size_t n;
|
||||
char *p;
|
||||
mbedtls_mpi T;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( olen != NULL );
|
||||
MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
|
||||
|
||||
if( radix < 2 || radix > 16 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
@ -616,6 +647,12 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
|
|||
*/
|
||||
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
|
||||
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( fin != NULL );
|
||||
|
||||
if( radix < 2 || radix > 16 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
memset( s, 0, sizeof( s ) );
|
||||
if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
|
||||
|
@ -647,6 +684,10 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE
|
|||
* newline characters and '\0'
|
||||
*/
|
||||
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
if( radix < 2 || radix > 16 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
memset( s, 0, sizeof( s ) );
|
||||
|
||||
|
@ -683,6 +724,9 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu
|
|||
size_t i, j;
|
||||
size_t const limbs = CHARS_TO_LIMBS( buflen );
|
||||
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
|
||||
|
||||
/* Ensure that target MPI has exactly the necessary number of limbs */
|
||||
if( X->n != limbs )
|
||||
{
|
||||
|
@ -704,19 +748,45 @@ cleanup:
|
|||
/*
|
||||
* Export X into unsigned binary data, big endian
|
||||
*/
|
||||
int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
|
||||
int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
|
||||
unsigned char *buf, size_t buflen )
|
||||
{
|
||||
size_t i, j, n;
|
||||
size_t stored_bytes;
|
||||
size_t bytes_to_copy;
|
||||
unsigned char *p;
|
||||
size_t i;
|
||||
|
||||
n = mbedtls_mpi_size( X );
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
|
||||
|
||||
if( buflen < n )
|
||||
return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
|
||||
stored_bytes = X->n * ciL;
|
||||
|
||||
memset( buf, 0, buflen );
|
||||
if( stored_bytes < buflen )
|
||||
{
|
||||
/* There is enough space in the output buffer. Write initial
|
||||
* null bytes and record the position at which to start
|
||||
* writing the significant bytes. In this case, the execution
|
||||
* trace of this function does not depend on the value of the
|
||||
* number. */
|
||||
bytes_to_copy = stored_bytes;
|
||||
p = buf + buflen - stored_bytes;
|
||||
memset( buf, 0, buflen - stored_bytes );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* The output buffer is smaller than the allocated size of X.
|
||||
* However X may fit if its leading bytes are zero. */
|
||||
bytes_to_copy = buflen;
|
||||
p = buf;
|
||||
for( i = bytes_to_copy; i < stored_bytes; i++ )
|
||||
{
|
||||
if( GET_BYTE( X, i ) != 0 )
|
||||
return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
|
||||
}
|
||||
}
|
||||
|
||||
for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
|
||||
buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
|
||||
for( i = 0; i < bytes_to_copy; i++ )
|
||||
p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -729,6 +799,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
|
|||
int ret;
|
||||
size_t i, v0, t1;
|
||||
mbedtls_mpi_uint r0 = 0, r1;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
v0 = count / (biL );
|
||||
t1 = count & (biL - 1);
|
||||
|
@ -778,6 +849,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
|
|||
{
|
||||
size_t i, v0, v1;
|
||||
mbedtls_mpi_uint r0 = 0, r1;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
v0 = count / biL;
|
||||
v1 = count & (biL - 1);
|
||||
|
@ -820,6 +892,8 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
|
|||
int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
|
||||
{
|
||||
size_t i, j;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( Y != NULL );
|
||||
|
||||
for( i = X->n; i > 0; i-- )
|
||||
if( X->p[i - 1] != 0 )
|
||||
|
@ -850,6 +924,8 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
|
|||
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
|
||||
{
|
||||
size_t i, j;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( Y != NULL );
|
||||
|
||||
for( i = X->n; i > 0; i-- )
|
||||
if( X->p[i - 1] != 0 )
|
||||
|
@ -884,6 +960,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
|
|||
{
|
||||
mbedtls_mpi Y;
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
*p = ( z < 0 ) ? -z : z;
|
||||
Y.s = ( z < 0 ) ? -1 : 1;
|
||||
|
@ -901,6 +978,9 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
int ret;
|
||||
size_t i, j;
|
||||
mbedtls_mpi_uint *o, *p, c, tmp;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
if( X == B )
|
||||
{
|
||||
|
@ -978,6 +1058,9 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
mbedtls_mpi TB;
|
||||
int ret;
|
||||
size_t n;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
|
||||
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
|
||||
|
@ -1018,8 +1101,12 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
{
|
||||
int ret, s = A->s;
|
||||
int ret, s;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
s = A->s;
|
||||
if( A->s * B->s < 0 )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
|
||||
|
@ -1049,8 +1136,12 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
{
|
||||
int ret, s = A->s;
|
||||
int ret, s;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
s = A->s;
|
||||
if( A->s * B->s > 0 )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
|
||||
|
@ -1082,6 +1173,8 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
|
|||
{
|
||||
mbedtls_mpi _B;
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
_B.s = ( b < 0 ) ? -1 : 1;
|
||||
|
@ -1098,6 +1191,8 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
|
|||
{
|
||||
mbedtls_mpi _B;
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
_B.s = ( b < 0 ) ? -1 : 1;
|
||||
|
@ -1187,6 +1282,9 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
int ret;
|
||||
size_t i, j;
|
||||
mbedtls_mpi TA, TB;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
|
||||
|
||||
|
@ -1223,6 +1321,8 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
|
|||
{
|
||||
mbedtls_mpi _B;
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
_B.s = 1;
|
||||
_B.n = 1;
|
||||
|
@ -1331,11 +1431,14 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
|
|||
/*
|
||||
* Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
|
||||
*/
|
||||
int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
|
||||
const mbedtls_mpi *B )
|
||||
{
|
||||
int ret;
|
||||
size_t i, n, t, k;
|
||||
mbedtls_mpi X, Y, Z, T1, T2;
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
|
||||
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
|
||||
|
@ -1446,10 +1549,13 @@ cleanup:
|
|||
/*
|
||||
* Division by int: A = Q * b + R
|
||||
*/
|
||||
int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
|
||||
int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
|
||||
const mbedtls_mpi *A,
|
||||
mbedtls_mpi_sint b )
|
||||
{
|
||||
mbedtls_mpi _B;
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
_B.s = ( b < 0 ) ? -1 : 1;
|
||||
|
@ -1465,6 +1571,9 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, m
|
|||
int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
{
|
||||
int ret;
|
||||
MPI_VALIDATE_RET( R != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
|
||||
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
|
||||
|
@ -1489,6 +1598,8 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_
|
|||
{
|
||||
size_t i;
|
||||
mbedtls_mpi_uint x, y, z;
|
||||
MPI_VALIDATE_RET( r != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
if( b == 0 )
|
||||
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
|
||||
|
@ -1602,7 +1713,8 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi
|
|||
/*
|
||||
* Montgomery reduction: A = A * R^-1 mod N
|
||||
*/
|
||||
static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
|
||||
static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
|
||||
mbedtls_mpi_uint mm, const mbedtls_mpi *T )
|
||||
{
|
||||
mbedtls_mpi_uint z = 1;
|
||||
mbedtls_mpi U;
|
||||
|
@ -1616,7 +1728,9 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint m
|
|||
/*
|
||||
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
|
||||
*/
|
||||
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
|
||||
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
|
||||
const mbedtls_mpi *E, const mbedtls_mpi *N,
|
||||
mbedtls_mpi *_RR )
|
||||
{
|
||||
int ret;
|
||||
size_t wbits, wsize, one = 1;
|
||||
|
@ -1626,6 +1740,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
|
||||
int neg;
|
||||
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( E != NULL );
|
||||
MPI_VALIDATE_RET( N != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1830,6 +1949,10 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
|
|||
size_t lz, lzt;
|
||||
mbedtls_mpi TG, TA, TB;
|
||||
|
||||
MPI_VALIDATE_RET( G != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
|
||||
|
@ -1886,6 +2009,8 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
|||
{
|
||||
int ret;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( size > MBEDTLS_MPI_MAX_SIZE )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
@ -1905,6 +2030,9 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
{
|
||||
int ret;
|
||||
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( N != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
@ -2064,7 +2192,11 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
|
|||
size_t i, j, k, s;
|
||||
mbedtls_mpi W, R, T, A, RR;
|
||||
|
||||
mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
|
||||
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
|
||||
mbedtls_mpi_init( &RR );
|
||||
|
||||
/*
|
||||
|
@ -2136,7 +2268,8 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
|
|||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
|
||||
mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
|
||||
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
|
||||
mbedtls_mpi_free( &RR );
|
||||
|
||||
return( ret );
|
||||
|
@ -2151,6 +2284,8 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
|
|||
{
|
||||
int ret;
|
||||
mbedtls_mpi XX;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
XX.s = 1;
|
||||
XX.n = X->n;
|
||||
|
@ -2182,12 +2317,15 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
/*
|
||||
* In the past our key generation aimed for an error rate of at most
|
||||
* 2^-80. Since this function is deprecated, aim for the same certainty
|
||||
* here as well.
|
||||
*/
|
||||
return mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng );
|
||||
return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -2215,6 +2353,9 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
|
|||
mbedtls_mpi_uint r;
|
||||
mbedtls_mpi Y;
|
||||
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
|
|
|
@ -40,6 +40,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define BLOWFISH_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
|
||||
#define BLOWFISH_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -153,6 +159,7 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
|
|||
|
||||
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
|
||||
{
|
||||
BLOWFISH_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
|
||||
}
|
||||
|
||||
|
@ -167,16 +174,20 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
|
|||
/*
|
||||
* Blowfish key schedule
|
||||
*/
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
unsigned int i, j, k;
|
||||
uint32_t data, datal, datar;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( key != NULL );
|
||||
|
||||
if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
|
||||
( keybits % 8 ) )
|
||||
if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
|
||||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
|
||||
keybits % 8 != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
keybits >>= 3;
|
||||
|
@ -231,6 +242,11 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
|||
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
|
||||
{
|
||||
uint32_t X0, X1;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( output != NULL );
|
||||
|
||||
GET_UINT32_BE( X0, input, 0 );
|
||||
GET_UINT32_BE( X1, input, 4 );
|
||||
|
@ -263,6 +279,12 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
|||
{
|
||||
int i;
|
||||
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( iv != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
|
||||
return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
|
||||
|
@ -317,7 +339,19 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( iv != NULL );
|
||||
BLOWFISH_VALIDATE_RET( iv_off != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
if( n >= 8 )
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
|
||||
{
|
||||
|
@ -365,7 +399,17 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
size_t n;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
|
||||
BLOWFISH_VALIDATE_RET( stream_block != NULL );
|
||||
BLOWFISH_VALIDATE_RET( nc_off != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
if( n >= 8 )
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
|
|
|
@ -49,6 +49,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CAMELLIA_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
|
||||
#define CAMELLIA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -321,6 +327,7 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
|
|||
|
||||
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
|
||||
{
|
||||
CAMELLIA_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
|
||||
}
|
||||
|
||||
|
@ -335,8 +342,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
|
|||
/*
|
||||
* Camellia key schedule (encryption)
|
||||
*/
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
int idx;
|
||||
size_t i;
|
||||
|
@ -346,6 +354,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
|
|||
uint32_t KC[16];
|
||||
uint32_t TK[20];
|
||||
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( key != NULL );
|
||||
|
||||
RK = ctx->rk;
|
||||
|
||||
memset( t, 0, 64 );
|
||||
|
@ -356,7 +367,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
|
|||
case 128: ctx->nr = 3; idx = 0; break;
|
||||
case 192:
|
||||
case 256: ctx->nr = 4; idx = 1; break;
|
||||
default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
|
||||
default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
for( i = 0; i < keybits / 8; ++i )
|
||||
|
@ -440,14 +451,17 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
|
|||
/*
|
||||
* Camellia key schedule (decryption)
|
||||
*/
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
int idx, ret;
|
||||
size_t i;
|
||||
mbedtls_camellia_context cty;
|
||||
uint32_t *RK;
|
||||
uint32_t *SK;
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( key != NULL );
|
||||
|
||||
mbedtls_camellia_init( &cty );
|
||||
|
||||
|
@ -495,6 +509,11 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
{
|
||||
int NR;
|
||||
uint32_t *RK, X[4];
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
|
||||
mode == MBEDTLS_CAMELLIA_DECRYPT );
|
||||
CAMELLIA_VALIDATE_RET( input != NULL );
|
||||
CAMELLIA_VALIDATE_RET( output != NULL );
|
||||
|
||||
( (void) mode );
|
||||
|
||||
|
@ -552,14 +571,20 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
* Camellia-CBC buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
unsigned char temp[16];
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
|
||||
mode == MBEDTLS_CAMELLIA_DECRYPT );
|
||||
CAMELLIA_VALIDATE_RET( iv != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( length % 16 )
|
||||
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
|
||||
|
@ -614,7 +639,18 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
|
||||
mode == MBEDTLS_CAMELLIA_DECRYPT );
|
||||
CAMELLIA_VALIDATE_RET( iv != NULL );
|
||||
CAMELLIA_VALIDATE_RET( iv_off != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
if( n >= 16 )
|
||||
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
|
||||
{
|
||||
|
@ -662,7 +698,17 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
size_t n;
|
||||
CAMELLIA_VALIDATE_RET( ctx != NULL );
|
||||
CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
|
||||
CAMELLIA_VALIDATE_RET( stream_block != NULL );
|
||||
CAMELLIA_VALIDATE_RET( nc_off != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
if( n >= 16 )
|
||||
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
|
|
|
@ -52,6 +52,11 @@
|
|||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
|
||||
#define CCM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
|
||||
#define CCM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
#define CCM_DECRYPT 1
|
||||
|
||||
|
@ -60,6 +65,7 @@
|
|||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
CCM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
|
@ -71,6 +77,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
int ret;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( key != NULL );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
@ -97,6 +106,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
@ -310,6 +321,12 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
|
||||
add, add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
@ -320,6 +337,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
|
@ -341,6 +364,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, check_tag, tag_len ) ) != 0 )
|
||||
|
@ -367,6 +397,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
|
|
|
@ -53,6 +53,12 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHA20_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
|
||||
#define CHACHA20_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
( (uint32_t) data[offset] \
|
||||
| (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \
|
||||
|
@ -181,14 +187,13 @@ static void chacha20_block( const uint32_t initial_state[16],
|
|||
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
CHACHA20_VALIDATE( ctx != NULL );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
|
||||
|
@ -202,10 +207,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
|
|||
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( key == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* ChaCha20 constants - the string "expand 32-byte k" */
|
||||
ctx->state[0] = 0x61707865;
|
||||
|
@ -230,10 +233,8 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||
const unsigned char nonce[12],
|
||||
uint32_t counter )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( nonce == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Counter */
|
||||
ctx->state[12] = counter;
|
||||
|
@ -259,15 +260,9 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||
size_t offset = 0U;
|
||||
size_t i;
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
|
||||
{
|
||||
/* input and output pointers are allowed to be NULL only if size == 0 */
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
|
||||
|
||||
/* Use leftover keystream bytes, if available */
|
||||
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
|
||||
|
@ -332,6 +327,11 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
|
|||
mbedtls_chacha20_context ctx;
|
||||
int ret;
|
||||
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx, key );
|
||||
|
|
|
@ -44,6 +44,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHAPOLY_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
|
||||
#define CHACHAPOLY_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CHACHAPOLY_STATE_INIT ( 0 )
|
||||
#define CHACHAPOLY_STATE_AAD ( 1 )
|
||||
#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
|
||||
|
@ -90,39 +96,35 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
|
|||
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_chacha20_init( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_init( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
CHACHAPOLY_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_init( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_chacha20_free( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_free( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_chacha20_free( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_free( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ctx == NULL ) || ( key == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
|
||||
|
||||
|
@ -135,11 +137,8 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char poly1305_key[64];
|
||||
|
||||
if( ( ctx == NULL ) || ( nonce == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
|
||||
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
|
||||
|
@ -176,19 +175,11 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
|||
const unsigned char *aad,
|
||||
size_t aad_len )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( aad_len > 0U ) && ( aad == NULL ) )
|
||||
{
|
||||
/* aad pointer is allowed to be NULL if aad_len == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ctx->state != CHACHAPOLY_STATE_AAD )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
|
||||
if( ctx->state != CHACHAPOLY_STATE_AAD )
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
||||
ctx->aad_len += aad_len;
|
||||
|
||||
|
@ -201,18 +192,12 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int ret;
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
|
||||
{
|
||||
/* input and output pointers are allowed to be NULL if len == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
|
||||
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
|
||||
if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
|
||||
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
@ -257,12 +242,10 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char len_block[16];
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( mac != NULL );
|
||||
|
||||
if( ( ctx == NULL ) || ( mac == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ctx->state == CHACHAPOLY_STATE_INIT )
|
||||
if( ctx->state == CHACHAPOLY_STATE_INIT )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
@ -350,6 +333,13 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char *output,
|
||||
unsigned char tag[16] )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
|
||||
length, nonce, aad, aad_len,
|
||||
input, output, tag ) );
|
||||
|
@ -368,9 +358,12 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char check_tag[16];
|
||||
size_t i;
|
||||
int diff;
|
||||
|
||||
if( tag == NULL )
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( ( ret = chachapoly_crypt_and_tag( ctx,
|
||||
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
|
||||
|
|
139
library/cipher.c
139
library/cipher.c
|
@ -65,6 +65,11 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#define CIPHER_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
|
||||
#define CIPHER_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
/* Compare the contents of two buffers in constant time.
|
||||
* Returns 0 if the contents are bitwise identical, otherwise returns
|
||||
|
@ -81,7 +86,7 @@ static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t
|
|||
for( diff = 0, i = 0; i < len; i++ )
|
||||
diff |= p1[i] ^ p2[i];
|
||||
|
||||
return (int)diff;
|
||||
return( (int)diff );
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
|
||||
|
@ -150,6 +155,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
|
|||
|
||||
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
CIPHER_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
|
||||
}
|
||||
|
||||
|
@ -175,7 +181,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
|
|||
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
|
||||
{
|
||||
if( NULL == cipher_info || NULL == ctx )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
|
||||
|
@ -199,10 +206,16 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
int key_bitlen, const mbedtls_operation_t operation )
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key,
|
||||
int key_bitlen,
|
||||
const mbedtls_operation_t operation )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( key != NULL );
|
||||
CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
|
||||
operation == MBEDTLS_DECRYPT );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
|
||||
|
@ -222,28 +235,27 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
|
||||
{
|
||||
return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen );
|
||||
return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen ) );
|
||||
}
|
||||
|
||||
if( MBEDTLS_DECRYPT == operation )
|
||||
return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen );
|
||||
return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen ) );
|
||||
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len )
|
||||
const unsigned char *iv,
|
||||
size_t iv_len )
|
||||
{
|
||||
size_t actual_iv_size;
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
else if( NULL == iv && iv_len != 0 )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
if( NULL == iv && iv_len == 0 )
|
||||
ctx->iv_size = 0;
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
/* avoid buffer overflow in ctx->iv */
|
||||
if( iv_len > MBEDTLS_MAX_IV_LENGTH )
|
||||
|
@ -283,7 +295,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
ctx->unprocessed_len = 0;
|
||||
|
@ -295,14 +308,16 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
|
|||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
|
||||
{
|
||||
return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
|
||||
ctx->iv, ctx->iv_size, ad, ad_len );
|
||||
return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
|
||||
ctx->iv, ctx->iv_size, ad, ad_len ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -322,8 +337,8 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
if ( result != 0 )
|
||||
return( result );
|
||||
|
||||
return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
ad, ad_len );
|
||||
return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
ad, ad_len ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -335,12 +350,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
size_t ilen, unsigned char *output, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
size_t block_size = 0;
|
||||
size_t block_size;
|
||||
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
||||
{
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
CIPHER_VALIDATE_RET( output != NULL );
|
||||
CIPHER_VALIDATE_RET( olen != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
*olen = 0;
|
||||
block_size = mbedtls_cipher_get_block_size( ctx );
|
||||
|
@ -365,8 +382,8 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
|
||||
{
|
||||
*olen = ilen;
|
||||
return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
|
||||
output );
|
||||
return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
|
||||
output ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -374,14 +391,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
|
||||
{
|
||||
*olen = ilen;
|
||||
return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
ilen, input, output );
|
||||
return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
ilen, input, output ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( 0 == block_size )
|
||||
{
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
||||
}
|
||||
|
||||
if( input == output &&
|
||||
|
@ -444,7 +461,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
{
|
||||
if( 0 == block_size )
|
||||
{
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
|
||||
}
|
||||
|
||||
/* Encryption: only cache partial blocks
|
||||
|
@ -745,7 +762,10 @@ static int get_no_padding( unsigned char *input, size_t input_len,
|
|||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( output != NULL );
|
||||
CIPHER_VALIDATE_RET( olen != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
*olen = 0;
|
||||
|
@ -815,8 +835,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
|
||||
/* Set output size for decryption */
|
||||
if( MBEDTLS_DECRYPT == ctx->operation )
|
||||
return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
|
||||
olen );
|
||||
return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
|
||||
olen ) );
|
||||
|
||||
/* Set output size for encryption */
|
||||
*olen = mbedtls_cipher_get_block_size( ctx );
|
||||
|
@ -830,10 +850,12 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode )
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
|
||||
mbedtls_cipher_padding_t mode )
|
||||
{
|
||||
if( NULL == ctx ||
|
||||
MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
|
||||
{
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
@ -881,7 +903,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
|
|||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
if( MBEDTLS_ENCRYPT != ctx->operation )
|
||||
|
@ -889,7 +913,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
|||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
|
||||
return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
|
||||
return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
|
||||
tag, tag_len ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
|
@ -899,8 +924,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
|||
if ( tag_len != 16U )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
return mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
tag );
|
||||
return( mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
|
||||
tag ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -913,8 +938,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
|||
unsigned char check_tag[16];
|
||||
int ret;
|
||||
|
||||
if( NULL == ctx || NULL == ctx->cipher_info ||
|
||||
MBEDTLS_DECRYPT != ctx->operation )
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
if( MBEDTLS_DECRYPT != ctx->operation )
|
||||
{
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
@ -976,6 +1005,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
int ret;
|
||||
size_t finish_olen;
|
||||
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
|
||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
CIPHER_VALIDATE_RET( output != NULL );
|
||||
CIPHER_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -1004,6 +1039,14 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
unsigned char *output, size_t *olen,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( iv != NULL );
|
||||
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
|
||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
CIPHER_VALIDATE_RET( output != NULL );
|
||||
CIPHER_VALIDATE_RET( olen != NULL );
|
||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
|
||||
{
|
||||
|
@ -1051,6 +1094,14 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
|||
unsigned char *output, size_t *olen,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
||||
CIPHER_VALIDATE_RET( iv != NULL );
|
||||
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
|
||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
CIPHER_VALIDATE_RET( output != NULL );
|
||||
CIPHER_VALIDATE_RET( olen != NULL );
|
||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
|
||||
{
|
||||
|
|
|
@ -299,9 +299,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
* Crypt counter block
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
@ -313,12 +311,12 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
* Update key and counter
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
|
||||
|
@ -333,23 +331,39 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
* and with outputs
|
||||
* ctx = initial_working_state
|
||||
*/
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len )
|
||||
int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
int ret;
|
||||
|
||||
if( add_len > 0 )
|
||||
{
|
||||
/* MAX_INPUT would be more logical here, but we have to match
|
||||
* block_cipher_df()'s limits since we can't propagate errors */
|
||||
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
|
||||
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
|
||||
if( add_len == 0 )
|
||||
return( 0 );
|
||||
|
||||
block_cipher_df( add_input, additional, add_len );
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
}
|
||||
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
/* MAX_INPUT would be more logical here, but we have to match
|
||||
* block_cipher_df()'s limits since we can't propagate errors */
|
||||
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
|
||||
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
|
||||
(void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
|
||||
* mbedtls_ctr_drbg_reseed(ctx, additional, len)
|
||||
* implements
|
||||
|
@ -399,20 +413,18 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
|||
* Reduce to 384 bits
|
||||
*/
|
||||
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Update state
|
||||
*/
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
ctx->reseed_counter = 1;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
mbedtls_platform_zeroize( seed, sizeof( seed ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2)
|
||||
|
@ -467,13 +479,9 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
if( add_len > 0 )
|
||||
{
|
||||
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
|
||||
while( output_len > 0 )
|
||||
|
@ -489,9 +497,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
* Crypt counter block
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
|
||||
output_len;
|
||||
|
@ -504,12 +510,13 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
}
|
||||
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
ctx->reseed_counter++;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -561,35 +568,36 @@ exit:
|
|||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
FILE *f = NULL;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
|
||||
unsigned char c;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
n = (size_t) ftell( f );
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
if( n > MBEDTLS_CTR_DRBG_MAX_INPUT )
|
||||
n = fread( buf, 1, sizeof( buf ), f );
|
||||
if( fread( &c, 1, 1, f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
if( n == 0 || ferror( f ) )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
else
|
||||
mbedtls_ctr_drbg_update( ctx, buf, n );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
fclose( f );
|
||||
f = NULL;
|
||||
|
||||
ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( f != NULL )
|
||||
fclose( f );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
|
|
@ -365,4 +365,54 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
|
||||
int level, const char *file,
|
||||
int line,
|
||||
const mbedtls_ecdh_context *ecdh,
|
||||
mbedtls_debug_ecdh_attr attr )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
const mbedtls_ecdh_context* ctx = ecdh;
|
||||
#else
|
||||
const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
|
||||
#endif
|
||||
|
||||
switch( attr )
|
||||
{
|
||||
case MBEDTLS_DEBUG_ECDH_Q:
|
||||
mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
|
||||
&ctx->Q );
|
||||
break;
|
||||
case MBEDTLS_DEBUG_ECDH_QP:
|
||||
mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
|
||||
&ctx->Qp );
|
||||
break;
|
||||
case MBEDTLS_DEBUG_ECDH_Z:
|
||||
mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
|
||||
&ctx->z );
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const mbedtls_ecdh_context *ecdh,
|
||||
mbedtls_debug_ecdh_attr attr )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
|
||||
#else
|
||||
switch( ecdh->var )
|
||||
{
|
||||
default:
|
||||
mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
|
||||
attr );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
|
|
@ -60,6 +60,11 @@
|
|||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
|
||||
#define DHM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
|
||||
#define DHM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* helper to validate the mbedtls_mpi size and import it
|
||||
*/
|
||||
|
@ -121,6 +126,7 @@ cleanup:
|
|||
|
||||
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
|
||||
{
|
||||
DHM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
||||
|
@ -132,6 +138,9 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
const unsigned char *end )
|
||||
{
|
||||
int ret;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( p != NULL && *p != NULL );
|
||||
DHM_VALIDATE_RET( end != NULL );
|
||||
|
||||
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
|
||||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
|
||||
|
@ -157,6 +166,10 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
int ret, count = 0;
|
||||
size_t n1, n2, n3;
|
||||
unsigned char *p;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( olen != NULL );
|
||||
DHM_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
@ -227,9 +240,9 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
|||
const mbedtls_mpi *G )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ctx == NULL || P == NULL || G == NULL )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( P != NULL );
|
||||
DHM_VALIDATE_RET( G != NULL );
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
|
||||
|
@ -248,8 +261,10 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
|||
const unsigned char *input, size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( input != NULL );
|
||||
|
||||
if( ctx == NULL || ilen < 1 || ilen > ctx->len )
|
||||
if( ilen < 1 || ilen > ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
|
||||
|
@ -267,8 +282,11 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||
void *p_rng )
|
||||
{
|
||||
int ret, count = 0;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( ctx == NULL || olen < 1 || olen > ctx->len )
|
||||
if( olen < 1 || olen > ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
|
||||
|
@ -380,8 +398,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
mbedtls_mpi GYb;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( ctx == NULL || output_size < ctx->len )
|
||||
if( output_size < ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||
|
@ -428,11 +449,19 @@ cleanup:
|
|||
*/
|
||||
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
|
||||
{
|
||||
mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
|
||||
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
|
||||
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_mpi_free( &ctx->pX );
|
||||
mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->Vi );
|
||||
mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->K );
|
||||
mbedtls_mpi_free( &ctx->GY );
|
||||
mbedtls_mpi_free( &ctx->GX );
|
||||
mbedtls_mpi_free( &ctx->X );
|
||||
mbedtls_mpi_free( &ctx->G );
|
||||
mbedtls_mpi_free( &ctx->P );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
@ -449,7 +478,12 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
|||
unsigned char *p, *end;
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_context pem;
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
DHM_VALIDATE_RET( dhm != NULL );
|
||||
DHM_VALIDATE_RET( dhmin != NULL );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
|
@ -596,6 +630,8 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
|||
int ret;
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
DHM_VALIDATE_RET( dhm != NULL );
|
||||
DHM_VALIDATE_RET( path != NULL );
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
|
411
library/ecdh.c
411
library/ecdh.c
|
@ -35,9 +35,20 @@
|
|||
#if defined(MBEDTLS_ECDH_C)
|
||||
|
||||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECDH_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECDH_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
|
||||
/*
|
||||
* Generate public key (restartable version)
|
||||
|
@ -74,6 +85,10 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDH_VALIDATE_RET( grp != NULL );
|
||||
ECDH_VALIDATE_RET( d != NULL );
|
||||
ECDH_VALIDATE_RET( Q != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
|
||||
|
@ -119,48 +134,94 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDH_VALIDATE_RET( grp != NULL );
|
||||
ECDH_VALIDATE_RET( Q != NULL );
|
||||
ECDH_VALIDATE_RET( d != NULL );
|
||||
ECDH_VALIDATE_RET( z != NULL );
|
||||
return( ecdh_compute_shared_restartable( grp, z, Q, d,
|
||||
f_rng, p_rng, NULL ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
|
||||
static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
|
||||
{
|
||||
mbedtls_ecp_group_init( &ctx->grp );
|
||||
mbedtls_mpi_init( &ctx->d );
|
||||
mbedtls_ecp_point_init( &ctx->Q );
|
||||
mbedtls_ecp_point_init( &ctx->Qp );
|
||||
mbedtls_mpi_init( &ctx->z );
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
mbedtls_ecp_point_init( &ctx->Vi );
|
||||
mbedtls_ecp_point_init( &ctx->Vf );
|
||||
mbedtls_mpi_init( &ctx->_d );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
ctx->restart_enabled = 0;
|
||||
mbedtls_ecp_restart_init( &ctx->rs );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Free context
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
ECDH_VALIDATE( ctx != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
ecdh_init_internal( ctx );
|
||||
mbedtls_ecp_point_init( &ctx->Vi );
|
||||
mbedtls_ecp_point_init( &ctx->Vf );
|
||||
mbedtls_mpi_init( &ctx->_d );
|
||||
#else
|
||||
memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
|
||||
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
|
||||
#endif
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
ctx->restart_enabled = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
|
||||
if( ret != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup context
|
||||
*/
|
||||
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_setup_internal( ctx, grp_id ) );
|
||||
#else
|
||||
switch( grp_id )
|
||||
{
|
||||
default:
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
ctx->grp_id = grp_id;
|
||||
ecdh_init_internal( &ctx->ctx.mbed_ecdh );
|
||||
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
|
||||
{
|
||||
mbedtls_ecp_group_free( &ctx->grp );
|
||||
mbedtls_mpi_free( &ctx->d );
|
||||
mbedtls_ecp_point_free( &ctx->Q );
|
||||
mbedtls_ecp_point_free( &ctx->Qp );
|
||||
mbedtls_mpi_free( &ctx->z );
|
||||
mbedtls_ecp_point_free( &ctx->Vi );
|
||||
mbedtls_ecp_point_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->_d );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_free( &ctx->rs );
|
||||
|
@ -173,21 +234,49 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
|
|||
*/
|
||||
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
ECDH_VALIDATE( ctx != NULL );
|
||||
|
||||
ctx->restart_enabled = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Setup and write the ServerKeyExhange parameters (RFC 4492)
|
||||
* struct {
|
||||
* ECParameters curve_params;
|
||||
* ECPoint public;
|
||||
* } ServerECDHParams;
|
||||
* Free context
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
mbedtls_ecp_point_free( &ctx->Vi );
|
||||
mbedtls_ecp_point_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->_d );
|
||||
ecdh_free_internal( ctx );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
ecdh_free_internal( &ctx->ctx.mbed_ecdh );
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
|
||||
ctx->grp_id = MBEDTLS_ECP_DP_NONE;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, int point_format,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
size_t grp_len, pt_len;
|
||||
|
@ -195,12 +284,14 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
|
||||
#endif
|
||||
|
||||
if( ctx == NULL || ctx->grp.pbits == 0 )
|
||||
if( ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ctx->restart_enabled )
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -214,14 +305,14 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
|
||||
!= 0 )
|
||||
if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
|
||||
blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
buf += grp_len;
|
||||
blen -= grp_len;
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
|
||||
if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
|
||||
&pt_len, buf, blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -229,6 +320,55 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup and write the ServerKeyExhange parameters (RFC 4492)
|
||||
* struct {
|
||||
* ECParameters curve_params;
|
||||
* ECPoint public;
|
||||
* } ServerECDHParams;
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
|
||||
f_rng, p_rng, restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
|
||||
ctx->point_format, buf, blen,
|
||||
f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
|
||||
end - *buf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Read the ServerKeyExhange parameters (RFC 4492)
|
||||
* struct {
|
||||
|
@ -237,31 +377,43 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
* } ServerECDHParams;
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end )
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ecp_group_id grp_id;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( *buf != NULL );
|
||||
ECDH_VALIDATE_RET( end != NULL );
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
|
||||
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
|
||||
!= 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
|
||||
!= 0 )
|
||||
if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_read_params_internal( ctx, buf, end ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
|
||||
buf, end ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Get parameters from a keypair
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side )
|
||||
static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* If it's not our key, just import the public part as Qp */
|
||||
if( side == MBEDTLS_ECDH_THEIRS )
|
||||
return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
|
||||
|
@ -278,29 +430,62 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai
|
|||
}
|
||||
|
||||
/*
|
||||
* Setup and export the client public value
|
||||
* Get parameters from a keypair
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side )
|
||||
{
|
||||
int ret;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( key != NULL );
|
||||
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
|
||||
side == MBEDTLS_ECDH_THEIRS );
|
||||
|
||||
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_get_params_internal( ctx, key, side ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
|
||||
key, side ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, int point_format,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
|
||||
#endif
|
||||
|
||||
if( ctx == NULL || ctx->grp.pbits == 0 )
|
||||
if( ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ctx->restart_enabled )
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng, rs_ctx ) ) != 0 )
|
||||
f_rng, p_rng, rs_ctx ) ) != 0 )
|
||||
return( ret );
|
||||
#else
|
||||
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
|
@ -308,23 +493,53 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
|
||||
olen, buf, blen );
|
||||
return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
|
||||
buf, blen );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse and import the client's public value
|
||||
* Setup and export the client public value
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
|
||||
f_rng, p_rng, restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
|
||||
ctx->point_format, buf, blen,
|
||||
f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
int ret;
|
||||
const unsigned char *p = buf;
|
||||
|
||||
if( ctx == NULL )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
|
||||
if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
|
||||
blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( (size_t)( p - buf ) != blen )
|
||||
|
@ -334,12 +549,36 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
|||
}
|
||||
|
||||
/*
|
||||
* Derive and export the shared secret
|
||||
* Parse and import the client's public value
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_read_public_internal( ctx, buf, blen ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
|
||||
buf, blen ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, unsigned char *buf,
|
||||
size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
|
@ -350,13 +589,16 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ctx->restart_enabled )
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ( ret = ecdh_compute_shared_restartable( &ctx->grp,
|
||||
&ctx->z, &ctx->Qp, &ctx->d, f_rng, p_rng, rs_ctx ) ) != 0 )
|
||||
if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
|
||||
&ctx->d, f_rng, p_rng,
|
||||
rs_ctx ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
@ -375,4 +617,37 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
|
||||
}
|
||||
|
||||
/*
|
||||
* Derive and export the shared secret
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
|
||||
blen, f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
|
|
@ -50,6 +50,14 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECDSA_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECDSA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
|
||||
/*
|
||||
|
@ -377,6 +385,13 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( grp != NULL );
|
||||
ECDSA_VALIDATE_RET( r != NULL );
|
||||
ECDSA_VALIDATE_RET( s != NULL );
|
||||
ECDSA_VALIDATE_RET( d != NULL );
|
||||
ECDSA_VALIDATE_RET( f_rng != NULL );
|
||||
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
|
||||
|
||||
return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
|
||||
f_rng, p_rng, NULL ) );
|
||||
}
|
||||
|
@ -456,6 +471,12 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( grp != NULL );
|
||||
ECDSA_VALIDATE_RET( r != NULL );
|
||||
ECDSA_VALIDATE_RET( s != NULL );
|
||||
ECDSA_VALIDATE_RET( d != NULL );
|
||||
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
|
||||
|
||||
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, NULL ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
@ -574,9 +595,17 @@ cleanup:
|
|||
* Verify ECDSA signature of hashed message
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s)
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q,
|
||||
const mbedtls_mpi *r,
|
||||
const mbedtls_mpi *s)
|
||||
{
|
||||
ECDSA_VALIDATE_RET( grp != NULL );
|
||||
ECDSA_VALIDATE_RET( Q != NULL );
|
||||
ECDSA_VALIDATE_RET( r != NULL );
|
||||
ECDSA_VALIDATE_RET( s != NULL );
|
||||
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
|
||||
|
||||
return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
|
||||
|
@ -618,6 +647,10 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
mbedtls_mpi r, s;
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( hash != NULL );
|
||||
ECDSA_VALIDATE_RET( sig != NULL );
|
||||
ECDSA_VALIDATE_RET( slen != NULL );
|
||||
|
||||
mbedtls_mpi_init( &r );
|
||||
mbedtls_mpi_init( &s );
|
||||
|
@ -652,12 +685,17 @@ cleanup:
|
|||
/*
|
||||
* Compute and write signature
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( hash != NULL );
|
||||
ECDSA_VALIDATE_RET( sig != NULL );
|
||||
ECDSA_VALIDATE_RET( slen != NULL );
|
||||
return( mbedtls_ecdsa_write_signature_restartable(
|
||||
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
|
||||
}
|
||||
|
@ -669,6 +707,10 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|||
unsigned char *sig, size_t *slen,
|
||||
mbedtls_md_type_t md_alg )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( hash != NULL );
|
||||
ECDSA_VALIDATE_RET( sig != NULL );
|
||||
ECDSA_VALIDATE_RET( slen != NULL );
|
||||
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
|
||||
NULL, NULL ) );
|
||||
}
|
||||
|
@ -681,6 +723,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
|||
const unsigned char *hash, size_t hlen,
|
||||
const unsigned char *sig, size_t slen )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( hash != NULL );
|
||||
ECDSA_VALIDATE_RET( sig != NULL );
|
||||
return( mbedtls_ecdsa_read_signature_restartable(
|
||||
ctx, hash, hlen, sig, slen, NULL ) );
|
||||
}
|
||||
|
@ -698,6 +743,9 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
|
|||
const unsigned char *end = sig + slen;
|
||||
size_t len;
|
||||
mbedtls_mpi r, s;
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( hash != NULL );
|
||||
ECDSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
mbedtls_mpi_init( &r );
|
||||
mbedtls_mpi_init( &s );
|
||||
|
@ -752,6 +800,9 @@ cleanup:
|
|||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
|
||||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
@ -763,6 +814,8 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
|||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
|
||||
{
|
||||
int ret;
|
||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||
ECDSA_VALIDATE_RET( key != NULL );
|
||||
|
||||
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
|
||||
|
@ -779,6 +832,8 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke
|
|||
*/
|
||||
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
|
||||
{
|
||||
ECDSA_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_ecp_keypair_init( ctx );
|
||||
}
|
||||
|
||||
|
@ -787,6 +842,9 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
|
|||
*/
|
||||
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_ecp_keypair_free( ctx );
|
||||
}
|
||||
|
||||
|
@ -796,6 +854,8 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
|
|||
*/
|
||||
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
|
||||
{
|
||||
ECDSA_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_ecp_restart_init( &ctx->ecp );
|
||||
|
||||
ctx->ver = NULL;
|
||||
|
@ -810,6 +870,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
|
|||
*/
|
||||
void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_ecp_restart_free( &ctx->ecp );
|
||||
|
||||
ecdsa_restart_ver_free( ctx->ver );
|
||||
|
|
|
@ -33,11 +33,18 @@
|
|||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
|
||||
#include "mbedtls/ecjpake.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECJPAKE_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECJPAKE_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* Convert a mbedtls_ecjpake_role to identifier string
|
||||
*/
|
||||
|
@ -54,8 +61,7 @@ static const char * const ecjpake_id[] = {
|
|||
*/
|
||||
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
ECJPAKE_VALIDATE( ctx != NULL );
|
||||
|
||||
ctx->md_info = NULL;
|
||||
mbedtls_ecp_group_init( &ctx->grp );
|
||||
|
@ -106,6 +112,11 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
|
||||
role == MBEDTLS_ECJPAKE_SERVER );
|
||||
ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
|
||||
|
||||
ctx->role = role;
|
||||
|
||||
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
|
||||
|
@ -127,6 +138,8 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
|
||||
{
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( ctx->md_info == NULL ||
|
||||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
|
||||
ctx->s.p == NULL )
|
||||
|
@ -504,6 +517,9 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
|||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||
|
||||
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
|
||||
&ctx->grp.G,
|
||||
&ctx->Xp1, &ctx->Xp2, ID_PEER,
|
||||
|
@ -518,6 +534,11 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
|
||||
&ctx->grp.G,
|
||||
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
|
||||
|
@ -560,6 +581,9 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
|||
mbedtls_ecp_group grp;
|
||||
mbedtls_ecp_point G; /* C: GB, S: GA */
|
||||
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||
|
||||
mbedtls_ecp_group_init( &grp );
|
||||
mbedtls_ecp_point_init( &G );
|
||||
|
||||
|
@ -652,6 +676,11 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
|||
const unsigned char *end = buf + len;
|
||||
size_t ec_len;
|
||||
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
mbedtls_ecp_point_init( &G );
|
||||
mbedtls_ecp_point_init( &Xm );
|
||||
mbedtls_mpi_init( &xm );
|
||||
|
@ -727,6 +756,11 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
|||
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
|
||||
size_t x_bytes;
|
||||
|
||||
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
*olen = mbedtls_md_get_size( ctx->md_info );
|
||||
if( len < *olen )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
|
207
library/ecp.c
207
library/ecp.c
|
@ -47,6 +47,35 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Function level alternative implementation.
|
||||
*
|
||||
* The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to
|
||||
* replace certain functions in this module. The alternative implementations are
|
||||
* typically hardware accelerators and need to activate the hardware before the
|
||||
* computation starts and deactivate it after it finishes. The
|
||||
* mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve
|
||||
* this purpose.
|
||||
*
|
||||
* To preserve the correct functionality the following conditions must hold:
|
||||
*
|
||||
* - The alternative implementation must be activated by
|
||||
* mbedtls_internal_ecp_init() before any of the replaceable functions is
|
||||
* called.
|
||||
* - mbedtls_internal_ecp_free() must \b only be called when the alternative
|
||||
* implementation is activated.
|
||||
* - mbedtls_internal_ecp_init() must \b not be called when the alternative
|
||||
* implementation is activated.
|
||||
* - Public functions must not return while the alternative implementation is
|
||||
* activated.
|
||||
* - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and
|
||||
* before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) )
|
||||
* \endcode ensures that the alternative implementation supports the current
|
||||
* group.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
|
||||
#include "mbedtls/ecp.h"
|
||||
|
@ -57,6 +86,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_ECP_ALT)
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECP_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECP_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
|
@ -209,6 +244,7 @@ static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx )
|
|||
*/
|
||||
void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
|
||||
{
|
||||
ECP_VALIDATE( ctx != NULL );
|
||||
ctx->ops_done = 0;
|
||||
ctx->depth = 0;
|
||||
ctx->rsm = NULL;
|
||||
|
@ -239,6 +275,8 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
|
|||
mbedtls_ecp_restart_ctx *rs_ctx,
|
||||
unsigned ops )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
|
||||
if( rs_ctx != NULL && ecp_max_ops != 0 )
|
||||
{
|
||||
/* scale depending on curve size: the chosen reference is 256-bit,
|
||||
|
@ -467,6 +505,9 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name
|
|||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
|
||||
if( name == NULL )
|
||||
return( NULL );
|
||||
|
||||
for( curve_info = mbedtls_ecp_curve_list();
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++ )
|
||||
|
@ -497,8 +538,7 @@ static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
|
|||
*/
|
||||
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
|
||||
{
|
||||
if( pt == NULL )
|
||||
return;
|
||||
ECP_VALIDATE( pt != NULL );
|
||||
|
||||
mbedtls_mpi_init( &pt->X );
|
||||
mbedtls_mpi_init( &pt->Y );
|
||||
|
@ -510,8 +550,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
|
|||
*/
|
||||
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
|
||||
{
|
||||
if( grp == NULL )
|
||||
return;
|
||||
ECP_VALIDATE( grp != NULL );
|
||||
|
||||
grp->id = MBEDTLS_ECP_DP_NONE;
|
||||
mbedtls_mpi_init( &grp->P );
|
||||
|
@ -535,8 +574,7 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
|
|||
*/
|
||||
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
|
||||
{
|
||||
if( key == NULL )
|
||||
return;
|
||||
ECP_VALIDATE( key != NULL );
|
||||
|
||||
mbedtls_ecp_group_init( &key->grp );
|
||||
mbedtls_mpi_init( &key->d );
|
||||
|
@ -604,6 +642,8 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
|
|||
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
|
||||
|
@ -618,7 +658,10 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
|
||||
{
|
||||
return mbedtls_ecp_group_load( dst, src->id );
|
||||
ECP_VALIDATE_RET( dst != NULL );
|
||||
ECP_VALIDATE_RET( src != NULL );
|
||||
|
||||
return( mbedtls_ecp_group_load( dst, src->id ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -627,6 +670,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src
|
|||
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
|
||||
|
@ -641,15 +685,20 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
|
||||
{
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
|
||||
return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare two points lazyly
|
||||
* Compare two points lazily
|
||||
*/
|
||||
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q )
|
||||
{
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
|
||||
mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
|
||||
mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
|
||||
|
@ -667,6 +716,9 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
|
|||
const char *x, const char *y )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( x != NULL );
|
||||
ECP_VALIDATE_RET( y != NULL );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
|
||||
|
@ -679,16 +731,19 @@ cleanup:
|
|||
/*
|
||||
* Export a point into unsigned binary data (SEC1 2.3.3)
|
||||
*/
|
||||
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t buflen )
|
||||
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *P,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t plen;
|
||||
|
||||
if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
|
||||
format != MBEDTLS_ECP_PF_COMPRESSED )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( olen != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
format == MBEDTLS_ECP_PF_COMPRESSED );
|
||||
|
||||
/*
|
||||
* Common case: P == 0
|
||||
|
@ -735,11 +790,15 @@ cleanup:
|
|||
/*
|
||||
* Import a point from unsigned binary data (SEC1 2.3.4)
|
||||
*/
|
||||
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
|
||||
const unsigned char *buf, size_t ilen )
|
||||
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt,
|
||||
const unsigned char *buf, size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t plen;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
|
||||
if( ilen < 1 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
@ -774,11 +833,16 @@ cleanup:
|
|||
* opaque point <1..2^8-1>;
|
||||
* } ECPoint;
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
|
||||
const unsigned char **buf, size_t buf_len )
|
||||
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt,
|
||||
const unsigned char **buf, size_t buf_len )
|
||||
{
|
||||
unsigned char data_len;
|
||||
const unsigned char *buf_start;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( *buf != NULL );
|
||||
|
||||
/*
|
||||
* We must have at least two bytes (1 for length, at least one for data)
|
||||
|
@ -796,7 +860,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point
|
|||
buf_start = *buf;
|
||||
*buf += data_len;
|
||||
|
||||
return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len );
|
||||
return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -810,6 +874,12 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
|
|||
unsigned char *buf, size_t blen )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
ECP_VALIDATE_RET( olen != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
format == MBEDTLS_ECP_PF_COMPRESSED );
|
||||
|
||||
/*
|
||||
* buffer length must be at least one, for our length byte
|
||||
|
@ -833,10 +903,33 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
|
|||
/*
|
||||
* Set a group from an ECParameters record (RFC 4492)
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len )
|
||||
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
|
||||
const unsigned char **buf, size_t len )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ecp_group_id grp_id;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( *buf != NULL );
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_ecp_group_load( grp, grp_id ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Read a group id from an ECParameters record (RFC 4492) and convert it to
|
||||
* mbedtls_ecp_group_id.
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
|
||||
const unsigned char **buf, size_t len )
|
||||
{
|
||||
uint16_t tls_id;
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( *buf != NULL );
|
||||
|
||||
/*
|
||||
* We expect at least three bytes (see below)
|
||||
|
@ -860,7 +953,9 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **bu
|
|||
if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
|
||||
return mbedtls_ecp_group_load( grp, curve_info->grp_id );
|
||||
*grp = curve_info->grp_id;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -870,6 +965,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
|||
unsigned char *buf, size_t blen )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( buf != NULL );
|
||||
ECP_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
@ -2228,6 +2326,10 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
char is_grp_capable = 0;
|
||||
#endif
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( R != NULL );
|
||||
ECP_VALIDATE_RET( m != NULL );
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/* reset ops count for this call if top-level */
|
||||
|
@ -2285,6 +2387,10 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( R != NULL );
|
||||
ECP_VALIDATE_RET( m != NULL );
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
|
||||
}
|
||||
|
||||
|
@ -2387,17 +2493,18 @@ int mbedtls_ecp_muladd_restartable(
|
|||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
char is_grp_capable = 0;
|
||||
#endif
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( R != NULL );
|
||||
ECP_VALIDATE_RET( m != NULL );
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( n != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
|
||||
if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
|
||||
mbedtls_ecp_point_init( &mP );
|
||||
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
|
||||
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
|
||||
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
|
||||
|
||||
ECP_RS_ENTER( ma );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
|
@ -2425,6 +2532,12 @@ int mbedtls_ecp_muladd_restartable(
|
|||
mul2:
|
||||
#endif
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) );
|
||||
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
|
||||
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
|
||||
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( rs_ctx != NULL && rs_ctx->ma != NULL )
|
||||
rs_ctx->ma->state = ecp_rsma_add;
|
||||
|
@ -2468,6 +2581,12 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( R != NULL );
|
||||
ECP_VALIDATE_RET( m != NULL );
|
||||
ECP_VALIDATE_RET( P != NULL );
|
||||
ECP_VALIDATE_RET( n != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
|
||||
}
|
||||
|
||||
|
@ -2490,8 +2609,12 @@ static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_
|
|||
/*
|
||||
* Check that a point is valid as a public key
|
||||
*/
|
||||
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
|
||||
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *pt )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( pt != NULL );
|
||||
|
||||
/* Must use affine coordinates */
|
||||
if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
|
||||
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||
|
@ -2510,8 +2633,12 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po
|
|||
/*
|
||||
* Check that an mbedtls_mpi is valid as a private key
|
||||
*/
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d )
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
|
||||
const mbedtls_mpi *d )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( d != NULL );
|
||||
|
||||
#if defined(ECP_MONTGOMERY)
|
||||
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
|
||||
{
|
||||
|
@ -2552,7 +2679,13 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
|||
void *p_rng )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
size_t n_size = ( grp->nbits + 7 ) / 8;
|
||||
size_t n_size;
|
||||
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( d != NULL );
|
||||
ECP_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
n_size = ( grp->nbits + 7 ) / 8;
|
||||
|
||||
#if defined(ECP_MONTGOMERY)
|
||||
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
|
||||
|
@ -2631,6 +2764,11 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( d != NULL );
|
||||
ECP_VALIDATE_RET( G != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
ECP_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
|
||||
|
@ -2647,6 +2785,11 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
ECP_VALIDATE_RET( d != NULL );
|
||||
ECP_VALIDATE_RET( Q != NULL );
|
||||
ECP_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
|
@ -2657,6 +2800,8 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
|||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
ECP_VALIDATE_RET( key != NULL );
|
||||
ECP_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -2672,6 +2817,8 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ec
|
|||
int ret;
|
||||
mbedtls_ecp_point Q;
|
||||
mbedtls_ecp_group grp;
|
||||
ECP_VALIDATE_RET( pub != NULL );
|
||||
ECP_VALIDATE_RET( prv != NULL );
|
||||
|
||||
if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
|
||||
pub->grp.id != prv->grp.id ||
|
||||
|
|
|
@ -28,11 +28,18 @@
|
|||
#if defined(MBEDTLS_ECP_C)
|
||||
|
||||
#include "mbedtls/ecp.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_ECP_ALT)
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECP_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECP_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
|
@ -746,6 +753,7 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
|
||||
{
|
||||
ECP_VALIDATE_RET( grp != NULL );
|
||||
mbedtls_ecp_group_free( grp );
|
||||
|
||||
grp->id = id;
|
||||
|
|
|
@ -99,6 +99,7 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len
|
|||
#include <sys/syscall.h>
|
||||
#if defined(SYS_getrandom)
|
||||
#define HAVE_GETRANDOM
|
||||
#include <errno.h>
|
||||
|
||||
static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
|
||||
{
|
||||
|
@ -108,47 +109,8 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
|
|||
memset( buf, 0, buflen );
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return( syscall( SYS_getrandom, buf, buflen, flags ) );
|
||||
}
|
||||
|
||||
#include <sys/utsname.h>
|
||||
/* Check if version is at least 3.17.0 */
|
||||
static int check_version_3_17_plus( void )
|
||||
{
|
||||
int minor;
|
||||
struct utsname un;
|
||||
const char *ver;
|
||||
|
||||
/* Get version information */
|
||||
uname(&un);
|
||||
ver = un.release;
|
||||
|
||||
/* Check major version; assume a single digit */
|
||||
if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
|
||||
return( -1 );
|
||||
|
||||
if( ver[0] - '0' > 3 )
|
||||
return( 0 );
|
||||
|
||||
/* Ok, so now we know major == 3, check minor.
|
||||
* Assume 1 or 2 digits. */
|
||||
if( ver[2] < '0' || ver[2] > '9' )
|
||||
return( -1 );
|
||||
|
||||
minor = ver[2] - '0';
|
||||
|
||||
if( ver[3] >= '0' && ver[3] <= '9' )
|
||||
minor = 10 * minor + ver[3] - '0';
|
||||
else if( ver [3] != '.' )
|
||||
return( -1 );
|
||||
|
||||
if( minor < 17 )
|
||||
return( -1 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
static int has_getrandom = -1;
|
||||
#endif /* SYS_getrandom */
|
||||
#endif /* __linux__ */
|
||||
|
||||
|
@ -159,22 +121,21 @@ int mbedtls_platform_entropy_poll( void *data,
|
|||
{
|
||||
FILE *file;
|
||||
size_t read_len;
|
||||
int ret;
|
||||
((void) data);
|
||||
|
||||
#if defined(HAVE_GETRANDOM)
|
||||
if( has_getrandom == -1 )
|
||||
has_getrandom = ( check_version_3_17_plus() == 0 );
|
||||
|
||||
if( has_getrandom )
|
||||
ret = getrandom_wrapper( output, len, 0 );
|
||||
if( ret >= 0 )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
*olen = ret;
|
||||
return( 0 );
|
||||
}
|
||||
else if( errno != ENOSYS )
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
/* Fall through if the system call isn't known. */
|
||||
#else
|
||||
((void) ret);
|
||||
#endif /* HAVE_GETRANDOM */
|
||||
|
||||
*olen = 0;
|
||||
|
|
|
@ -618,8 +618,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#endif /* MBEDTLS_ARC4_C */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
|
||||
|
@ -672,17 +672,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
#if defined(MBEDTLS_BLOWFISH_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_BLOWFISH_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
|
||||
|
@ -855,16 +855,22 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 input data was malformed" );
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" );
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 input data was malformed" );
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
|
|
@ -57,6 +57,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define GCM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
|
||||
#define GCM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -85,6 +91,7 @@
|
|||
*/
|
||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
|
||||
{
|
||||
GCM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
|
||||
}
|
||||
|
||||
|
@ -164,6 +171,10 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
int ret;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( key != NULL );
|
||||
GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
|
@ -274,6 +285,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
const unsigned char *p;
|
||||
size_t use_len, olen = 0;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( iv != NULL );
|
||||
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
|
||||
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
||||
/* IV is not allowed to be zero length */
|
||||
if( iv_len == 0 ||
|
||||
|
@ -356,6 +371,10 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
unsigned char *out_p = output;
|
||||
size_t use_len, olen = 0;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( output > input && (size_t) ( output - input ) < length )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
|
||||
|
@ -409,8 +428,14 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||
{
|
||||
unsigned char work_buf[16];
|
||||
size_t i;
|
||||
uint64_t orig_len = ctx->len * 8;
|
||||
uint64_t orig_add_len = ctx->add_len * 8;
|
||||
uint64_t orig_len;
|
||||
uint64_t orig_add_len;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( tag != NULL );
|
||||
|
||||
orig_len = ctx->len * 8;
|
||||
orig_add_len = ctx->add_len * 8;
|
||||
|
||||
if( tag_len > 16 || tag_len < 4 )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
|
@ -452,6 +477,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( iv != NULL );
|
||||
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
GCM_VALIDATE_RET( tag != NULL );
|
||||
|
||||
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -480,6 +512,13 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
size_t i;
|
||||
int diff;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( iv != NULL );
|
||||
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
GCM_VALIDATE_RET( tag != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, tag_len, check_tag ) ) != 0 )
|
||||
|
@ -502,6 +541,8 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
||||
}
|
||||
|
|
|
@ -66,31 +66,60 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
|
|||
/*
|
||||
* HMAC_DRBG update, using optional additional data (10.1.2.2)
|
||||
*/
|
||||
void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len )
|
||||
int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
|
||||
unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
|
||||
unsigned char sep[1];
|
||||
unsigned char K[MBEDTLS_MD_MAX_SIZE];
|
||||
int ret;
|
||||
|
||||
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
|
||||
{
|
||||
/* Step 1 or 4 */
|
||||
mbedtls_md_hmac_reset( &ctx->md_ctx );
|
||||
mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
|
||||
mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 );
|
||||
if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
|
||||
ctx->V, md_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
|
||||
sep, 1 ) ) != 0 )
|
||||
goto exit;
|
||||
if( rounds == 2 )
|
||||
mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len );
|
||||
mbedtls_md_hmac_finish( &ctx->md_ctx, K );
|
||||
{
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
|
||||
additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/* Step 2 or 5 */
|
||||
mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len );
|
||||
mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
|
||||
mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
|
||||
if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
|
||||
ctx->V, md_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( K, sizeof( K ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
(void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
|
||||
*/
|
||||
|
@ -108,10 +137,13 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
|
|||
* Use the V memory location, which is currently all 0, to initialize the
|
||||
* MD context with an all-zero key. Then set V to its initial value.
|
||||
*/
|
||||
mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) );
|
||||
if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
|
||||
mbedtls_md_get_size( md_info ) ) ) != 0 )
|
||||
return( ret );
|
||||
memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
|
||||
|
||||
mbedtls_hmac_drbg_update( ctx, data, data_len );
|
||||
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -124,6 +156,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
|
|||
{
|
||||
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
|
||||
size_t seedlen;
|
||||
int ret;
|
||||
|
||||
/* III. Check input length */
|
||||
if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
|
||||
|
@ -135,7 +168,8 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
|
|||
memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
|
||||
|
||||
/* IV. Gather entropy_len bytes of entropy for the seed */
|
||||
if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
|
||||
if( ( ret = ctx->f_entropy( ctx->p_entropy,
|
||||
seed, ctx->entropy_len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
seedlen = ctx->entropy_len;
|
||||
|
@ -148,13 +182,16 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
|
|||
}
|
||||
|
||||
/* 2. Update state */
|
||||
mbedtls_hmac_drbg_update( ctx, seed, seedlen );
|
||||
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/* 3. Reset reseed_counter */
|
||||
ctx->reseed_counter = 1;
|
||||
|
||||
exit:
|
||||
/* 4. Done */
|
||||
return( 0 );
|
||||
mbedtls_platform_zeroize( seed, seedlen );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -180,7 +217,8 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||
* Use the V memory location, which is currently all 0, to initialize the
|
||||
* MD context with an all-zero key. Then set V to its initial value.
|
||||
*/
|
||||
mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size );
|
||||
if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
|
||||
return( ret );
|
||||
memset( ctx->V, 0x01, md_size );
|
||||
|
||||
ctx->f_entropy = f_entropy;
|
||||
|
@ -273,16 +311,24 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
|
|||
|
||||
/* 2. Use additional data if any */
|
||||
if( additional != NULL && add_len != 0 )
|
||||
mbedtls_hmac_drbg_update( ctx, additional, add_len );
|
||||
{
|
||||
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
|
||||
additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* 3, 4, 5. Generate bytes */
|
||||
while( left != 0 )
|
||||
{
|
||||
size_t use_len = left > md_len ? md_len : left;
|
||||
|
||||
mbedtls_md_hmac_reset( &ctx->md_ctx );
|
||||
mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
|
||||
mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
|
||||
if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
|
||||
ctx->V, md_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
memcpy( out, ctx->V, use_len );
|
||||
out += use_len;
|
||||
|
@ -290,13 +336,16 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
|
|||
}
|
||||
|
||||
/* 6. Update */
|
||||
mbedtls_hmac_drbg_update( ctx, additional, add_len );
|
||||
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
|
||||
additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/* 7. Update reseed counter */
|
||||
ctx->reseed_counter++;
|
||||
|
||||
exit:
|
||||
/* 8. Done */
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -368,35 +417,36 @@ exit:
|
|||
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
FILE *f = NULL;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
|
||||
unsigned char c;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
n = (size_t) ftell( f );
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT )
|
||||
n = fread( buf, 1, sizeof( buf ), f );
|
||||
if( fread( &c, 1, 1, f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
|
||||
ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
if( n == 0 || ferror( f ) )
|
||||
{
|
||||
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
|
||||
else
|
||||
mbedtls_hmac_drbg_update( ctx, buf, n );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
fclose( f );
|
||||
f = NULL;
|
||||
|
||||
ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( f != NULL )
|
||||
fclose( f );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
|
|
@ -311,7 +311,7 @@ cleanup:
|
|||
}
|
||||
mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
|
||||
mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
|
||||
mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -528,7 +528,7 @@ cleanup:
|
|||
mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
|
||||
mbedtls_platform_zeroize( &diff, sizeof( diff ) );
|
||||
mbedtls_platform_zeroize( A, sizeof( A ) );
|
||||
mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -423,9 +423,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
||||
{
|
||||
if( ctx->buf != NULL )
|
||||
if ( ctx->buf != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
|
||||
mbedtls_free( ctx->buf );
|
||||
mbedtls_free( ctx->buf );
|
||||
}
|
||||
mbedtls_free( ctx->info );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
|
||||
|
|
72
library/pk.c
72
library/pk.c
|
@ -44,13 +44,18 @@
|
|||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define PK_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
||||
#define PK_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* Initialise a mbedtls_pk_context
|
||||
*/
|
||||
void mbedtls_pk_init( mbedtls_pk_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
PK_VALIDATE( ctx != NULL );
|
||||
|
||||
ctx->pk_info = NULL;
|
||||
ctx->pk_ctx = NULL;
|
||||
|
@ -61,10 +66,11 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx )
|
|||
*/
|
||||
void mbedtls_pk_free( mbedtls_pk_context *ctx )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
|
||||
if ( ctx->pk_info != NULL )
|
||||
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
|
||||
}
|
||||
|
@ -75,6 +81,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
|
|||
*/
|
||||
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
|
||||
{
|
||||
PK_VALIDATE( ctx != NULL );
|
||||
ctx->pk_info = NULL;
|
||||
ctx->rs_ctx = NULL;
|
||||
}
|
||||
|
@ -128,7 +135,8 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
|
|||
*/
|
||||
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
|
||||
{
|
||||
if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
if( info == NULL || ctx->pk_info != NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
|
||||
|
@ -151,7 +159,8 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
|
|||
mbedtls_rsa_alt_context *rsa_alt;
|
||||
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
|
||||
|
||||
if( ctx == NULL || ctx->pk_info != NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
if( ctx->pk_info != NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
|
||||
|
@ -175,7 +184,9 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
|
|||
*/
|
||||
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
|
||||
{
|
||||
/* null or NONE context can't do anything */
|
||||
/* A context with null pk_info is not set up yet and can't do anything.
|
||||
* For backward compatibility, also accept NULL instead of a context
|
||||
* pointer. */
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
return( 0 );
|
||||
|
||||
|
@ -232,7 +243,12 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
|||
const unsigned char *sig, size_t sig_len,
|
||||
mbedtls_pk_restart_ctx *rs_ctx )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
|
||||
hash != NULL );
|
||||
PK_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -285,7 +301,12 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
|
||||
hash != NULL );
|
||||
PK_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( ctx->pk_info == NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ! mbedtls_pk_can_do( ctx, type ) )
|
||||
|
@ -345,7 +366,12 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
|||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
mbedtls_pk_restart_ctx *rs_ctx )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
|
||||
hash != NULL );
|
||||
PK_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -399,7 +425,12 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( input != NULL || ilen == 0 );
|
||||
PK_VALIDATE_RET( output != NULL || osize == 0 );
|
||||
PK_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( ctx->pk_info == NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->decrypt_func == NULL )
|
||||
|
@ -417,7 +448,12 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( input != NULL || ilen == 0 );
|
||||
PK_VALIDATE_RET( output != NULL || osize == 0 );
|
||||
PK_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( ctx->pk_info == NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->encrypt_func == NULL )
|
||||
|
@ -432,8 +468,11 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
|
|||
*/
|
||||
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
|
||||
{
|
||||
if( pub == NULL || pub->pk_info == NULL ||
|
||||
prv == NULL || prv->pk_info == NULL ||
|
||||
PK_VALIDATE_RET( pub != NULL );
|
||||
PK_VALIDATE_RET( prv != NULL );
|
||||
|
||||
if( pub->pk_info == NULL ||
|
||||
prv->pk_info == NULL ||
|
||||
prv->pk_info->check_pair_func == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
@ -458,6 +497,8 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
|
|||
*/
|
||||
size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
|
||||
{
|
||||
/* For backward compatibility, accept NULL or a context that
|
||||
* isn't set up yet, and return a fake value that should be safe. */
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
return( 0 );
|
||||
|
||||
|
@ -469,7 +510,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
|
|||
*/
|
||||
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
if( ctx->pk_info == NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->debug_func == NULL )
|
||||
|
|
|
@ -48,6 +48,8 @@
|
|||
#include "mbedtls/des.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
|
||||
mbedtls_asn1_buf *salt, int *iterations )
|
||||
{
|
||||
|
@ -226,6 +228,8 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
|
||||
const unsigned char *filler, size_t fill_len )
|
||||
{
|
||||
|
|
|
@ -54,22 +54,7 @@
|
|||
#define mbedtls_printf printf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output )
|
||||
{
|
||||
((void) pbe_params);
|
||||
((void) mode);
|
||||
((void) pwd);
|
||||
((void) pwdlen);
|
||||
((void) data);
|
||||
((void) datalen);
|
||||
((void) output);
|
||||
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#else
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
|
||||
mbedtls_asn1_buf *salt, int *iterations,
|
||||
int *keylen, mbedtls_md_type_t *md_type )
|
||||
|
|
|
@ -61,6 +61,12 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define PK_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
||||
#define PK_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
|
@ -74,6 +80,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
|||
FILE *f;
|
||||
long size;
|
||||
|
||||
PK_VALIDATE_RET( path != NULL );
|
||||
PK_VALIDATE_RET( buf != NULL );
|
||||
PK_VALIDATE_RET( n != NULL );
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
||||
|
||||
|
@ -124,6 +134,9 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( path != NULL );
|
||||
|
||||
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -148,6 +161,9 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
PK_VALIDATE_RET( path != NULL );
|
||||
|
||||
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -605,6 +621,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
|||
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
||||
const mbedtls_pk_info_t *pk_info;
|
||||
|
||||
PK_VALIDATE_RET( p != NULL );
|
||||
PK_VALIDATE_RET( *p != NULL );
|
||||
PK_VALIDATE_RET( end != NULL );
|
||||
PK_VALIDATE_RET( pk != NULL );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
{
|
||||
|
@ -1145,16 +1166,22 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
{
|
||||
int ret;
|
||||
const mbedtls_pk_info_t *pk_info;
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
size_t len;
|
||||
mbedtls_pem_context pem;
|
||||
#endif
|
||||
|
||||
mbedtls_pem_init( &pem );
|
||||
PK_VALIDATE_RET( pk != NULL );
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
@ -1185,7 +1212,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
@ -1215,7 +1242,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
@ -1238,7 +1265,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
|
||||
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
@ -1276,9 +1303,6 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
{
|
||||
unsigned char *key_copy;
|
||||
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
||||
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
|
||||
|
@ -1360,11 +1384,18 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
size_t len;
|
||||
mbedtls_pem_context pem;
|
||||
#endif
|
||||
|
||||
PK_VALIDATE_RET( ctx != NULL );
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
PK_VALIDATE_RET( key != NULL || keylen == 0 );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_init( &pem );
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
@ -1395,7 +1426,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/asn1write.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -54,6 +55,12 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define PK_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
||||
#define PK_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/*
|
||||
* RSAPublicKey ::= SEQUENCE {
|
||||
|
@ -151,6 +158,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
|||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
PK_VALIDATE_RET( p != NULL );
|
||||
PK_VALIDATE_RET( *p != NULL );
|
||||
PK_VALIDATE_RET( start != NULL );
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
||||
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
|
||||
|
@ -173,6 +185,11 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
|
|||
size_t len = 0, par_len = 0, oid_len;
|
||||
const char *oid;
|
||||
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
if( size == 0 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
PK_VALIDATE_RET( buf != NULL );
|
||||
|
||||
c = buf + size;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
|
||||
|
@ -217,9 +234,16 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
|
|||
int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *c = buf + size;
|
||||
unsigned char *c;
|
||||
size_t len = 0;
|
||||
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
if( size == 0 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
PK_VALIDATE_RET( buf != NULL );
|
||||
|
||||
c = buf + size;
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
|
@ -457,6 +481,9 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si
|
|||
unsigned char output_buf[PUB_DER_MAX_BYTES];
|
||||
size_t olen = 0;
|
||||
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
PK_VALIDATE_RET( buf != NULL || size == 0 );
|
||||
|
||||
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
|
||||
sizeof(output_buf) ) ) < 0 )
|
||||
{
|
||||
|
@ -480,6 +507,9 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
const char *begin, *end;
|
||||
size_t olen = 0;
|
||||
|
||||
PK_VALIDATE_RET( key != NULL );
|
||||
PK_VALIDATE_RET( buf != NULL || size == 0 );
|
||||
|
||||
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#endif
|
||||
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/threading.h"
|
||||
|
||||
#include <stddef.h>
|
||||
|
|
|
@ -49,6 +49,12 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define POLY1305_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
|
||||
#define POLY1305_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
|
@ -276,27 +282,24 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
|
|||
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
POLY1305_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
|
||||
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
if( ctx == NULL || key == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
|
||||
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU;
|
||||
|
@ -331,16 +334,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
size_t remaining = ilen;
|
||||
size_t queue_free_len;
|
||||
size_t nblocks;
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( ilen > 0U ) && ( input == NULL ) )
|
||||
{
|
||||
/* input pointer is allowed to be NULL only if ilen == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
|
||||
{
|
||||
|
@ -398,10 +393,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
||||
unsigned char mac[16] )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( mac == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( mac != NULL );
|
||||
|
||||
/* Process any leftover data */
|
||||
if( ctx->queue_len > 0U )
|
||||
|
@ -431,6 +424,9 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
|
|||
{
|
||||
mbedtls_poly1305_context ctx;
|
||||
int ret;
|
||||
POLY1305_VALIDATE_RET( key != NULL );
|
||||
POLY1305_VALIDATE_RET( mac != NULL );
|
||||
POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
mbedtls_poly1305_init( &ctx );
|
||||
|
||||
|
|
451
library/rsa.c
451
library/rsa.c
|
@ -71,6 +71,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define RSA_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
|
||||
#define RSA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
/* constant-time buffer comparison */
|
||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
|
@ -93,6 +99,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
|||
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
||||
{
|
||||
int ret;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
||||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
||||
|
@ -117,6 +124,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
|
|||
unsigned char const *E, size_t E_len )
|
||||
{
|
||||
int ret = 0;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( N != NULL )
|
||||
{
|
||||
|
@ -240,12 +248,16 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
|
|||
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
||||
{
|
||||
int ret = 0;
|
||||
int have_N, have_P, have_Q, have_D, have_E;
|
||||
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
||||
|
||||
const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
||||
const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
||||
const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
||||
const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
||||
const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
||||
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
||||
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
||||
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
|
||||
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
|
||||
|
||||
/*
|
||||
* Check whether provided parameters are enough
|
||||
|
@ -257,13 +269,13 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
|||
*
|
||||
*/
|
||||
|
||||
const int n_missing = have_P && have_Q && have_D && have_E;
|
||||
const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
||||
const int d_missing = have_P && have_Q && !have_D && have_E;
|
||||
const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
||||
n_missing = have_P && have_Q && have_D && have_E;
|
||||
pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
|
||||
d_missing = have_P && have_Q && !have_D && have_E;
|
||||
is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
|
||||
|
||||
/* These three alternatives are mutually exclusive */
|
||||
const int is_priv = n_missing || pq_missing || d_missing;
|
||||
is_priv = n_missing || pq_missing || d_missing;
|
||||
|
||||
if( !is_priv && !is_pub )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -336,9 +348,11 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
|||
unsigned char *E, size_t E_len )
|
||||
{
|
||||
int ret = 0;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
const int is_priv =
|
||||
is_priv =
|
||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||
|
@ -379,9 +393,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
|||
mbedtls_mpi *D, mbedtls_mpi *E )
|
||||
{
|
||||
int ret;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
int is_priv =
|
||||
is_priv =
|
||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||
|
@ -421,9 +437,11 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
|||
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
||||
{
|
||||
int ret;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
int is_priv =
|
||||
is_priv =
|
||||
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
|
||||
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
|
||||
|
@ -459,6 +477,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
|||
int padding,
|
||||
int hash_id )
|
||||
{
|
||||
RSA_VALIDATE( ctx != NULL );
|
||||
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
||||
|
||||
mbedtls_rsa_set_padding( ctx, padding, hash_id );
|
||||
|
@ -471,8 +493,13 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
|
|||
/*
|
||||
* Set padding for an existing RSA context
|
||||
*/
|
||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
|
||||
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
|
||||
int hash_id )
|
||||
{
|
||||
RSA_VALIDATE( ctx != NULL );
|
||||
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
|
||||
padding == MBEDTLS_RSA_PKCS_V21 );
|
||||
|
||||
ctx->padding = padding;
|
||||
ctx->hash_id = hash_id;
|
||||
}
|
||||
|
@ -503,11 +530,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
mbedtls_mpi H, G, L;
|
||||
int prime_quality = 0;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( nbits % 2 )
|
||||
if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
|
@ -612,6 +638,8 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||
|
||||
|
@ -635,6 +663,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
|||
*/
|
||||
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
||||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
||||
{
|
||||
|
@ -664,6 +694,9 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
|||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||
const mbedtls_rsa_context *prv )
|
||||
{
|
||||
RSA_VALIDATE_RET( pub != NULL );
|
||||
RSA_VALIDATE_RET( prv != NULL );
|
||||
|
||||
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
||||
mbedtls_rsa_check_privkey( prv ) != 0 )
|
||||
{
|
||||
|
@ -689,6 +722,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
size_t olen;
|
||||
mbedtls_mpi T;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -831,6 +867,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* checked result; should be the same in the end. */
|
||||
mbedtls_mpi I, C;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( rsa_check_context( ctx, 1 /* private key checks */,
|
||||
f_rng != NULL /* blinding y/n */ ) != 0 )
|
||||
{
|
||||
|
@ -1091,6 +1131,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1167,11 +1214,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
unsigned char *p = output;
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
|
||||
// We don't check p_rng because it won't be dereferenced here
|
||||
if( f_rng == NULL || input == NULL || output == NULL )
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
olen = ctx->len;
|
||||
|
@ -1185,6 +1234,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
*p++ = 0;
|
||||
if( mode == MBEDTLS_RSA_PUBLIC )
|
||||
{
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
*p++ = MBEDTLS_RSA_CRYPT;
|
||||
|
||||
while( nb_pad-- > 0 )
|
||||
|
@ -1229,6 +1281,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -1271,6 +1329,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
/*
|
||||
* Parameters sanity checks
|
||||
*/
|
||||
|
@ -1387,6 +1453,97 @@ cleanup:
|
|||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
|
||||
*
|
||||
* \param value The value to analyze.
|
||||
* \return Zero if \p value is zero, otherwise all-bits-one.
|
||||
*/
|
||||
static unsigned all_or_nothing_int( unsigned value )
|
||||
{
|
||||
/* MSVC has a warning about unary minus on unsigned, but this is
|
||||
* well-defined and precisely what we want to do here */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Check whether a size is out of bounds, without branches.
|
||||
*
|
||||
* This is equivalent to `size > max`, but is likely to be compiled to
|
||||
* to code using bitwise operation rather than a branch.
|
||||
*
|
||||
* \param size Size to check.
|
||||
* \param max Maximum desired value for \p size.
|
||||
* \return \c 0 if `size <= max`.
|
||||
* \return \c 1 if `size > max`.
|
||||
*/
|
||||
static unsigned size_greater_than( size_t size, size_t max )
|
||||
{
|
||||
/* Return the sign bit (1 for negative) of (max - size). */
|
||||
return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) );
|
||||
}
|
||||
|
||||
/** Choose between two integer values, without branches.
|
||||
*
|
||||
* This is equivalent to `cond ? if1 : if0`, but is likely to be compiled
|
||||
* to code using bitwise operation rather than a branch.
|
||||
*
|
||||
* \param cond Condition to test.
|
||||
* \param if1 Value to use if \p cond is nonzero.
|
||||
* \param if0 Value to use if \p cond is zero.
|
||||
* \return \c if1 if \p cond is nonzero, otherwise \c if0.
|
||||
*/
|
||||
static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 )
|
||||
{
|
||||
unsigned mask = all_or_nothing_int( cond );
|
||||
return( ( mask & if1 ) | (~mask & if0 ) );
|
||||
}
|
||||
|
||||
/** Shift some data towards the left inside a buffer without leaking
|
||||
* the length of the data through side channels.
|
||||
*
|
||||
* `mem_move_to_left(start, total, offset)` is functionally equivalent to
|
||||
* ```
|
||||
* memmove(start, start + offset, total - offset);
|
||||
* memset(start + offset, 0, total - offset);
|
||||
* ```
|
||||
* but it strives to use a memory access pattern (and thus total timing)
|
||||
* that does not depend on \p offset. This timing independence comes at
|
||||
* the expense of performance.
|
||||
*
|
||||
* \param start Pointer to the start of the buffer.
|
||||
* \param total Total size of the buffer.
|
||||
* \param offset Offset from which to copy \p total - \p offset bytes.
|
||||
*/
|
||||
static void mem_move_to_left( void *start,
|
||||
size_t total,
|
||||
size_t offset )
|
||||
{
|
||||
volatile unsigned char *buf = start;
|
||||
size_t i, n;
|
||||
if( total == 0 )
|
||||
return;
|
||||
for( i = 0; i < total; i++ )
|
||||
{
|
||||
unsigned no_op = size_greater_than( total - offset, i );
|
||||
/* The first `total - offset` passes are a no-op. The last
|
||||
* `offset` passes shift the data one byte to the left and
|
||||
* zero out the last byte. */
|
||||
for( n = 0; n < total - 1; n++ )
|
||||
{
|
||||
unsigned char current = buf[n];
|
||||
unsigned char next = buf[n+1];
|
||||
buf[n] = if_int( no_op, current, next );
|
||||
}
|
||||
buf[total-1] = if_int( no_op, buf[total-1], 0 );
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
|
||||
*/
|
||||
|
@ -1396,18 +1553,42 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
int mode, size_t *olen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
size_t output_max_len)
|
||||
size_t output_max_len )
|
||||
{
|
||||
int ret;
|
||||
size_t ilen, pad_count = 0, i;
|
||||
unsigned char *p, bad, pad_done = 0;
|
||||
size_t ilen, i, plaintext_max_size;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
/* The following variables take sensitive values: their value must
|
||||
* not leak into the observable behavior of the function other than
|
||||
* the designated outputs (output, olen, return value). Otherwise
|
||||
* this would open the execution of the function to
|
||||
* side-channel-based variants of the Bleichenbacher padding oracle
|
||||
* attack. Potential side channels include overall timing, memory
|
||||
* access patterns (especially visible to an adversary who has access
|
||||
* to a shared memory cache), and branches (especially visible to
|
||||
* an adversary who has access to a shared code cache or to a shared
|
||||
* branch predictor). */
|
||||
size_t pad_count = 0;
|
||||
unsigned bad = 0;
|
||||
unsigned char pad_done = 0;
|
||||
size_t plaintext_size = 0;
|
||||
unsigned output_too_large;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
ilen = ctx->len;
|
||||
plaintext_max_size = ( output_max_len > ilen - 11 ?
|
||||
ilen - 11 :
|
||||
output_max_len );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
ilen = ctx->len;
|
||||
|
||||
if( ilen < 16 || ilen > sizeof( buf ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1418,63 +1599,109 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
p = buf;
|
||||
bad = 0;
|
||||
/* Check and get padding length in constant time and constant
|
||||
* memory trace. The first byte must be 0. */
|
||||
bad |= buf[0];
|
||||
|
||||
/*
|
||||
* Check and get padding len in "constant-time"
|
||||
*/
|
||||
bad |= *p++; /* First byte must be 0 */
|
||||
|
||||
/* This test does not depend on secret data */
|
||||
if( mode == MBEDTLS_RSA_PRIVATE )
|
||||
{
|
||||
bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
|
||||
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
|
||||
* where PS must be at least 8 nonzero bytes. */
|
||||
bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
|
||||
|
||||
/* Get padding len, but always read till end of buffer
|
||||
* (minus one, for the 00 byte) */
|
||||
for( i = 0; i < ilen - 3; i++ )
|
||||
/* Read the whole buffer. Set pad_done to nonzero if we find
|
||||
* the 0x00 byte and remember the padding length in pad_count. */
|
||||
for( i = 2; i < ilen; i++ )
|
||||
{
|
||||
pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
|
||||
pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
|
||||
pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
|
||||
}
|
||||
|
||||
p += pad_count;
|
||||
bad |= *p++; /* Must be zero */
|
||||
}
|
||||
else
|
||||
{
|
||||
bad |= *p++ ^ MBEDTLS_RSA_SIGN;
|
||||
/* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
|
||||
* where PS must be at least 8 bytes with the value 0xFF. */
|
||||
bad |= buf[1] ^ MBEDTLS_RSA_SIGN;
|
||||
|
||||
/* Get padding len, but always read till end of buffer
|
||||
* (minus one, for the 00 byte) */
|
||||
for( i = 0; i < ilen - 3; i++ )
|
||||
/* Read the whole buffer. Set pad_done to nonzero if we find
|
||||
* the 0x00 byte and remember the padding length in pad_count.
|
||||
* If there's a non-0xff byte in the padding, the padding is bad. */
|
||||
for( i = 2; i < ilen; i++ )
|
||||
{
|
||||
pad_done |= ( p[i] != 0xFF );
|
||||
pad_count += ( pad_done == 0 );
|
||||
pad_done |= if_int( buf[i], 0, 1 );
|
||||
pad_count += if_int( pad_done, 0, 1 );
|
||||
bad |= if_int( pad_done, 0, buf[i] ^ 0xFF );
|
||||
}
|
||||
|
||||
p += pad_count;
|
||||
bad |= *p++; /* Must be zero */
|
||||
}
|
||||
|
||||
bad |= ( pad_count < 8 );
|
||||
/* If pad_done is still zero, there's no data, only unfinished padding. */
|
||||
bad |= if_int( pad_done, 0, 1 );
|
||||
|
||||
if( bad )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
|
||||
goto cleanup;
|
||||
}
|
||||
/* There must be at least 8 bytes of padding. */
|
||||
bad |= size_greater_than( 8, pad_count );
|
||||
|
||||
if( ilen - ( p - buf ) > output_max_len )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
|
||||
goto cleanup;
|
||||
}
|
||||
/* If the padding is valid, set plaintext_size to the number of
|
||||
* remaining bytes after stripping the padding. If the padding
|
||||
* is invalid, avoid leaking this fact through the size of the
|
||||
* output: use the maximum message size that fits in the output
|
||||
* buffer. Do it without branches to avoid leaking the padding
|
||||
* validity through timing. RSA keys are small enough that all the
|
||||
* size_t values involved fit in unsigned int. */
|
||||
plaintext_size = if_int( bad,
|
||||
(unsigned) plaintext_max_size,
|
||||
(unsigned) ( ilen - pad_count - 3 ) );
|
||||
|
||||
*olen = ilen - (p - buf);
|
||||
memcpy( output, p, *olen );
|
||||
ret = 0;
|
||||
/* Set output_too_large to 0 if the plaintext fits in the output
|
||||
* buffer and to 1 otherwise. */
|
||||
output_too_large = size_greater_than( plaintext_size,
|
||||
plaintext_max_size );
|
||||
|
||||
/* Set ret without branches to avoid timing attacks. Return:
|
||||
* - INVALID_PADDING if the padding is bad (bad != 0).
|
||||
* - OUTPUT_TOO_LARGE if the padding is good but the decrypted
|
||||
* plaintext does not fit in the output buffer.
|
||||
* - 0 if the padding is correct. */
|
||||
ret = - (int) if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
|
||||
if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
|
||||
0 ) );
|
||||
|
||||
/* If the padding is bad or the plaintext is too large, zero the
|
||||
* data that we're about to copy to the output buffer.
|
||||
* We need to copy the same amount of data
|
||||
* from the same buffer whether the padding is good or not to
|
||||
* avoid leaking the padding validity through overall timing or
|
||||
* through memory or cache access patterns. */
|
||||
bad = all_or_nothing_int( bad | output_too_large );
|
||||
for( i = 11; i < ilen; i++ )
|
||||
buf[i] &= ~bad;
|
||||
|
||||
/* If the plaintext is too large, truncate it to the buffer size.
|
||||
* Copy anyway to avoid revealing the length through timing, because
|
||||
* revealing the length is as bad as revealing the padding validity
|
||||
* for a Bleichenbacher attack. */
|
||||
plaintext_size = if_int( output_too_large,
|
||||
(unsigned) plaintext_max_size,
|
||||
(unsigned) plaintext_size );
|
||||
|
||||
/* Move the plaintext to the leftmost position where it can start in
|
||||
* the working buffer, i.e. make it start plaintext_max_size from
|
||||
* the end of the buffer. Do this with a memory access trace that
|
||||
* does not depend on the plaintext size. After this move, the
|
||||
* starting location of the plaintext is no longer sensitive
|
||||
* information. */
|
||||
mem_move_to_left( buf + ilen - plaintext_max_size,
|
||||
plaintext_max_size,
|
||||
plaintext_max_size - plaintext_size );
|
||||
|
||||
/* Finally copy the decrypted plaintext plus trailing zeros
|
||||
* into the output buffer. */
|
||||
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
||||
|
||||
/* Report the amount of data we copied to the output buffer. In case
|
||||
* of errors (bad padding or output too large), the value of *olen
|
||||
* when this function returns is not specified. Making it equivalent
|
||||
* to the good case limits the risks of leaking the padding validity. */
|
||||
*olen = plaintext_size;
|
||||
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
@ -1494,6 +1721,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
unsigned char *output,
|
||||
size_t output_max_len)
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -1535,6 +1769,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
size_t msb;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -1782,6 +2023,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
unsigned char *sig_try = NULL, *verif = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1851,6 +2100,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *hash,
|
||||
unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -1897,6 +2154,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
mbedtls_md_context_t md_ctx;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -2025,7 +2290,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *hash,
|
||||
const unsigned char *sig )
|
||||
{
|
||||
mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
||||
mbedtls_md_type_t mgf1_hash_id;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
||||
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
||||
? (mbedtls_md_type_t) ctx->hash_id
|
||||
: md_alg;
|
||||
|
||||
|
@ -2051,9 +2325,19 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *sig )
|
||||
{
|
||||
int ret = 0;
|
||||
const size_t sig_len = ctx->len;
|
||||
size_t sig_len;
|
||||
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
||||
sig_len = ctx->len;
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -2123,6 +2407,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *hash,
|
||||
const unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -2148,6 +2440,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
||||
{
|
||||
int ret;
|
||||
RSA_VALIDATE_RET( dst != NULL );
|
||||
RSA_VALIDATE_RET( src != NULL );
|
||||
|
||||
dst->ver = src->ver;
|
||||
dst->len = src->len;
|
||||
|
@ -2187,14 +2481,23 @@ cleanup:
|
|||
*/
|
||||
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
|
||||
{
|
||||
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
|
||||
mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
|
||||
mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N );
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_mpi_free( &ctx->Vi );
|
||||
mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->RN );
|
||||
mbedtls_mpi_free( &ctx->D );
|
||||
mbedtls_mpi_free( &ctx->Q );
|
||||
mbedtls_mpi_free( &ctx->P );
|
||||
mbedtls_mpi_free( &ctx->E );
|
||||
mbedtls_mpi_free( &ctx->N );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ );
|
||||
mbedtls_mpi_free( &ctx->RQ );
|
||||
mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->QP );
|
||||
mbedtls_mpi_free( &ctx->DQ );
|
||||
mbedtls_mpi_free( &ctx->DP );
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
||||
|
|
|
@ -46,6 +46,11 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#define SHA1_VALIDATE_RET(cond) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
|
||||
|
||||
#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
|
||||
/*
|
||||
|
@ -73,6 +78,8 @@
|
|||
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
SHA1_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
|
||||
}
|
||||
|
||||
|
@ -87,6 +94,9 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
|
|||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src )
|
||||
{
|
||||
SHA1_VALIDATE( dst != NULL );
|
||||
SHA1_VALIDATE( src != NULL );
|
||||
|
||||
*dst = *src;
|
||||
}
|
||||
|
||||
|
@ -95,6 +105,8 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
|||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
SHA1_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
|
@ -120,6 +132,9 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
|||
{
|
||||
uint32_t temp, W[16], A, B, C, D, E;
|
||||
|
||||
SHA1_VALIDATE_RET( ctx != NULL );
|
||||
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||
|
||||
GET_UINT32_BE( W[ 0], data, 0 );
|
||||
GET_UINT32_BE( W[ 1], data, 4 );
|
||||
GET_UINT32_BE( W[ 2], data, 8 );
|
||||
|
@ -294,6 +309,9 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
|||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
SHA1_VALIDATE_RET( ctx != NULL );
|
||||
SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ilen == 0 )
|
||||
return( 0 );
|
||||
|
||||
|
@ -352,6 +370,9 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
|||
uint32_t used;
|
||||
uint32_t high, low;
|
||||
|
||||
SHA1_VALIDATE_RET( ctx != NULL );
|
||||
SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
/*
|
||||
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
|
||||
*/
|
||||
|
@ -420,6 +441,9 @@ int mbedtls_sha1_ret( const unsigned char *input,
|
|||
int ret;
|
||||
mbedtls_sha1_context ctx;
|
||||
|
||||
SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
mbedtls_sha1_init( &ctx );
|
||||
|
||||
if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
|
||||
|
|
|
@ -49,6 +49,10 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#define SHA256_VALIDATE_RET(cond) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
|
||||
#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
/*
|
||||
|
@ -76,6 +80,8 @@ do { \
|
|||
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
|
||||
{
|
||||
SHA256_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
|
||||
}
|
||||
|
||||
|
@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
|
|||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src )
|
||||
{
|
||||
SHA256_VALIDATE( dst != NULL );
|
||||
SHA256_VALIDATE( src != NULL );
|
||||
|
||||
*dst = *src;
|
||||
}
|
||||
|
||||
|
@ -98,6 +107,9 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
|||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
|
||||
{
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
||||
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
|
@ -192,6 +204,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
uint32_t A[8];
|
||||
unsigned int i;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||
|
||||
for( i = 0; i < 8; i++ )
|
||||
A[i] = ctx->state[i];
|
||||
|
||||
|
@ -263,6 +278,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
|||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ilen == 0 )
|
||||
return( 0 );
|
||||
|
||||
|
@ -321,6 +339,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
|||
uint32_t used;
|
||||
uint32_t high, low;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
/*
|
||||
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
|
||||
*/
|
||||
|
@ -395,6 +416,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||
int ret;
|
||||
mbedtls_sha256_context ctx;
|
||||
|
||||
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
mbedtls_sha256_init( &ctx );
|
||||
|
||||
if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
|
||||
|
|
|
@ -55,6 +55,10 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#define SHA512_VALIDATE_RET(cond) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
|
||||
#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
|
||||
/*
|
||||
|
@ -90,6 +94,8 @@
|
|||
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
|
||||
{
|
||||
SHA512_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
|
||||
}
|
||||
|
||||
|
@ -104,6 +110,9 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
|
|||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src )
|
||||
{
|
||||
SHA512_VALIDATE( dst != NULL );
|
||||
SHA512_VALIDATE( src != NULL );
|
||||
|
||||
*dst = *src;
|
||||
}
|
||||
|
||||
|
@ -112,6 +121,9 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
|||
*/
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
|
||||
{
|
||||
SHA512_VALIDATE_RET( ctx != NULL );
|
||||
SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
|
||||
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
|
@ -209,6 +221,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
uint64_t temp1, temp2, W[80];
|
||||
uint64_t A, B, C, D, E, F, G, H;
|
||||
|
||||
SHA512_VALIDATE_RET( ctx != NULL );
|
||||
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||
|
||||
#define SHR(x,n) (x >> n)
|
||||
#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
|
||||
|
||||
|
@ -294,6 +309,9 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
|||
size_t fill;
|
||||
unsigned int left;
|
||||
|
||||
SHA512_VALIDATE_RET( ctx != NULL );
|
||||
SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ilen == 0 )
|
||||
return( 0 );
|
||||
|
||||
|
@ -351,6 +369,9 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
|||
unsigned used;
|
||||
uint64_t high, low;
|
||||
|
||||
SHA512_VALIDATE_RET( ctx != NULL );
|
||||
SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
/*
|
||||
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
|
||||
*/
|
||||
|
@ -427,6 +448,10 @@ int mbedtls_sha512_ret( const unsigned char *input,
|
|||
int ret;
|
||||
mbedtls_sha512_context ctx;
|
||||
|
||||
SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
|
||||
SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
mbedtls_sha512_init( &ctx );
|
||||
|
||||
if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
|
||||
|
|
|
@ -2027,8 +2027,14 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char *
|
|||
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
mbedtls_ecp_group_id grp_id;
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
grp_id = ssl->handshake->ecdh_ctx.grp.id;
|
||||
#else
|
||||
grp_id = ssl->handshake->ecdh_ctx.grp_id;
|
||||
#endif
|
||||
|
||||
curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
|
||||
curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
|
||||
if( curve_info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
|
@ -2038,14 +2044,15 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
|
||||
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
|
||||
#else
|
||||
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
|
||||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
|
||||
#endif
|
||||
return( -1 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_QP );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -2967,7 +2974,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
|
@ -2994,7 +3002,8 @@ ecdh_calc_secret:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Z );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
|
@ -3089,7 +3098,8 @@ ecdh_calc_secret:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
|
|
@ -3048,8 +3048,8 @@ curve_matching_done:
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
|
||||
|
||||
if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
|
||||
(*curve)->grp_id ) ) != 0 )
|
||||
if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
|
||||
(*curve)->grp_id ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
|
||||
return( ret );
|
||||
|
@ -3071,7 +3071,8 @@ curve_matching_done:
|
|||
|
||||
ssl->out_msglen += len;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
|
||||
|
||||
|
@ -3794,7 +3795,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_QP );
|
||||
|
||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||
&ssl->handshake->pmslen,
|
||||
|
@ -3806,7 +3808,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Z );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
|
@ -3919,7 +3922,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_QP );
|
||||
|
||||
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
|
||||
ciphersuite_info->key_exchange ) ) != 0 )
|
||||
|
|
|
@ -188,9 +188,9 @@ static int ssl_save_session( const mbedtls_ssl_session *session,
|
|||
if( left < 3 + cert_len )
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
|
||||
*p++ = (unsigned char)( cert_len >> 16 & 0xFF );
|
||||
*p++ = (unsigned char)( cert_len >> 8 & 0xFF );
|
||||
*p++ = (unsigned char)( cert_len & 0xFF );
|
||||
*p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( cert_len ) & 0xFF );
|
||||
|
||||
if( session->peer_cert != NULL )
|
||||
memcpy( p, session->peer_cert->raw.p, cert_len );
|
||||
|
@ -215,14 +215,14 @@ static int ssl_load_session( mbedtls_ssl_session *session,
|
|||
size_t cert_len;
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
if( p + sizeof( mbedtls_ssl_session ) > end )
|
||||
if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memcpy( session, p, sizeof( mbedtls_ssl_session ) );
|
||||
p += sizeof( mbedtls_ssl_session );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( p + 3 > end )
|
||||
if( 3 > (size_t)( end - p ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
|
||||
|
@ -236,7 +236,7 @@ static int ssl_load_session( mbedtls_ssl_session *session,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( p + cert_len > end )
|
||||
if( cert_len > (size_t)( end - p ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
||||
|
@ -247,7 +247,7 @@ static int ssl_load_session( mbedtls_ssl_session *session,
|
|||
mbedtls_x509_crt_init( session->peer_cert );
|
||||
|
||||
if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
|
||||
p, cert_len ) ) != 0 )
|
||||
p, cert_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_x509_crt_free( session->peer_cert );
|
||||
mbedtls_free( session->peer_cert );
|
||||
|
|
|
@ -1333,7 +1333,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
*(p++) = (unsigned char)( zlen );
|
||||
p += zlen;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Z );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
@ -3200,8 +3201,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
||||
/* Whenever we send anything different from a
|
||||
* HelloRequest we should be in a handshake - double check. */
|
||||
if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
|
||||
ssl->handshake == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
|
@ -3295,8 +3298,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||
/* Either send now, or just save to be sent (and resent) later */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||
{
|
||||
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
|
||||
{
|
||||
|
|
|
@ -84,6 +84,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
"MBEDTLS_DEPRECATED_REMOVED",
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
"MBEDTLS_CHECK_PARAMS",
|
||||
#endif /* MBEDTLS_CHECK_PARAMS */
|
||||
#if defined(MBEDTLS_TIMING_ALT)
|
||||
"MBEDTLS_TIMING_ALT",
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
|
|
@ -2179,7 +2179,7 @@ static int x509_crt_find_parent(
|
|||
}
|
||||
|
||||
/* extra precaution against mistakes in the caller */
|
||||
if( parent == NULL )
|
||||
if( *parent == NULL )
|
||||
{
|
||||
*parent_is_trusted = 0;
|
||||
*signature_is_good = 0;
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -78,6 +79,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 0;
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -80,6 +81,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1, i, n;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -50,6 +51,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
|
||||
{
|
||||
int ret = mbedtls_md_file( md_info, filename, sum );
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif
|
||||
|
@ -46,6 +47,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( void )
|
||||
{
|
||||
int i, ret;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_time_t time_t
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -70,6 +71,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( void )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_time_t time_t
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -68,6 +69,18 @@ int main( void )
|
|||
*/
|
||||
#define GENERATOR "4"
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char **argv )
|
||||
{
|
||||
int ret = 1;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_time_t time_t
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -70,6 +71,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( void )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -31,16 +31,17 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_C) || \
|
||||
#if !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) || \
|
||||
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
|
||||
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_ECDH_C and/or "
|
||||
mbedtls_printf( "MBEDTLS_ECDH_C and/or MBEDTLS_ECDH_LEGACY_CONTEXT and/or "
|
||||
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
|
||||
"not defined\n" );
|
||||
|
@ -52,6 +53,18 @@ int main( void )
|
|||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/ecdh.h"
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1;
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -99,6 +100,18 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
|
|||
#define dump_pubkey( a, b )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1;
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -135,6 +136,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
|
@ -322,7 +336,8 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( "\n . Generating the private key ..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 )
|
||||
if( ( ret = mbedtls_pk_setup( &key,
|
||||
mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret );
|
||||
goto exit;
|
||||
|
@ -344,7 +359,8 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_ECP_C)
|
||||
if( opt.type == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ),
|
||||
ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve,
|
||||
mbedtls_pk_ec( key ),
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -73,6 +74,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -87,13 +88,28 @@
|
|||
USAGE_OUT \
|
||||
"\n"
|
||||
|
||||
#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PK_PARSE_C) || \
|
||||
!defined(MBEDTLS_PK_WRITE_C) || \
|
||||
!defined(MBEDTLS_FS_IO)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
|
||||
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
|
@ -433,4 +449,4 @@ exit:
|
|||
|
||||
return( exit_code );
|
||||
}
|
||||
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -48,6 +49,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( void )
|
||||
{
|
||||
int ret = 1;
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -59,6 +60,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -59,6 +60,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -59,6 +60,18 @@ int main( void )
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdlib.h>
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_exit exit
|
||||
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
||||
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -55,6 +56,18 @@ int main( void )
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
|
@ -58,6 +58,19 @@ int main( void )
|
|||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
#include "mbedtls/platform_util.h"
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line )
|
||||
{
|
||||
mbedtls_printf( "%s:%i: Input param failed - %s\n",
|
||||
file, line, failure_condition );
|
||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue