Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
This commit is contained in:
commit
be7b21da22
211 changed files with 20565 additions and 5080 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -41,6 +41,9 @@ massif-*
|
|||
# Generated documentation:
|
||||
/apidoc
|
||||
|
||||
# PSA Crypto compliance test repo, cloned by test_psa_compliance.py
|
||||
/psa-arch-tests
|
||||
|
||||
# Editor navigation files:
|
||||
/GPATH
|
||||
/GRTAGS
|
||||
|
|
|
@ -14,6 +14,8 @@ jobs:
|
|||
- graphviz
|
||||
- gcc-arm-none-eabi
|
||||
- libnewlib-arm-none-eabi
|
||||
- gcc-arm-linux-gnueabi
|
||||
- libc6-dev-armel-cross
|
||||
language: python # Needed to get pip for Python 3
|
||||
python: 3.5 # version from Ubuntu 16.04
|
||||
install:
|
||||
|
@ -22,7 +24,7 @@ jobs:
|
|||
- tests/scripts/all.sh -k 'check_*'
|
||||
- tests/scripts/all.sh -k test_default_out_of_box
|
||||
- tests/scripts/all.sh -k test_ref_configs
|
||||
- tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
||||
- tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
||||
|
||||
- name: full configuration
|
||||
script:
|
||||
|
|
|
@ -62,7 +62,7 @@ had to break ABI compatibility in an LTS branch, but we occasionally had to
|
|||
increase code size for a security fix.)
|
||||
|
||||
For contributors, see the [Backwards Compatibility section of
|
||||
CONTRIBUTING](CONTRIBUTING.md#cackwords-compatibility).
|
||||
CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility).
|
||||
|
||||
## Current Branches
|
||||
|
||||
|
|
|
@ -46,6 +46,11 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
|
|||
|
||||
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
|
||||
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
|
||||
if(WIN32)
|
||||
option(GEN_FILES "Generate the auto-generated files as needed" OFF)
|
||||
else()
|
||||
option(GEN_FILES "Generate the auto-generated files as needed" ON)
|
||||
endif()
|
||||
|
||||
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
|
||||
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
|
||||
|
@ -135,6 +140,22 @@ function(link_to_source base_name)
|
|||
endif()
|
||||
endfunction(link_to_source)
|
||||
|
||||
# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
|
||||
function(get_name_without_last_ext dest_var full_name)
|
||||
# Split into a list on '.' (but a cmake list is just a ';'-separated string)
|
||||
string(REPLACE "." ";" ext_parts "${full_name}")
|
||||
# Remove the last item if there are more than one
|
||||
list(LENGTH ext_parts ext_parts_len)
|
||||
if (${ext_parts_len} GREATER "1")
|
||||
math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
|
||||
list(REMOVE_AT ext_parts ${ext_parts_last_item})
|
||||
endif()
|
||||
# Convert back to a string by replacing separators with '.'
|
||||
string(REPLACE ";" "." no_ext_name "${ext_parts}")
|
||||
# Copy into the desired variable
|
||||
set(${dest_var} ${no_ext_name} PARENT_SCOPE)
|
||||
endfunction(get_name_without_last_ext)
|
||||
|
||||
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
|
||||
|
||||
include(CheckCCompilerFlag)
|
||||
|
@ -330,7 +351,7 @@ install(
|
|||
DESTINATION "cmake"
|
||||
FILE "MbedTLSTargets.cmake")
|
||||
|
||||
if(CMAKE_VERSION VERSION_GREATER 3.14)
|
||||
if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
|
||||
# Do not export the package by default
|
||||
cmake_policy(SET CMP0090 NEW)
|
||||
|
||||
|
|
|
@ -52,8 +52,7 @@ It would be highly appreciated if contributions are backported to LTS branches i
|
|||
The list of maintained branches can be found in the [Current Branches section
|
||||
of BRANCHES.md](BRANCHES.md#current-branches).
|
||||
|
||||
Currently maintained LTS branches are:
|
||||
1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
|
||||
The only currently maintained LTS branch is:
|
||||
1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
|
||||
|
||||
|
||||
|
|
3
ChangeLog.d/add_psa_m_aead.txt
Normal file
3
ChangeLog.d/add_psa_m_aead.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* Implement the PSA multipart AEAD interface, currently supporting
|
||||
ChaChaPoly and GCM.
|
4
ChangeLog.d/base64-ranges.txt
Normal file
4
ChangeLog.d/base64-ranges.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Changes
|
||||
* Improve the performance of base64 constant-flow code. The result is still
|
||||
slower than the original non-constant-flow implementation, but much faster
|
||||
than the previous constant-flow implementation. Fixes #4814.
|
4
ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
Normal file
4
ChangeLog.d/bugfix-for-gcm-long-iv-size.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Bugfix
|
||||
* Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
|
||||
* Fix #4884.
|
||||
|
10
ChangeLog.d/ccm_star_no_tag.txt
Normal file
10
ChangeLog.d/ccm_star_no_tag.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
Changes
|
||||
* Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
|
||||
For CCM* encryption/decryption without authentication, input
|
||||
length will be ignored.
|
||||
|
||||
Features
|
||||
* Add support for CCM*-no-tag cipher to the PSA.
|
||||
Currently only 13-byte long IV's are supported.
|
||||
For decryption a minimum of 16-byte long input is expected.
|
||||
These restrictions may be subject to change.
|
3
ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
Normal file
3
ChangeLog.d/chacha20-poly1305-invalid-nonce.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Indicate in the error returned if the nonce length used with
|
||||
ChaCha20-Poly1305 is invalid, and not just unsupported.
|
17
ChangeLog.d/check-return.txt
Normal file
17
ChangeLog.d/check-return.txt
Normal file
|
@ -0,0 +1,17 @@
|
|||
Bugfix
|
||||
* Failures of alternative implementations of AES or DES single-block
|
||||
functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
|
||||
MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
|
||||
This does not concern the implementation provided with Mbed TLS,
|
||||
where this function cannot fail, or full-module replacements with
|
||||
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
|
||||
|
||||
Features
|
||||
* Warn if errors from certain functions are ignored. This is currently
|
||||
supported on GCC-like compilers and on MSVC and can be configured through
|
||||
the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
|
||||
(where supported) for critical functions where ignoring the return
|
||||
value is almost always a bug. Enable the new configuration option
|
||||
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
|
||||
is currently implemented in the AES and DES modules, and will be extended
|
||||
to other modules in the future.
|
8
ChangeLog.d/chunked_ccm.txt
Normal file
8
ChangeLog.d/chunked_ccm.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
Changes
|
||||
* Implement multi-part CCM API.
|
||||
The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
|
||||
mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish()
|
||||
were introduced in mbedTLS 3.0 release, however their implementation was
|
||||
postponed until now.
|
||||
Implemented functions support chunked data input for both CCM and CCM*
|
||||
algorithms.
|
5
ChangeLog.d/do-not-use-obsolete-header.txt
Normal file
5
ChangeLog.d/do-not-use-obsolete-header.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Don't use the obsolete header path sys/fcntl.h in unit tests.
|
||||
These header files cause compilation errors in musl.
|
||||
Fixes #4969.
|
||||
|
2
ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt
Normal file
2
ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Bugfix
|
||||
* Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
|
3
ChangeLog.d/fix-needed-shared-libraries-linux.txt
Normal file
3
ChangeLog.d/fix-needed-shared-libraries-linux.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
|
||||
not to list other shared libraries they need.
|
2
ChangeLog.d/fix-psa_gen_key-status.txt
Normal file
2
ChangeLog.d/fix-psa_gen_key-status.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Bugfix
|
||||
* Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
|
3
ChangeLog.d/issue5065.txt
Normal file
3
ChangeLog.d/issue5065.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix compile-time or run-time errors in PSA
|
||||
AEAD functions when ChachaPoly is disabled. Fixes #5065.
|
5
ChangeLog.d/muladdc-memory.txt
Normal file
5
ChangeLog.d/muladdc-memory.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix missing constraints on x86_64 and aarch64 assembly code
|
||||
for bignum multiplication that broke some bignum operations with
|
||||
(at least) Clang 12.
|
||||
Fixes #4116, #4786, #4917, #4962.
|
3
ChangeLog.d/no-strerror.txt
Normal file
3
ChangeLog.d/no-strerror.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
|
||||
MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
|
5
ChangeLog.d/psa_alg_rsa_pss.txt
Normal file
5
ChangeLog.d/psa_alg_rsa_pss.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
|
||||
This algorithm now accepts only the same salt length for verification
|
||||
that it produces when signing, as documented. Use the new algorithm
|
||||
PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
|
2
ChangeLog.d/psa_cipher_update_ecp.txt
Normal file
2
ChangeLog.d/psa_cipher_update_ecp.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Bugfix
|
||||
* Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
|
11
ChangeLog.d/psa_crypto_api_macros.txt
Normal file
11
ChangeLog.d/psa_crypto_api_macros.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
Features
|
||||
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
|
||||
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
|
||||
|
||||
Bugfix
|
||||
* The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
|
||||
for algorithm values that fully encode the hashing step, as per the PSA
|
||||
Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
|
||||
PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
|
||||
all algorithms that can be used with psa_{sign,verify}_hash(), including
|
||||
these two.
|
16
ChangeLog.d/psa_gcm_buffer_limitation.txt
Normal file
16
ChangeLog.d/psa_gcm_buffer_limitation.txt
Normal file
|
@ -0,0 +1,16 @@
|
|||
Bugfix
|
||||
* Remove PSA'a AEAD finish/verify output buffer limitation for GCM.
|
||||
The requirement of minimum 15 bytes for output buffer in
|
||||
psa_aead_finish() and psa_aead_verify() does not apply to the built-in
|
||||
implementation of GCM.
|
||||
* Move GCM's update output buffer length verification from PSA AEAD to
|
||||
the built-in implementation of the GCM.
|
||||
The requirement for output buffer size to be equal or greater then
|
||||
input buffer size is valid only for the built-in implementation of GCM.
|
||||
Alternative GCM implementations can process whole blocks only.
|
||||
|
||||
API changes
|
||||
* New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
|
||||
Alternative GCM implementations are expected to verify
|
||||
the length of the provided output buffers and to return the
|
||||
MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small.
|
3
ChangeLog.d/remove-greentea-support.txt
Normal file
3
ChangeLog.d/remove-greentea-support.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Removals
|
||||
* Remove the partial support for running unit tests via Greentea on Mbed OS,
|
||||
which had been unmaintained since 2018.
|
5
ChangeLog.d/remove-ssl-export-keys.txt
Normal file
5
ChangeLog.d/remove-ssl-export-keys.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Changes
|
||||
* Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the
|
||||
code size by about 80B on an M0 build. This option only gated an ability
|
||||
to set a callback, but was deemed unnecessary as it was yet another define
|
||||
to remember when writing tests, or test configurations. Fixes #4653.
|
3
ChangeLog.d/tls_ext_cid-config.txt
Normal file
3
ChangeLog.d/tls_ext_cid-config.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* The identifier of the CID TLS extension can be configured by defining
|
||||
MBEDTLS_TLS_EXT_CID at compile time.
|
10
README.md
10
README.md
|
@ -38,7 +38,7 @@ There are currently three active build systems used within Mbed TLS releases:
|
|||
|
||||
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
||||
|
||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
|
||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`.
|
||||
|
||||
### Tool versions
|
||||
|
||||
|
@ -67,6 +67,7 @@ If you are cross-compiling, you must set the `CC` environment variable to a C co
|
|||
Any of the following methods are available to generate the configuration-independent files:
|
||||
|
||||
* If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files.
|
||||
* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically.
|
||||
* Run `make generated_files` to generate all the configuration-independent files.
|
||||
* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files.
|
||||
* On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files.
|
||||
|
@ -298,3 +299,10 @@ Contributing
|
|||
------------
|
||||
|
||||
We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this.
|
||||
|
||||
Contact
|
||||
-------
|
||||
|
||||
* To report a security vulnerability in Mbed TLS, please email <mbed-tls-security@lists.trustedfirmware.org>. For more information, see [`SECURITY.md`](SECURITY.md).
|
||||
* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose).
|
||||
* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS.
|
||||
|
|
|
@ -45,7 +45,6 @@
|
|||
#define MBEDTLS_SSL_PROTO_DTLS
|
||||
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
||||
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||
#define MBEDTLS_SSL_EXPORT_KEYS
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
|
|
1
docs/.gitignore
vendored
1
docs/.gitignore
vendored
|
@ -1,3 +1,2 @@
|
|||
*.html
|
||||
*.pdf
|
||||
!PSACryptoDriverModelSpec.pdf
|
||||
|
|
Binary file not shown.
|
@ -66,3 +66,342 @@ together with their level of testing:
|
|||
as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`:
|
||||
|
||||
- Reader ([`library/mps_reader.h`](../../library/mps_reader.h))
|
||||
|
||||
|
||||
MVP definition
|
||||
--------------
|
||||
|
||||
- Overview
|
||||
|
||||
- The TLS 1.3 MVP implements only the client side of the protocol.
|
||||
|
||||
- The TLS 1.3 MVP supports ECDHE key establishment.
|
||||
|
||||
- The TLS 1.3 MVP does not support DHE key establishment.
|
||||
|
||||
- The TLS 1.3 MVP does not support pre-shared keys, including any form of
|
||||
session resumption. This implies that it does not support sending early
|
||||
data (0-RTT data).
|
||||
|
||||
- The TLS 1.3 MVP supports the authentication of the server by the client
|
||||
but does not support authentication of the client by the server. In terms
|
||||
of TLS 1.3 authentication messages, this means that the TLS 1.3 MVP
|
||||
supports the processing of the Certificate and CertificateVerify messages
|
||||
but not of the CertificateRequest message.
|
||||
|
||||
- The TLS 1.3 MVP does not support the handling of server HelloRetryRequest
|
||||
message. In practice, this means that the handshake will fail if the MVP
|
||||
does not provide in its ClientHello the shared secret associated to the
|
||||
group selected by the server for key establishement. For more information,
|
||||
see the comment associated to the `key_share` extension below.
|
||||
|
||||
- If the TLS 1.3 MVP receives a HelloRetryRequest or a CertificateRequest
|
||||
message, it aborts the handshake with an handshake_failure closure alert
|
||||
and the `mbedtls_ssl_handshake()` returns in error with the
|
||||
`MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
|
||||
|
||||
- Supported cipher suites: depends on the library configuration. Potentially
|
||||
all of them:
|
||||
TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,
|
||||
TLS_AES_128_CCM_SHA256 and TLS_AES_128_CCM_8_SHA256.
|
||||
|
||||
- Supported ClientHello extensions:
|
||||
|
||||
| Extension | MVP | Prototype (1) |
|
||||
| ---------------------------- | ------- | ------------- |
|
||||
| server_name | YES | YES |
|
||||
| max_fragment_length | no | YES |
|
||||
| status_request | no | no |
|
||||
| supported_groups | YES | YES |
|
||||
| signature_algorithms | YES | YES |
|
||||
| use_srtp | no | no |
|
||||
| heartbeat | no | no |
|
||||
| apln | no | YES |
|
||||
| signed_certificate_timestamp | no | no |
|
||||
| client_certificate_type | no | no |
|
||||
| server_certificate_type | no | no |
|
||||
| padding | no | no |
|
||||
| key_share | YES (2) | YES |
|
||||
| pre_shared_key | no | YES |
|
||||
| psk_key_exchange_modes | no | YES |
|
||||
| early_data | no | YES |
|
||||
| cookie | no | YES |
|
||||
| supported_versions | YES (3) | YES |
|
||||
| certificate_authorities | no | no |
|
||||
| post_handshake_auth | no | no |
|
||||
| signature_algorithms_cert | no | no |
|
||||
|
||||
(1) This is just for comparison.
|
||||
|
||||
(2) The MVP sends one shared secret corresponding to the configured preferred
|
||||
group. The preferred group is the group of the first curve in the list of
|
||||
allowed curves as defined by the configuration. The allowed curves are
|
||||
by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
|
||||
and finally `secp521r1`. This default order is aligned with the
|
||||
list of mandatory-to-implement groups (in absence of an application
|
||||
profile standard specifying otherwise) defined in section 9.1 of the
|
||||
specification. The list of allowed curves can be changed through the
|
||||
`mbedtls_ssl_conf_curves()` API.
|
||||
|
||||
(3) The MVP proposes only TLS 1.3 and does not support version negociation.
|
||||
Out-of-protocol fallback is supported though if the Mbed TLS library
|
||||
has been built to support both TLS 1.3 and TLS 1.2: just set the
|
||||
maximum of the minor version of the SSL configuration to
|
||||
MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and
|
||||
re-initiate a server handshake.
|
||||
|
||||
- Supported groups: depends on the library configuration.
|
||||
Potentially all ECDHE groups but x448:
|
||||
secp256r1, x25519, secp384r1 and secp521r1.
|
||||
|
||||
Finite field groups (DHE) are not supported.
|
||||
|
||||
- Supported signature algorithms (both for certificates and CertificateVerify):
|
||||
depends on the library configuration.
|
||||
Potentially:
|
||||
rsa_pkcs1_sha256, rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256,
|
||||
ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512.
|
||||
|
||||
Note that in absence of an application profile standard specifying otherwise
|
||||
the three first ones in the list above are mandatory (see section 9.1 of the
|
||||
specification).
|
||||
|
||||
- Supported versions: only TLS 1.3, version negotiation is not supported.
|
||||
|
||||
- Compatibility with existing SSL/TLS build options:
|
||||
|
||||
The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
|
||||
sense that when enabling the TLS 1.3 MVP in the library there is no need to
|
||||
modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
|
||||
not supported or not applicable to the TLS 1.3 MVP:
|
||||
|
||||
| Mbed TLS configuration option | Support |
|
||||
| ---------------------------------------- | ------- |
|
||||
| MBEDTLS_SSL_ALL_ALERT_MESSAGES | no |
|
||||
| MBEDTLS_SSL_ASYNC_PRIVATE | no |
|
||||
| MBEDTLS_SSL_CONTEXT_SERIALIZATION | no |
|
||||
| MBEDTLS_SSL_DEBUG_ALL | no |
|
||||
| MBEDTLS_SSL_ENCRYPT_THEN_MAC | n/a |
|
||||
| MBEDTLS_SSL_EXTENDED_MASTER_SECRET | n/a |
|
||||
| MBEDTLS_SSL_KEEP_PEER_CERTIFICATE | no |
|
||||
| MBEDTLS_SSL_RENEGOTIATION | n/a |
|
||||
| MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no |
|
||||
| | |
|
||||
| MBEDTLS_SSL_SESSION_TICKETS | no |
|
||||
| MBEDTLS_SSL_EXPORT_KEYS | no (1) |
|
||||
| MBEDTLS_SSL_SERVER_NAME_INDICATION | no |
|
||||
| MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no |
|
||||
| | |
|
||||
| MBEDTLS_ECP_RESTARTABLE | no |
|
||||
| MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no |
|
||||
| | |
|
||||
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
|
||||
| MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a |
|
||||
| | |
|
||||
| MBEDTLS_USE_PSA_CRYPTO | no |
|
||||
|
||||
(1) Some support has already been upstreamed but it is incomplete.
|
||||
(2) Key exchange configuration options for TLS 1.3 will likely to be
|
||||
organized around the notion of key exchange mode along the line
|
||||
of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
|
||||
runtime configuration macros.
|
||||
|
||||
- Quality considerations
|
||||
- Standard Mbed TLS review bar
|
||||
- Interoperability testing with OpenSSL and GnuTLS. Test with all the
|
||||
cipher suites and signature algorithms supported by OpenSSL/GnuTLS server.
|
||||
- Negative testing against OpenSSL/GnuTLS servers with which the
|
||||
handshake fails due to incompatibility with the capabilities of the
|
||||
MVP: TLS 1.2 or 1.1 server, server sending an HelloRetryRequest message in
|
||||
response to the MVP ClientHello, server sending a CertificateRequest
|
||||
message ...
|
||||
|
||||
Coding rules checklist for TLS 1.3
|
||||
----------------------------------
|
||||
|
||||
The following coding rules are aimed to be a checklist for TLS 1.3 upstreaming
|
||||
work to reduce review rounds and the number of comments in each round. They
|
||||
come along (do NOT replace) the project coding rules
|
||||
(https://tls.mbed.org/kb/development/mbedtls-coding-standards). They have been
|
||||
established and discussed following the review of #4882 that was the
|
||||
PR upstreaming the first part of TLS 1.3 ClientHello writing code.
|
||||
|
||||
TLS 1.3 specific coding rules:
|
||||
|
||||
- TLS 1.3 specific C modules, headers, static functions names are prefixed
|
||||
with `ssl_tls13_`. The same applies to structures and types that are
|
||||
internal to C modules.
|
||||
|
||||
- TLS 1.3 specific exported functions, structures and types are
|
||||
prefixed with `mbedtls_ssl_tls13_`.
|
||||
|
||||
- Use TLS1_3 in TLS 1.3 specific macros.
|
||||
|
||||
- The names of macros and variables related to a field or structure in the
|
||||
TLS 1.3 specification should contain as far as possible the field name as
|
||||
it is in the specification. If the field name is "too long" and we prefer
|
||||
to introduce some kind of abbreviation of it, use the same abbreviation
|
||||
everywhere in the code.
|
||||
|
||||
Example 1: #define CLIENT_HELLO_RANDOM_LEN 32, macro for the length of the
|
||||
`random` field of the ClientHello message.
|
||||
|
||||
Example 2 (consistent abbreviation): `mbedtls_ssl_tls13_write_sig_alg_ext()`
|
||||
and `MBEDTLS_TLS_EXT_SIG_ALG`, `sig_alg` standing for
|
||||
`signature_algorithms`.
|
||||
|
||||
- Regarding vectors that are represented by a length followed by their value
|
||||
in the data exchanged between servers and clients:
|
||||
|
||||
- Use `<vector name>_len` for the name of a variable used to compute the
|
||||
length in bytes of the vector, where <vector name> is the name of the
|
||||
vector as defined in the TLS 1.3 specification.
|
||||
|
||||
- Use `p_<vector_name>_len` for the name of a variable intended to hold
|
||||
the address of the first byte of the vector length.
|
||||
|
||||
- Use `<vector_name>` for the name of a variable intended to hold the
|
||||
address of the first byte of the vector value.
|
||||
|
||||
- Use `<vector_name>_end` for the name of a variable intended to hold
|
||||
the address of the first byte past the vector value.
|
||||
|
||||
Those idioms should lower the risk of mis-using one of the address in place
|
||||
of another one which could potentially lead to some nasty issues.
|
||||
|
||||
Example: `cipher_suites` vector of ClientHello in
|
||||
`ssl_tls13_write_client_hello_cipher_suites()`
|
||||
```
|
||||
size_t cipher_suites_len;
|
||||
unsigned char *p_cipher_suites_len;
|
||||
unsigned char *cipher_suites;
|
||||
```
|
||||
|
||||
- Where applicable, use:
|
||||
- the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}.
|
||||
- the macros to write in memory in big-endian order a multi-byte integer
|
||||
MBEDTLS_PUT_UINT{8|16|32|64}_BE.
|
||||
- the macros to read from memory a multi-byte integer in big-endian order
|
||||
MBEDTLS_GET_UINT{8|16|32|64}_BE.
|
||||
- the macro to check for space when writing into an output buffer
|
||||
`MBEDTLS_SSL_CHK_BUF_PTR`.
|
||||
- the macro to check for data when reading from an input buffer
|
||||
`MBEDTLS_SSL_CHK_BUF_READ_PTR`.
|
||||
|
||||
These macros were introduced after the prototype was written thus are
|
||||
likely not to be used in prototype where we now would use them in
|
||||
development.
|
||||
|
||||
The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE
|
||||
and MBEDTLS_GET_UINT{8|16|32|64}_BE improve the readability of the code and
|
||||
reduce the risk of writing or reading bytes in the wrong order.
|
||||
|
||||
The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and
|
||||
`MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and
|
||||
reduce the risk of error in the non-completely-trivial arithmetic to
|
||||
check that we do not write or read past the end of a data buffer. The
|
||||
usage of those macros combined with the following rule mitigate the risk
|
||||
to read/write past the end of a data buffer.
|
||||
|
||||
Examples:
|
||||
```
|
||||
hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
|
||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
|
||||
```
|
||||
|
||||
- To mitigate what happened here
|
||||
(https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
|
||||
happening again, use always a local variable named `p` for the reading
|
||||
pointer in functions parsing TLS 1.3 data, and for the writing pointer in
|
||||
functions writing data into an output buffer and only that variable. The
|
||||
name `p` has been chosen as it was already widely used in TLS code.
|
||||
|
||||
- When an TLS 1.3 structure is written or read by a function or as part of
|
||||
a function, provide as documentation the definition of the structure as
|
||||
it is in the TLS 1.3 specification.
|
||||
|
||||
General coding rules:
|
||||
|
||||
- We prefer grouping "related statement lines" by not adding blank lines
|
||||
between them.
|
||||
|
||||
Example 1:
|
||||
```
|
||||
ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
buf += output_len;
|
||||
```
|
||||
|
||||
Example 2:
|
||||
```
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 );
|
||||
MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 );
|
||||
cipher_suites_iter += 2;
|
||||
```
|
||||
|
||||
- Use macros for constants that are used in different functions, different
|
||||
places in the code. When a constant is used only locally in a function
|
||||
(like the length in bytes of the vector lengths in functions reading and
|
||||
writing TLS handshake message) there is no need to define a macro for it.
|
||||
|
||||
Example: `#define CLIENT_HELLO_RANDOM_LEN 32`
|
||||
|
||||
- When declaring a pointer the dereferencing operator should be prepended to
|
||||
the pointer name not appended to the pointer type:
|
||||
|
||||
Example: `mbedtls_ssl_context *ssl;`
|
||||
|
||||
- Maximum line length is 80 characters.
|
||||
|
||||
Exceptions:
|
||||
|
||||
- string literals can extend beyond 80 characters as we do not want to
|
||||
split them to ease their search in the code base.
|
||||
|
||||
- A line can be more than 80 characters by a few characters if just looking
|
||||
at the 80 first characters is enough to fully understand the line. For
|
||||
example it is generally fine if some closure characters like ";" or ")"
|
||||
are beyond the 80 characters limit.
|
||||
|
||||
If a line becomes too long due to a refactoring (for example renaming a
|
||||
function to a longer name, or indenting a block more), avoid rewrapping
|
||||
lines in the same commit: it makes the review harder. Make one commit with
|
||||
the longer lines and another commit with just the rewrapping.
|
||||
|
||||
- When in successive lines, functions and macros parameters should be aligned
|
||||
vertically.
|
||||
|
||||
Example:
|
||||
```
|
||||
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
|
||||
unsigned hs_type,
|
||||
unsigned char **buf,
|
||||
size_t *buf_len );
|
||||
```
|
||||
|
||||
- When a function's parameters span several lines, group related parameters
|
||||
together if possible.
|
||||
|
||||
For example, prefer:
|
||||
|
||||
```
|
||||
mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type,
|
||||
buf, buf_len );
|
||||
```
|
||||
over
|
||||
```
|
||||
mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf,
|
||||
buf_len );
|
||||
```
|
||||
even if it fits.
|
||||
|
|
204
docs/use-psa-crypto.md
Normal file
204
docs/use-psa-crypto.md
Normal file
|
@ -0,0 +1,204 @@
|
|||
This document describes the compile-time configuration option
|
||||
`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective, more specifically its
|
||||
current effects as well as the parts that aren't covered yet.
|
||||
|
||||
Current effects
|
||||
===============
|
||||
|
||||
General limitations
|
||||
-------------------
|
||||
|
||||
Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires
|
||||
`MBEDTLS_ECP_RESTARTABLE` and
|
||||
`MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` to be disabled.
|
||||
|
||||
Effect: `MBEDTLS_USE_PSA_CRYPTO` currently has no effect on TLS 1.3 (which is
|
||||
itself experimental and only partially supported so far): TLS 1.3 always uses
|
||||
the legacy APIs even when this option is set.
|
||||
|
||||
Stability: any API that's only available when `MBEDTLS_USE_PSA_CRYPTO` is
|
||||
defined is considered experimental and may change in incompatible ways at any
|
||||
time. Said otherwise, these APIs are explicitly excluded from the usual API
|
||||
stability promises.
|
||||
|
||||
New APIs / API extensions
|
||||
-------------------------
|
||||
|
||||
Some of these APIs are meant for the application to use in place of
|
||||
pre-existing APIs, in order to get access to the benefits; in the sub-sections
|
||||
below these are indicated by "Use in (X.509 and) TLS: opt-in", meaning that
|
||||
this requires changes to the application code for the (X.509 and) TLS layers
|
||||
to pick up the improvements.
|
||||
|
||||
Some of these APIs are mostly meant for internal use by the TLS (and X.509)
|
||||
layers; they are indicated below by "Use in (X.509 and) TLS: automatic",
|
||||
meaning that no changes to the application code are required for the TLS (and
|
||||
X.509) layers to pick up the improvements.
|
||||
|
||||
### PSA-held (opaque) keys in the PK layer
|
||||
|
||||
There is a new API function `mbedtls_pk_setup_opaque()` that can be used to
|
||||
wrap a PSA keypair into a PK context. The key can be used for private-key
|
||||
operations and its public part can be exported.
|
||||
|
||||
Benefits: isolation of long-term secrets, use of PSA Crypto drivers.
|
||||
|
||||
Limitations: only for private keys, only ECC. (That is, only ECDSA signature
|
||||
generation. Note: currently this will use randomized ECDSA while Mbed TLS uses
|
||||
deterministic ECDSA by default.) The following operations are not supported
|
||||
with a context set this way, while they would be available with a normal
|
||||
`ECKEY` context: `mbedtls_pk_verify()`, `mbedtls_pk_check_pair()`,
|
||||
`mbedtls_pk_debug()`.
|
||||
|
||||
Use in X.509 and TLS: opt-in. The application needs to construct the PK context
|
||||
using the new API in order to get the benefits; it can then pass the
|
||||
resulting context to the following existing APIs:
|
||||
|
||||
- `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the
|
||||
key together with a certificate for ECDSA-based key exchanges (note: while
|
||||
this is supported on both sides, it's currently only tested client-side);
|
||||
- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
|
||||
request).
|
||||
|
||||
In the TLS and X.509 API, there are two other functions which accept a key or
|
||||
keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
|
||||
`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
|
||||
works but is so far untested.
|
||||
|
||||
### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
|
||||
|
||||
There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
|
||||
`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
|
||||
register a PSA key for use with a PSK key exchange.
|
||||
|
||||
Benefits: isolation of long-term secrets.
|
||||
|
||||
Limitations: the key can only be used with "pure"
|
||||
PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
|
||||
exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
|
||||
the user to make sure that when provisioning an opaque pre-shared key, the
|
||||
only PSK ciphersuites that can be negotiated are "pure" PSK; other XXX-PSK key
|
||||
exchanges will result in a handshake failure with the handshake function
|
||||
returning `MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`.
|
||||
|
||||
Use in TLS: opt-in. The application needs to register the key using the new
|
||||
APIs to get the benefits.
|
||||
|
||||
### PSA-based operations in the Cipher layer
|
||||
|
||||
There is a new API function `mbedtls_cipher_setup_psa()` to set up a context
|
||||
that will call PSA to store the key and perform the operations.
|
||||
|
||||
Benefits: use of PSA Crypto drivers; partial isolation of short-term secrets
|
||||
(still generated outside of PSA, but then held by PSA).
|
||||
|
||||
Limitations: the key is still passed in the clear by the application. The
|
||||
multi-part APIs are not supported, only the one-shot APIs. The only modes
|
||||
supported are ECB, CBC without padding, GCM and CCM (this excludes stream
|
||||
ciphers and ChachaPoly); the only cipher supported is AES (this excludes Aria,
|
||||
Camellia, and ChachaPoly). (Note: ECB is currently not tested.) (Note: it is
|
||||
possible to perform multiple one-shot operations with the same context;
|
||||
however this is not unit-tested, only tested via usage in TLS.)
|
||||
|
||||
Use in TLS: automatic. Used when the cipher and mode is supported (with
|
||||
gracious fallback to the legacy API otherwise) in all places where a cipher is
|
||||
used. There are two such places: in `ssl_tls.c` for record protection, and in
|
||||
`ssl_ticket.c` for protecting tickets we issue.
|
||||
|
||||
Internal changes
|
||||
----------------
|
||||
|
||||
All of these internal changes are active as soon as `MBEDTLS_USE_PSA_CRYPTO`
|
||||
is enabled, no change required on the application side.
|
||||
|
||||
### TLS: cipher operations based on PSA
|
||||
|
||||
See "PSA-based operations in the Cipher layer" above.
|
||||
|
||||
### PK layer: ECDSA verification based on PSA
|
||||
|
||||
Scope: `mbedtls_pk_verify()` will call to PSA for ECDSA signature
|
||||
verification.
|
||||
|
||||
Benefits: use of PSA Crypto drivers.
|
||||
|
||||
Use in TLS and X.509: in all places where an ECDSA signature is verified.
|
||||
|
||||
### TLS: ECDHE computation based on PSA
|
||||
|
||||
Scope: Client-side, for ECDHE-RSA and ECDHE-ECDSA key exchanges, the
|
||||
computation of the ECDHE key exchange is done by PSA.
|
||||
|
||||
Limitations: client-side only, ECDHE-PSK not covered
|
||||
|
||||
Benefits: use of PSA Crypto drivers.
|
||||
|
||||
### TLS: handshake hashes and PRF computed with PSA
|
||||
|
||||
Scope: with TLS 1.2, the following are computed with PSA:
|
||||
- the running handshake hashes;
|
||||
- the hash of the ServerKeyExchange part that is signed;
|
||||
- the `verify_data` part of the Finished message;
|
||||
- the TLS PRF.
|
||||
|
||||
Benefits: use of PSA Crypto drivers.
|
||||
|
||||
### X.509: some hashes computed with PSA
|
||||
|
||||
Scope: the following hashes are computed with PSA:
|
||||
- when verifying a certificate chain, hash of the child for verifying the
|
||||
parent's signature;
|
||||
- when writing a CSR, hash of the request for self-signing the request.
|
||||
|
||||
Benefits: use of PSA Crypto drivers.
|
||||
|
||||
Parts that are not covered yet
|
||||
==============================
|
||||
|
||||
This is only a high-level overview, grouped by theme
|
||||
|
||||
TLS: 1.3 experimental support
|
||||
-----------------------------
|
||||
|
||||
No part of the experimental support for TLS 1.3 is covered at the moment.
|
||||
|
||||
TLS: key exchanges / asymmetric crypto
|
||||
--------------------------------------
|
||||
|
||||
The following key exchanges are not covered at all:
|
||||
|
||||
- RSA
|
||||
- DHE-RSA
|
||||
- DHE-PSK
|
||||
- RSA-PSK
|
||||
- ECDHE-PSK
|
||||
- ECDH-RSA
|
||||
- ECDH-ECDSA
|
||||
- ECJPAKE
|
||||
|
||||
The following key exchanges are only partially covered:
|
||||
|
||||
- ECDHE-RSA: RSA operations are not covered and, server-side, the ECDHE
|
||||
operation isn't either
|
||||
- ECDHE-ECDSA: server-side, the ECDHE operation isn't covered. (ECDSA
|
||||
signature generation is only covered if using `mbedtls_pk_setup_opaque()`.)
|
||||
|
||||
PSK if covered when the application uses `mbedtls_ssl_conf_psk_opaque()` or
|
||||
`mbedtls_ssl_set_hs_psk_opaque()`.
|
||||
|
||||
TLS: symmetric crypto
|
||||
---------------------
|
||||
|
||||
- some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent
|
||||
fallback to the legacy APIs)
|
||||
- the HMAC part of the CBC and NULL ciphersuites
|
||||
- the HMAC computation in `ssl_cookie.c`
|
||||
|
||||
X.509
|
||||
-----
|
||||
|
||||
- most hash operations are still done via the legacy API, except the few that
|
||||
are documented above as using PSA
|
||||
- RSA PKCS#1 v1.5 signature generation (from PSA-held keys)
|
||||
- RSA PKCS#1 v1.5 signature verification
|
||||
- RSA-PSS signature verification
|
|
@ -42,6 +42,7 @@
|
|||
#include "mbedtls/private_access.h"
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
@ -163,6 +164,7 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
|
|||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
|
@ -181,6 +183,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
|
@ -201,6 +204,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -221,6 +225,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
|||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -249,6 +254,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
|||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
|
@ -296,6 +302,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -340,6 +347,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
* smaller than an AES block in size (16 Bytes) or if \p
|
||||
* length is larger than 2^20 blocks (16 MiB).
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -388,6 +396,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -432,6 +441,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -486,6 +496,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
|
@ -500,10 +511,6 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
|||
* \brief This function performs an AES-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aes_setkey_enc()
|
||||
|
@ -572,6 +579,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
|
@ -592,6 +600,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
@ -607,6 +616,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
@ -618,6 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -152,9 +152,9 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_asn1_buf
|
||||
{
|
||||
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
|
||||
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
|
||||
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
|
||||
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
|
||||
}
|
||||
mbedtls_asn1_buf;
|
||||
|
||||
|
@ -163,9 +163,9 @@ mbedtls_asn1_buf;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_bitstring
|
||||
{
|
||||
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
|
||||
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
|
||||
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
|
||||
unsigned char *p; /**< Raw ASN1 data for the bit string */
|
||||
}
|
||||
mbedtls_asn1_bitstring;
|
||||
|
||||
|
@ -174,8 +174,16 @@ mbedtls_asn1_bitstring;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_sequence
|
||||
{
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
|
||||
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
|
||||
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
|
||||
|
||||
/** The next entry in the sequence.
|
||||
*
|
||||
* The details of memory management for sequences are not documented and
|
||||
* may change in future versions. Set this field to \p NULL when
|
||||
* initializing a structure, and do not modify it except via Mbed TLS
|
||||
* library functions.
|
||||
*/
|
||||
struct mbedtls_asn1_sequence *next;
|
||||
}
|
||||
mbedtls_asn1_sequence;
|
||||
|
||||
|
@ -184,10 +192,24 @@ mbedtls_asn1_sequence;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_named_data
|
||||
{
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
|
||||
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
|
||||
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
|
||||
mbedtls_asn1_buf oid; /**< The object identifier. */
|
||||
mbedtls_asn1_buf val; /**< The named value. */
|
||||
|
||||
/** The next entry in the sequence.
|
||||
*
|
||||
* The details of memory management for named data sequences are not
|
||||
* documented and may change in future versions. Set this field to \p NULL
|
||||
* when initializing a structure, and do not modify it except via Mbed TLS
|
||||
* library functions.
|
||||
*/
|
||||
struct mbedtls_asn1_named_data *next;
|
||||
|
||||
/** Merge next item into the current one?
|
||||
*
|
||||
* This field exists for the sake of Mbed TLS's X.509 certificate parsing
|
||||
* code and may change in future versions of the library.
|
||||
*/
|
||||
unsigned char MBEDTLS_PRIVATE(next_merged);
|
||||
}
|
||||
mbedtls_asn1_named_data;
|
||||
|
||||
|
|
|
@ -76,7 +76,27 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_ccm_context
|
||||
{
|
||||
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */
|
||||
unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */
|
||||
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
|
||||
size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */
|
||||
size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */
|
||||
size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */
|
||||
size_t MBEDTLS_PRIVATE(processed); /*!< Track how many bytes of input data
|
||||
were processed (chunked input).
|
||||
Used independently for both auth data
|
||||
and plaintext/ciphertext.
|
||||
This variable is set to zero after
|
||||
auth data input is finished. */
|
||||
unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */
|
||||
unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
|
||||
#MBEDTLS_CCM_ENCRYPT or
|
||||
#MBEDTLS_CCM_DECRYPT or
|
||||
#MBEDTLS_CCM_STAR_ENCRYPT or
|
||||
#MBEDTLS_CCM_STAR_DECRYPT. */
|
||||
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
|
||||
state. Used for chunked data
|
||||
input */
|
||||
}
|
||||
mbedtls_ccm_context;
|
||||
|
||||
|
@ -178,6 +198,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \param ctx The CCM context to use for encryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* For tag length = 0, input length is ignored.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
|
@ -259,6 +280,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \param ctx The CCM context to use for decryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* For tag length = 0, input length is ignored.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
|
|
|
@ -140,9 +140,15 @@ typedef enum {
|
|||
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
|
||||
|
@ -161,6 +167,9 @@ typedef enum {
|
|||
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
|
||||
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
|
||||
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
|
||||
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
|
||||
|
@ -187,6 +196,7 @@ typedef enum {
|
|||
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
|
||||
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
|
||||
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */
|
||||
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
|
||||
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
|
||||
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
|
||||
|
@ -258,6 +268,13 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
|||
/**
|
||||
* Cipher information. Allows calling cipher functions
|
||||
* in a generic way.
|
||||
*
|
||||
* \note The library does not support custom cipher info structures,
|
||||
* only built-in structures returned by the functions
|
||||
* mbedtls_cipher_info_from_string(),
|
||||
* mbedtls_cipher_info_from_type(),
|
||||
* mbedtls_cipher_info_from_values(),
|
||||
* mbedtls_cipher_info_from_psa().
|
||||
*/
|
||||
typedef struct mbedtls_cipher_info_t
|
||||
{
|
||||
|
@ -414,6 +431,82 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
|
|||
int key_bitlen,
|
||||
const mbedtls_cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief Retrieve the identifier for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( MBEDTLS_CIPHER_NONE );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(type) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the operation mode for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The cipher mode (\c MBEDTLS_MODE_xxx).
|
||||
* \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( MBEDTLS_MODE_NONE );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(mode) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the key size for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The key length in bits.
|
||||
* For variable-sized ciphers, this is the default length.
|
||||
* For DES, this includes the parity bits.
|
||||
* \return \c 0 if \p info is \c NULL.
|
||||
*/
|
||||
static inline size_t mbedtls_cipher_info_get_key_bitlen(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( 0 );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(key_bitlen) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the human-readable name for a
|
||||
* cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The cipher name, which is a human readable string,
|
||||
* with static storage duration.
|
||||
* \return \c NULL if \c info is \p NULL.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_info_get_name(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( NULL );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(name) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function initializes a \p cipher_context as NONE.
|
||||
*
|
||||
|
|
|
@ -56,6 +56,12 @@ extern "C" {
|
|||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
|
||||
#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
|
@ -267,6 +273,18 @@ extern "C" {
|
|||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ARIA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
|
||||
#define MBEDTLS_ARIA_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ARIA */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
|
||||
|
@ -301,6 +319,7 @@ extern "C" {
|
|||
* PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
|
||||
* situations. */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
|
||||
|
@ -381,6 +400,7 @@ extern "C" {
|
|||
#if defined(PSA_WANT_ALG_CCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define MBEDTLS_CCM_C
|
||||
|
@ -390,6 +410,7 @@ extern "C" {
|
|||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
|
||||
#define MBEDTLS_GCM_C
|
||||
|
@ -586,7 +607,7 @@ extern "C" {
|
|||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
|
||||
#endif /* MBEDTLSS_PKCS1_V15 */
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
|
||||
#define PSA_WANT_ALG_RSA_OAEP 1
|
||||
|
@ -629,6 +650,11 @@ extern "C" {
|
|||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
#define PSA_WANT_KEY_TYPE_ARIA 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
|
||||
|
@ -660,7 +686,7 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
|
||||
defined(MBEDTLS_CAMELLIA_C)
|
||||
defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
||||
#endif
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#include "mbedtls/private_access.h"
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
@ -139,6 +140,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
|
@ -152,6 +154,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
|
@ -166,6 +169,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
|
@ -180,6 +184,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
|
@ -190,6 +195,7 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
|
|||
*
|
||||
* \return 0
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
||||
|
||||
|
@ -201,6 +207,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
|||
*
|
||||
* \return 0
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
||||
|
||||
|
@ -212,6 +219,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
|||
*
|
||||
* \return 0
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
||||
|
||||
|
@ -223,6 +231,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
|||
*
|
||||
* \return 0
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
||||
|
||||
|
@ -239,6 +248,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||
const unsigned char input[8],
|
||||
unsigned char output[8] );
|
||||
|
@ -266,6 +276,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -283,6 +294,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
||||
const unsigned char input[8],
|
||||
unsigned char output[8] );
|
||||
|
@ -308,6 +320,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
|||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
|
@ -338,6 +351,7 @@ void mbedtls_des_setkey( uint32_t SK[32],
|
|||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_des_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -130,10 +130,8 @@ typedef enum
|
|||
|
||||
/**
|
||||
* The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
|
||||
*
|
||||
* \note Montgomery curves are currently excluded.
|
||||
*/
|
||||
#define MBEDTLS_ECP_DP_MAX 12
|
||||
#define MBEDTLS_ECP_DP_MAX 14
|
||||
|
||||
/*
|
||||
* Curve types
|
||||
|
@ -147,13 +145,17 @@ typedef enum
|
|||
|
||||
/**
|
||||
* Curve information, for use by other modules.
|
||||
*
|
||||
* The fields of this structure are part of the public API and can be
|
||||
* accessed directly by applications. Future versions of the library may
|
||||
* add extra fields or reorder existing fields.
|
||||
*/
|
||||
typedef struct mbedtls_ecp_curve_info
|
||||
{
|
||||
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
|
||||
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
|
||||
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
|
||||
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
|
||||
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
|
||||
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
|
||||
uint16_t bit_size; /*!< The curve size in bits. */
|
||||
const char *name; /*!< A human-friendly name. */
|
||||
} mbedtls_ecp_curve_info;
|
||||
|
||||
/**
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
* Module Nr Codes assigned
|
||||
* ERROR 2 0x006E 0x0001
|
||||
* MPI 7 0x0002-0x0010
|
||||
* GCM 3 0x0012-0x0014 0x0013-0x0013
|
||||
* GCM 3 0x0012-0x0016 0x0013-0x0013
|
||||
* THREADING 3 0x001A-0x001E
|
||||
* AES 5 0x0020-0x0022 0x0021-0x0025
|
||||
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
|
||||
|
|
|
@ -45,6 +45,8 @@
|
|||
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
|
||||
/** Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
|
||||
/** An output buffer is too small. */
|
||||
#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0016
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -520,6 +520,29 @@
|
|||
*/
|
||||
//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CHECK_RETURN_WARNING
|
||||
*
|
||||
* If this macro is defined, emit a compile-time warning if application code
|
||||
* calls a function without checking its return value, but the return value
|
||||
* should generally be checked in portable applications.
|
||||
*
|
||||
* This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
|
||||
* implemented. Otherwise this option has no effect.
|
||||
*
|
||||
* Uncomment to get warnings on using fallible functions without checking
|
||||
* their return value.
|
||||
*
|
||||
* \note This feature is a work in progress.
|
||||
* Warnings will be added to more functions in the future.
|
||||
*
|
||||
* \note A few functions are considered critical, and ignoring the return
|
||||
* value of these functions will trigger a warning even if this
|
||||
* macro is not defined. To completely disable return value check
|
||||
* warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
|
||||
*/
|
||||
//#define MBEDTLS_CHECK_RETURN_WARNING
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CIPHER_MODE_CBC
|
||||
*
|
||||
|
@ -1598,16 +1621,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_SESSION_TICKETS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_EXPORT_KEYS
|
||||
*
|
||||
* Enable support for exporting key block and master secret.
|
||||
* This is required for certain users of TLS, e.g. EAP-TLS.
|
||||
*
|
||||
* Comment this macro to disable support for key export
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXPORT_KEYS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
|
||||
*
|
||||
|
@ -1718,15 +1731,13 @@
|
|||
* will still continue to work as usual, so enabling this option should not
|
||||
* break backwards compatibility.
|
||||
*
|
||||
* \warning The PSA Crypto API is in beta stage. While you're welcome to
|
||||
* experiment using it, incompatible API changes are still possible, and some
|
||||
* parts may not have reached the same quality as the rest of Mbed TLS yet.
|
||||
* \note See docs/use-psa-crypto.md for a complete description of what this
|
||||
* option currently does, and of parts that are not affected by it so far.
|
||||
*
|
||||
* \warning This option enables new Mbed TLS APIs that are dependent on the
|
||||
* PSA Crypto API, so can't come with the same stability guarantees as the
|
||||
* rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
|
||||
* now, access to these APIs is opt-in (via enabling the present option), in
|
||||
* order to clearly differentiate them from the stable Mbed TLS APIs.
|
||||
* \warning This option enables new Mbed TLS APIs which are currently
|
||||
* considered experimental and may change in incompatible ways at any time.
|
||||
* That is, the APIs enabled by this option are not covered by the usual
|
||||
* promises of API stability.
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
||||
*
|
||||
|
@ -2592,10 +2603,6 @@
|
|||
*
|
||||
* Enable the Platform Security Architecture cryptography API.
|
||||
*
|
||||
* \warning The PSA Crypto API is still beta status. While you're welcome to
|
||||
* experiment using it, incompatible API changes are still possible, and some
|
||||
* parts may not have reached the same quality as the rest of Mbed TLS yet.
|
||||
*
|
||||
* Module: library/psa_crypto.c
|
||||
*
|
||||
* Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
|
||||
|
@ -3073,6 +3080,29 @@
|
|||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
|
||||
/** \def MBEDTLS_CHECK_RETURN
|
||||
*
|
||||
* This macro is used at the beginning of the declaration of a function
|
||||
* to indicate that its return value should be checked. It should
|
||||
* instruct the compiler to emit a warning or an error if the function
|
||||
* is called without checking its return value.
|
||||
*
|
||||
* There is a default implementation for popular compilers in platform_util.h.
|
||||
* You can override the default implementation by defining your own here.
|
||||
*
|
||||
* If the implementation here is empty, this will effectively disable the
|
||||
* checking of functions' return values.
|
||||
*/
|
||||
//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
|
||||
|
||||
/** \def MBEDTLS_IGNORE_RETURN
|
||||
*
|
||||
* This macro requires one argument, which should be a C function call.
|
||||
* If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
|
||||
* warning is suppressed.
|
||||
*/
|
||||
//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
|
||||
|
||||
/* PSA options */
|
||||
/**
|
||||
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
|
||||
|
@ -3179,7 +3209,7 @@
|
|||
* Maximum number of heap-allocated bytes for the purpose of
|
||||
* DTLS handshake message reassembly and future message buffering.
|
||||
*
|
||||
* This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
|
||||
* This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
|
||||
* to account for a reassembled handshake message of maximum size,
|
||||
* together with its reassembly bitmap.
|
||||
*
|
||||
|
@ -3194,6 +3224,17 @@
|
|||
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||
|
||||
/** \def MBEDTLS_TLS_EXT_CID
|
||||
*
|
||||
* At the time of writing, the CID extension has not been assigned its
|
||||
* final value. Set this configuration option to make Mbed TLS use a
|
||||
* different value.
|
||||
*
|
||||
* A future minor revision of Mbed TLS may change the default value of
|
||||
* this option to match evolving standards and usage.
|
||||
*/
|
||||
//#define MBEDTLS_TLS_EXT_CID 254
|
||||
|
||||
/**
|
||||
* Complete list of ciphersuites to use, in order of preference.
|
||||
*
|
||||
|
|
|
@ -94,7 +94,13 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_net_context
|
||||
{
|
||||
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
|
||||
/** The underlying file descriptor.
|
||||
*
|
||||
* This field is only guaranteed to be present on POSIX/Unix-like platforms.
|
||||
* On other platforms, it may have a different type, have a different
|
||||
* meaning, or be absent altogether.
|
||||
*/
|
||||
int fd;
|
||||
}
|
||||
mbedtls_net_context;
|
||||
|
||||
|
|
|
@ -186,6 +186,10 @@ typedef struct mbedtls_pk_debug_item
|
|||
|
||||
/**
|
||||
* \brief Public key information and operations
|
||||
*
|
||||
* \note The library does not support custom pk info structures,
|
||||
* only built-in structures returned by
|
||||
* mbedtls_cipher_info_from_type().
|
||||
*/
|
||||
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
|
||||
|
||||
|
|
|
@ -42,10 +42,6 @@ extern "C" {
|
|||
/* Internal helper macros for deprecating API constants. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
|
||||
* to avoid conflict with other headers which define and use
|
||||
* it, too. We might want to move all these definitions here at
|
||||
* some point for uniformity. */
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
|
@ -53,13 +49,102 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
|
|||
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#else /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/* Implementation of the check-return facility.
|
||||
* See the user documentation in mbedtls_config.h.
|
||||
*
|
||||
* Do not use this macro directly to annotate function: instead,
|
||||
* use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
* depending on how important it is to check the return value.
|
||||
*/
|
||||
#if !defined(MBEDTLS_CHECK_RETURN)
|
||||
#if defined(__GNUC__)
|
||||
#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
|
||||
#elif defined(_MSC_VER) && _MSC_VER >= 1700
|
||||
#include <sal.h>
|
||||
#define MBEDTLS_CHECK_RETURN _Check_return_
|
||||
#else
|
||||
#define MBEDTLS_CHECK_RETURN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/** Critical-failure function
|
||||
*
|
||||
* This macro appearing at the beginning of the declaration of a function
|
||||
* indicates that its return value should be checked in all applications.
|
||||
* Omitting the check is very likely to indicate a bug in the application
|
||||
* and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
|
||||
* is implemented for the compiler in use.
|
||||
*
|
||||
* \note The use of this macro is a work in progress.
|
||||
* This macro may be added to more functions in the future.
|
||||
* Such an extension is not considered an API break, provided that
|
||||
* there are near-unavoidable circumstances under which the function
|
||||
* can fail. For example, signature/MAC/AEAD verification functions,
|
||||
* and functions that require a random generator, are considered
|
||||
* return-check-critical.
|
||||
*/
|
||||
#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
|
||||
|
||||
/** Ordinary-failure function
|
||||
*
|
||||
* This macro appearing at the beginning of the declaration of a function
|
||||
* indicates that its return value should be generally be checked in portable
|
||||
* applications. Omitting the check will result in a compile-time warning if
|
||||
* #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
|
||||
* #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
|
||||
*
|
||||
* You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
|
||||
* of a function that is annotated with #MBEDTLS_CHECK_RETURN.
|
||||
*
|
||||
* \note The use of this macro is a work in progress.
|
||||
* This macro will be added to more functions in the future.
|
||||
* Eventually this should appear before most functions returning
|
||||
* an error code (as \c int in the \c mbedtls_xxx API or
|
||||
* as ::psa_status_t in the \c psa_xxx API).
|
||||
*/
|
||||
#if defined(MBEDTLS_CHECK_RETURN_WARNING)
|
||||
#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
|
||||
#else
|
||||
#define MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
#endif
|
||||
|
||||
/** Benign-failure function
|
||||
*
|
||||
* This macro appearing at the beginning of the declaration of a function
|
||||
* indicates that it is rarely useful to check its return value.
|
||||
*
|
||||
* This macro has an empty expansion. It exists for documentation purposes:
|
||||
* a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
|
||||
* has been analyzed for return-check usefuless, whereas the lack of
|
||||
* an annotation indicates that the function has not been analyzed and its
|
||||
* return-check usefulness is unknown.
|
||||
*/
|
||||
#define MBEDTLS_CHECK_RETURN_OPTIONAL
|
||||
|
||||
/** \def MBEDTLS_IGNORE_RETURN
|
||||
*
|
||||
* Call this macro with one argument, a function call, to suppress a warning
|
||||
* from #MBEDTLS_CHECK_RETURN due to that function call.
|
||||
*/
|
||||
#if !defined(MBEDTLS_IGNORE_RETURN)
|
||||
/* GCC doesn't silence the warning with just (void)(result).
|
||||
* (void)!(result) is known to work up at least up to GCC 10, as well
|
||||
* as with Clang and MSVC.
|
||||
*
|
||||
* https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
|
||||
* https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
|
||||
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
|
||||
*/
|
||||
#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
|
|
|
@ -51,18 +51,27 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
|
|||
case MBEDTLS_CIPHER_AES_128_CCM:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_128_GCM:
|
||||
case MBEDTLS_CIPHER_AES_192_GCM:
|
||||
case MBEDTLS_CIPHER_AES_256_GCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CBC:
|
||||
case MBEDTLS_CIPHER_AES_192_CBC:
|
||||
case MBEDTLS_CIPHER_AES_256_CBC:
|
||||
case MBEDTLS_CIPHER_AES_128_ECB:
|
||||
case MBEDTLS_CIPHER_AES_192_ECB:
|
||||
case MBEDTLS_CIPHER_AES_256_ECB:
|
||||
return( PSA_KEY_TYPE_AES );
|
||||
|
||||
/* ARIA not yet supported in PSA. */
|
||||
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_128_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_GCM:
|
||||
|
@ -87,6 +96,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
|
|||
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
|
||||
case MBEDTLS_MODE_CCM:
|
||||
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
|
||||
case MBEDTLS_MODE_CCM_STAR_NO_TAG:
|
||||
return PSA_ALG_CCM_STAR_NO_TAG;
|
||||
case MBEDTLS_MODE_CBC:
|
||||
if( taglen == 0 )
|
||||
return( PSA_ALG_CBC_NO_PADDING );
|
||||
|
@ -369,7 +380,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
|
|||
if( curve_info == NULL )
|
||||
return( 0 );
|
||||
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
|
||||
mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
|
||||
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
|
|
|
@ -167,6 +167,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
* for SHA-256, \c 28 bytes for SHA-224.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
*/
|
||||
#ifndef MBEDTLS_SSL_H
|
||||
#define MBEDTLS_SSL_H
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/private_access.h"
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
@ -169,6 +170,76 @@
|
|||
/** Invalid value in SSL config */
|
||||
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
|
||||
|
||||
/*
|
||||
* TLS 1.3 NamedGroup values
|
||||
*
|
||||
* From RF 8446
|
||||
* enum {
|
||||
* // Elliptic Curve Groups (ECDHE)
|
||||
* secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
|
||||
* x25519(0x001D), x448(0x001E),
|
||||
* // Finite Field Groups (DHE)
|
||||
* ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
|
||||
* ffdhe6144(0x0103), ffdhe8192(0x0104),
|
||||
* // Reserved Code Points
|
||||
* ffdhe_private_use(0x01FC..0x01FF),
|
||||
* ecdhe_private_use(0xFE00..0xFEFF),
|
||||
* (0xFFFF)
|
||||
* } NamedGroup;
|
||||
*
|
||||
*/
|
||||
|
||||
/* Elliptic Curve Groups (ECDHE) */
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E
|
||||
/* Finite Field Groups (DHE) */
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104
|
||||
|
||||
/*
|
||||
* TLS 1.3 Key Exchange Modes
|
||||
*
|
||||
* Mbed TLS internal identifiers for use with the SSL configuration API
|
||||
* mbedtls_ssl_conf_tls13_key_exchange_modes().
|
||||
*/
|
||||
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange,
|
||||
* encompassing both externally agreed PSKs
|
||||
* as well as resumption PSKs. */
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges,
|
||||
* including for example ECDHE and DHE
|
||||
* key exchanges. */
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges,
|
||||
* using both a PSK and an ephemeral
|
||||
* key exchange. */
|
||||
|
||||
/* Convenience macros for sets of key exchanges. */
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL \
|
||||
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) /*!< All TLS 1.3 key exchanges */
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL \
|
||||
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All PSK-based TLS 1.3 key exchanges */
|
||||
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \
|
||||
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL | \
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All ephemeral TLS 1.3 key exchanges */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
*/
|
||||
|
@ -337,6 +408,41 @@
|
|||
#define MBEDTLS_SSL_SIG_RSA 1
|
||||
#define MBEDTLS_SSL_SIG_ECDSA 3
|
||||
|
||||
/*
|
||||
* TLS 1.3 signature algorithms
|
||||
* RFC 8446, Section 4.2.2
|
||||
*/
|
||||
|
||||
/* RSASSA-PKCS1-v1_5 algorithms */
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601
|
||||
|
||||
/* ECDSA algorithms */
|
||||
#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403
|
||||
#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503
|
||||
#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603
|
||||
|
||||
/* RSASSA-PSS algorithms with public key OID rsaEncryption */
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806
|
||||
|
||||
/* EdDSA algorithms */
|
||||
#define MBEDTLS_TLS13_SIG_ED25519 0x0807
|
||||
#define MBEDTLS_TLS13_SIG_ED448 0x0808
|
||||
|
||||
/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B
|
||||
|
||||
/* LEGACY ALGORITHMS */
|
||||
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201
|
||||
#define MBEDTLS_TLS13_SIG_ECDSA_SHA1 0x0203
|
||||
|
||||
#define MBEDTLS_TLS13_SIG_NONE 0x0
|
||||
|
||||
/*
|
||||
* Client Certificate Types
|
||||
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
|
||||
|
@ -391,6 +497,7 @@
|
|||
#define MBEDTLS_SSL_HS_SERVER_HELLO 2
|
||||
#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
|
||||
#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
|
||||
#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS 8 // NEW IN TLS 1.3
|
||||
#define MBEDTLS_SSL_HS_CERTIFICATE 11
|
||||
#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
|
||||
#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
|
||||
|
@ -408,25 +515,48 @@
|
|||
#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
|
||||
|
||||
#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
|
||||
#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */
|
||||
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
|
||||
|
||||
#define MBEDTLS_TLS_EXT_SIG_ALG 13
|
||||
|
||||
#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_USE_SRTP 14
|
||||
|
||||
#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_ALPN 16
|
||||
|
||||
#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
|
||||
#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
|
||||
|
||||
#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
|
||||
|
||||
#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */
|
||||
|
||||
#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
|
||||
#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
|
||||
|
||||
/* The value of the CID extension is still TBD as of
|
||||
* draft-ietf-tls-dtls-connection-id-05
|
||||
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
|
||||
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
|
||||
*
|
||||
* A future minor revision of Mbed TLS may change the default value of
|
||||
* this option to match evolving standards and usage.
|
||||
*/
|
||||
#if !defined(MBEDTLS_TLS_EXT_CID)
|
||||
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
||||
|
||||
|
@ -475,6 +605,11 @@ union mbedtls_ssl_premaster_secret
|
|||
|
||||
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
|
||||
|
||||
#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
|
||||
|
||||
/* Length in number of bytes of the TLS sequence number */
|
||||
#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -503,6 +638,10 @@ typedef enum
|
|||
MBEDTLS_SSL_HANDSHAKE_OVER,
|
||||
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
|
||||
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
|
||||
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
}
|
||||
mbedtls_ssl_states;
|
||||
|
||||
|
@ -537,10 +676,11 @@ typedef int mbedtls_ssl_send_t( void *ctx,
|
|||
* \param buf Buffer to write the received data to
|
||||
* \param len Length of the receive buffer
|
||||
*
|
||||
* \return The callback must return the number of bytes received,
|
||||
* or a non-zero error code.
|
||||
* If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
|
||||
* \returns If data has been received, the positive number of bytes received.
|
||||
* \returns \c 0 if the connection has been closed.
|
||||
* \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
|
||||
* must be returned when the operation would block.
|
||||
* \returns Another negative error code on other kinds of failures.
|
||||
*
|
||||
* \note The callback may receive fewer bytes than the length of the
|
||||
* buffer. It must always return the number of bytes actually
|
||||
|
@ -560,7 +700,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
|
|||
* \param ctx Context for the receive callback (typically a file descriptor)
|
||||
* \param buf Buffer to write the received data to
|
||||
* \param len Length of the receive buffer
|
||||
* \param timeout Maximum nomber of millisecondes to wait for data
|
||||
* \param timeout Maximum number of milliseconds to wait for data
|
||||
* 0 means no timeout (potentially waiting forever)
|
||||
*
|
||||
* \return The callback must return the number of bytes received,
|
||||
|
@ -912,6 +1052,14 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
|
||||
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_application_secrets;
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
|
||||
#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
|
||||
|
@ -1002,6 +1150,10 @@ struct mbedtls_ssl_session
|
|||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -1017,7 +1169,6 @@ typedef enum
|
|||
}
|
||||
mbedtls_tls_prf_types;
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
|
||||
|
@ -1053,7 +1204,6 @@ typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
|
|||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type );
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
/**
|
||||
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
|
||||
|
@ -1069,6 +1219,11 @@ struct mbedtls_ssl_config
|
|||
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
|
||||
const int *MBEDTLS_PRIVATE(ciphersuite_list);
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
/** Allowed TLS 1.3 key exchange modes. */
|
||||
int MBEDTLS_PRIVATE(tls13_kex_modes);
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
/** Callback for printing debug output */
|
||||
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
|
||||
void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
|
||||
|
@ -1147,12 +1302,18 @@ struct mbedtls_ssl_config
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
|
||||
#endif
|
||||
|
||||
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
|
||||
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
|
||||
|
@ -1328,10 +1489,24 @@ struct mbedtls_ssl_context
|
|||
/*
|
||||
* Record layer transformations
|
||||
*/
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in)
|
||||
* This is always a reference,
|
||||
* never an owning pointer. */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out)
|
||||
* This is always a reference,
|
||||
* never an owning pointer. */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
|
||||
* This pointer owns the transform
|
||||
* it references. */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
|
||||
* This pointer owns the transform
|
||||
* it references. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
/*! The application data transform in TLS 1.3.
|
||||
* This pointer owns the transform it references. */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
/*
|
||||
* Timers
|
||||
|
@ -1381,6 +1556,19 @@ struct mbedtls_ssl_context
|
|||
int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
|
||||
on next call to record layer? */
|
||||
|
||||
/* The following three variables indicate if and, if yes,
|
||||
* what kind of alert is pending to be sent.
|
||||
*/
|
||||
unsigned char MBEDTLS_PRIVATE(send_alert); /*!< Determines if a fatal alert
|
||||
should be sent. Values:
|
||||
- \c 0 , no alert is to be sent.
|
||||
- \c 1 , alert is to be sent. */
|
||||
unsigned char MBEDTLS_PRIVATE(alert_type); /*!< Type of alert if send_alert
|
||||
!= 0 */
|
||||
int MBEDTLS_PRIVATE(alert_reason); /*!< The error code to be returned
|
||||
to the user once the fatal alert
|
||||
has been sent. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
|
||||
* within a single datagram. */
|
||||
|
@ -1407,7 +1595,7 @@ struct mbedtls_ssl_context
|
|||
size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
|
||||
#endif
|
||||
|
||||
unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
|
||||
unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Outgoing record sequence number. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
|
||||
|
@ -1472,11 +1660,9 @@ struct mbedtls_ssl_context
|
|||
* and #MBEDTLS_SSL_CID_DISABLED. */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
/** Callback to export key block and master secret */
|
||||
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
|
||||
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -2049,7 +2235,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
|||
void *p_ticket );
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
/**
|
||||
* \brief Configure a key export callback.
|
||||
* (Default: none.)
|
||||
|
@ -2071,7 +2256,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
|||
void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_export_keys_t *f_export_keys,
|
||||
void *p_export_keys );
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
/**
|
||||
|
@ -2519,24 +2703,94 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
|
|||
/**
|
||||
* \brief Set the list of allowed ciphersuites and the preference
|
||||
* order. First in the list has the highest preference.
|
||||
* (Overrides all version-specific lists)
|
||||
*
|
||||
* The ciphersuites array is not copied, and must remain
|
||||
* valid for the lifetime of the ssl_config.
|
||||
* For TLS 1.2, the notion of ciphersuite determines both
|
||||
* the key exchange mechanism and the suite of symmetric
|
||||
* algorithms to be used during and after the handshake.
|
||||
*
|
||||
* Note: By default, the server chooses its preferred
|
||||
* For TLS 1.3 (in development), the notion of ciphersuite
|
||||
* only determines the suite of symmetric algorithms to be
|
||||
* used during and after the handshake, while key exchange
|
||||
* mechanisms are configured separately.
|
||||
*
|
||||
* In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
|
||||
* are configured via this function. For users of TLS 1.3,
|
||||
* there will be separate API for the configuration of key
|
||||
* exchange mechanisms.
|
||||
*
|
||||
* The list of ciphersuites passed to this function may
|
||||
* contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
|
||||
* identifiers. This is useful if negotiation of TLS 1.3
|
||||
* should be attempted, but a fallback to TLS 1.2 would
|
||||
* be tolerated.
|
||||
*
|
||||
* \note By default, the server chooses its preferred
|
||||
* ciphersuite among those that the client supports. If
|
||||
* mbedtls_ssl_conf_preference_order() is called to prefer
|
||||
* the client's preferences, the server instead chooses
|
||||
* the client's preferred ciphersuite among those that
|
||||
* the server supports.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
* \warning The ciphersuites array \p ciphersuites is not copied.
|
||||
* It must remain valid for the lifetime of the SSL
|
||||
* configuration \p conf.
|
||||
*
|
||||
* \param conf The SSL configuration to modify.
|
||||
* \param ciphersuites A 0-terminated list of IANA identifiers of supported
|
||||
* ciphersuites, accessible through \c MBEDTLS_TLS_XXX
|
||||
* and \c MBEDTLS_TLS1_3_XXX macros defined in
|
||||
* ssl_ciphersuites.h.
|
||||
*/
|
||||
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
/**
|
||||
* \brief Set the supported key exchange modes for TLS 1.3 connections.
|
||||
*
|
||||
* In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
|
||||
* include the choice of key exchange mechanism. It is therefore not
|
||||
* covered by the API mbedtls_ssl_conf_ciphersuites(). See the
|
||||
* documentation of mbedtls_ssl_conf_ciphersuites() for more
|
||||
* information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
|
||||
*
|
||||
* The present function is specific to TLS 1.3 and allows users to
|
||||
* configure the set of supported key exchange mechanisms in TLS 1.3.
|
||||
*
|
||||
* \param conf The SSL configuration the change should apply to.
|
||||
* \param kex_modes A bitwise combination of one or more of the following:
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK
|
||||
* This flag enables pure-PSK key exchanges.
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
|
||||
* This flag enables combined PSK-ephemeral key exchanges.
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL
|
||||
* This flag enables pure-ephemeral key exchanges.
|
||||
* For convenience, the following pre-defined macros are
|
||||
* available for combinations of the above:
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
|
||||
* Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL
|
||||
* Includes both pure-PSK and combined PSK-ephemeral
|
||||
* key exchanges, but excludes pure-ephemeral key exchanges.
|
||||
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
|
||||
* Includes both pure-ephemeral and combined PSK-ephemeral
|
||||
* key exchanges.
|
||||
*
|
||||
* \note If a PSK-based key exchange mode shall be supported, applications
|
||||
* must also use the APIs mbedtls_ssl_conf_psk() or
|
||||
* mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
|
||||
* to configure the PSKs to be used.
|
||||
*
|
||||
* \note If a pure-ephemeral key exchange mode shall be supported,
|
||||
* server-side applications must also provide a certificate via
|
||||
* mbedtls_ssl_conf_own_cert().
|
||||
*
|
||||
*/
|
||||
|
||||
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
|
||||
const int kex_modes );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
|
||||
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
|
||||
|
@ -2916,6 +3170,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/**
|
||||
* \brief Set the allowed curves in order of preference.
|
||||
*
|
||||
|
@ -2929,6 +3184,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
* Both sides: limits the set of curves accepted for use in
|
||||
* ECDHE and in the peer's end-entity certificate.
|
||||
*
|
||||
* \deprecated Superseeded by mbedtls_ssl_conf_groups().
|
||||
*
|
||||
* \note This has no influence on which curves are allowed inside the
|
||||
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
|
||||
* for that. For the end-entity certificate however, the key
|
||||
|
@ -2955,10 +3212,51 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
* \param curves Ordered list of allowed curves,
|
||||
* terminated by MBEDTLS_ECP_DP_NONE.
|
||||
*/
|
||||
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ecp_group_id *curves );
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
/**
|
||||
* \brief Set the allowed groups in order of preference.
|
||||
*
|
||||
* On server: This only affects the choice of key agreement mechanism
|
||||
*
|
||||
* On client: this affects the list of groups offered for any
|
||||
* use. The server can override our preference order.
|
||||
*
|
||||
* Both sides: limits the set of groups accepted for use in
|
||||
* key sharing.
|
||||
*
|
||||
* \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
|
||||
* which only allows ECP curves to be configured.
|
||||
*
|
||||
* \note The most recent invocation of either mbedtls_ssl_conf_curves()
|
||||
* or mbedtls_ssl_conf_groups() nullifies all previous invocations
|
||||
* of both.
|
||||
*
|
||||
* \note This list should be ordered by decreasing preference
|
||||
* (preferred group first).
|
||||
*
|
||||
* \note When this function is not called, a default list is used,
|
||||
* consisting of all supported curves at 255 bits and above,
|
||||
* and all supported finite fields at 2048 bits and above.
|
||||
* The order favors groups with the lowest resource usage.
|
||||
*
|
||||
* \note New minor versions of Mbed TLS will not remove items
|
||||
* from the default list unless serious security concerns require it.
|
||||
* New minor versions of Mbed TLS may change the order in
|
||||
* keeping with the general principle of favoring the lowest
|
||||
* resource usage.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param groups List of allowed groups ordered by preference, terminated by 0.
|
||||
* Must contain valid IANA NamedGroup IDs (provided via either an integer
|
||||
* or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
|
||||
*/
|
||||
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
||||
const uint16_t *groups );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/**
|
||||
* \brief Set the allowed hashes for signatures during the handshake.
|
||||
|
@ -2991,6 +3289,20 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
|||
*/
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
/**
|
||||
* \brief Configure allowed signature algorithms for use in TLS 1.3
|
||||
*
|
||||
* \param conf The SSL configuration to use.
|
||||
* \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
|
||||
* terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
|
||||
* available throughout the lifetime of the conf object. Supported
|
||||
* values are available as \c MBEDTLS_TLS13_SIG_XXXX
|
||||
*/
|
||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||
const uint16_t* sig_algs );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
|
@ -256,6 +256,13 @@ extern "C" {
|
|||
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
|
||||
|
||||
/* RFC 8446, Appendix B.4 */
|
||||
#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */
|
||||
#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 0x1302 /**< TLS 1.3 */
|
||||
#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 0x1303 /**< TLS 1.3 */
|
||||
#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 0x1304 /**< TLS 1.3 */
|
||||
#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 0x1305 /**< TLS 1.3 */
|
||||
|
||||
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
||||
*/
|
||||
|
|
|
@ -246,8 +246,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
|
|||
/** Container for date and time (precision in seconds). */
|
||||
typedef struct mbedtls_x509_time
|
||||
{
|
||||
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
|
||||
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
|
||||
int year, mon, day; /**< Date. */
|
||||
int hour, min, sec; /**< Time. */
|
||||
}
|
||||
mbedtls_x509_time;
|
||||
|
||||
|
|
|
@ -43,18 +43,30 @@ extern "C" {
|
|||
/**
|
||||
* Certificate revocation list entry.
|
||||
* Contains the CA-specific serial numbers and revocation dates.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields points to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_crl_entry
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
|
||||
/** Direct access to the whole entry inside the containing buffer. */
|
||||
mbedtls_x509_buf raw;
|
||||
/** The serial number of the revoked certificate. */
|
||||
mbedtls_x509_buf serial;
|
||||
/** The revocation date of this entry. */
|
||||
mbedtls_x509_time revocation_date;
|
||||
/** Direct access to the list of CRL entry extensions
|
||||
* (an ASN.1 constructed sequence).
|
||||
*
|
||||
* If there are no extensions, `entry_ext.len == 0` and
|
||||
* `entry_ext.p == NULL`. */
|
||||
mbedtls_x509_buf entry_ext;
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
|
||||
|
||||
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
|
||||
/** Next element in the linked list of entries.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crl_entry *next;
|
||||
}
|
||||
mbedtls_x509_crl_entry;
|
||||
|
||||
|
@ -64,22 +76,22 @@ mbedtls_x509_crl_entry;
|
|||
*/
|
||||
typedef struct mbedtls_x509_crl
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
|
||||
int version; /**< CRL version (1=v1, 2=v2) */
|
||||
mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
|
||||
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
|
||||
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
|
||||
mbedtls_x509_time this_update;
|
||||
mbedtls_x509_time next_update;
|
||||
|
||||
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
|
||||
mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
|
||||
mbedtls_x509_buf crl_ext;
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
|
||||
|
@ -87,7 +99,10 @@ typedef struct mbedtls_x509_crl
|
|||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
|
||||
|
||||
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
|
||||
/** Next element in the linked list of CRL.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crl *next;
|
||||
}
|
||||
mbedtls_x509_crl;
|
||||
|
||||
|
|
|
@ -45,36 +45,40 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* Container for an X.509 certificate. The certificate may be chained.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields points to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_crt
|
||||
{
|
||||
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
|
||||
* by the structure or not. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
|
||||
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
|
||||
mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
|
||||
mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
|
||||
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
|
||||
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
|
||||
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
|
||||
mbedtls_x509_time valid_to; /**< End time of certificate validity. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
|
||||
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
|
||||
mbedtls_x509_buf pk_raw;
|
||||
mbedtls_pk_context pk; /**< Container for the public key context. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
|
||||
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
|
||||
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
|
||||
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
|
||||
|
||||
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
|
||||
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
|
||||
|
@ -82,7 +86,7 @@ typedef struct mbedtls_x509_crt
|
|||
|
||||
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
|
||||
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
|
||||
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
|
||||
|
||||
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
|
||||
|
||||
|
@ -91,7 +95,10 @@ typedef struct mbedtls_x509_crt
|
|||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
|
||||
|
||||
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
|
||||
/** Next certificate in the linked list that constitutes the CA chain.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crt *next;
|
||||
}
|
||||
mbedtls_x509_crt;
|
||||
|
||||
|
@ -100,6 +107,9 @@ mbedtls_x509_crt;
|
|||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*
|
||||
* Future versions of the library may add new fields to this structure or
|
||||
* to its embedded union and structure.
|
||||
*/
|
||||
typedef struct mbedtls_x509_san_other_name
|
||||
{
|
||||
|
@ -108,7 +118,7 @@ typedef struct mbedtls_x509_san_other_name
|
|||
* To check the value of the type id, you should use
|
||||
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
|
||||
*/
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
|
||||
mbedtls_x509_buf type_id; /**< The type id. */
|
||||
union
|
||||
{
|
||||
/**
|
||||
|
@ -119,26 +129,30 @@ typedef struct mbedtls_x509_san_other_name
|
|||
*/
|
||||
struct
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
|
||||
mbedtls_x509_buf oid; /**< The object identifier. */
|
||||
mbedtls_x509_buf val; /**< The named value. */
|
||||
}
|
||||
MBEDTLS_PRIVATE(hardware_module_name);
|
||||
hardware_module_name;
|
||||
}
|
||||
MBEDTLS_PRIVATE(value);
|
||||
value;
|
||||
}
|
||||
mbedtls_x509_san_other_name;
|
||||
|
||||
/**
|
||||
* A structure for holding the parsed Subject Alternative Name, according to type
|
||||
* A structure for holding the parsed Subject Alternative Name,
|
||||
* according to type.
|
||||
*
|
||||
* Future versions of the library may add new fields to this structure or
|
||||
* to its embedded union and structure.
|
||||
*/
|
||||
typedef struct mbedtls_x509_subject_alternative_name
|
||||
{
|
||||
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
union {
|
||||
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
|
||||
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
|
||||
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
|
||||
}
|
||||
MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
|
||||
san; /**< A union of the supported SAN types */
|
||||
}
|
||||
mbedtls_x509_subject_alternative_name;
|
||||
|
||||
|
|
|
@ -42,20 +42,24 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* Certificate Signing Request (CSR) structure.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields point to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_csr
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
|
||||
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
|
||||
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
|
||||
int version; /**< CSR version (1=v1). */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
|
||||
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
|
||||
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
|
||||
|
||||
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
|
||||
mbedtls_pk_context pk; /**< Container for the public key context. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
|
||||
mbedtls_x509_buf sig_oid;
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
|
||||
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
|
||||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
|
|
|
@ -2990,7 +2990,9 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
|
|||
* \param key Identifier of the key to use for the operation.
|
||||
* It must be an asymmetric key pair. The key must
|
||||
* allow the usage #PSA_KEY_USAGE_SIGN_HASH.
|
||||
* \param alg A signature algorithm that is compatible with
|
||||
* \param alg A signature algorithm (PSA_ALG_XXX
|
||||
* value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
|
||||
* is true), that is compatible with
|
||||
* the type of \p key.
|
||||
* \param[in] hash The hash or message to sign.
|
||||
* \param hash_length Size of the \p hash buffer in bytes.
|
||||
|
@ -3043,7 +3045,9 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
|
|||
* must be a public key or an asymmetric key pair. The
|
||||
* key must allow the usage
|
||||
* #PSA_KEY_USAGE_VERIFY_HASH.
|
||||
* \param alg A signature algorithm that is compatible with
|
||||
* \param alg A signature algorithm (PSA_ALG_XXX
|
||||
* value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
|
||||
* is true), that is compatible with
|
||||
* the type of \p key.
|
||||
* \param[in] hash The hash or message whose signature is to be
|
||||
* verified.
|
||||
|
@ -3682,6 +3686,7 @@ psa_status_t psa_key_derivation_output_bytes(
|
|||
* The following key types defined in this specification follow this scheme:
|
||||
*
|
||||
* - #PSA_KEY_TYPE_AES;
|
||||
* - #PSA_KEY_TYPE_ARIA;
|
||||
* - #PSA_KEY_TYPE_CAMELLIA;
|
||||
* - #PSA_KEY_TYPE_DERIVE;
|
||||
* - #PSA_KEY_TYPE_HMAC;
|
||||
|
|
|
@ -77,6 +77,41 @@ typedef struct
|
|||
|
||||
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
#define MBEDTLS_PSA_BUILTIN_AEAD 1
|
||||
#endif
|
||||
|
||||
/* Context structure for the Mbed TLS AEAD implementation. */
|
||||
typedef struct
|
||||
{
|
||||
psa_algorithm_t MBEDTLS_PRIVATE(alg);
|
||||
psa_key_type_t MBEDTLS_PRIVATE(key_type);
|
||||
|
||||
unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
|
||||
|
||||
uint8_t MBEDTLS_PRIVATE(tag_length);
|
||||
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Enable easier initializing of the union. */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
mbedtls_ccm_context MBEDTLS_PRIVATE(ccm);
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
mbedtls_gcm_context MBEDTLS_PRIVATE(gcm);
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly);
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
} ctx;
|
||||
|
||||
} mbedtls_psa_aead_operation_t;
|
||||
|
||||
#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}}
|
||||
|
||||
/*
|
||||
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
|
||||
*/
|
||||
|
@ -88,6 +123,10 @@ typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t;
|
|||
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
|
||||
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
|
||||
|
||||
typedef mbedtls_psa_aead_operation_t mbedtls_transparent_test_driver_aead_operation_t;
|
||||
|
||||
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT MBEDTLS_PSA_AEAD_OPERATION_INIT
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
|
||||
|
|
|
@ -111,6 +111,7 @@
|
|||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define PSA_WANT_KEY_TYPE_ARIA 1
|
||||
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
||||
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
||||
#define PSA_WANT_KEY_TYPE_DES 1
|
||||
|
|
|
@ -58,5 +58,13 @@ typedef union {
|
|||
#endif
|
||||
} psa_driver_mac_context_t;
|
||||
|
||||
typedef union {
|
||||
unsigned dummy; /* Make sure this union is always non-empty */
|
||||
mbedtls_psa_aead_operation_t mbedtls_ctx;
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
|
||||
#endif
|
||||
} psa_driver_aead_context_t;
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
|
||||
/* End of automatically generated file. */
|
||||
|
|
|
@ -79,6 +79,38 @@
|
|||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
|
||||
0)
|
||||
|
||||
/** The input block size of a hash algorithm, in bytes.
|
||||
*
|
||||
* Hash algorithms process their input data in blocks. Hash operations will
|
||||
* retain any partial blocks until they have enough input to fill the block or
|
||||
* until the operation is finished.
|
||||
* This affects the output from psa_hash_suspend().
|
||||
*
|
||||
* \param alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||
* PSA_ALG_IS_HASH(\p alg) is true).
|
||||
*
|
||||
* \return The block size in bytes for the specified hash algorithm.
|
||||
* If the hash algorithm is not recognized, return 0.
|
||||
* An implementation can return either 0 or the correct size for a
|
||||
* hash algorithm that it recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_HASH_BLOCK_LENGTH(alg) \
|
||||
( \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
|
||||
0)
|
||||
|
||||
/** \def PSA_HASH_MAX_SIZE
|
||||
*
|
||||
* Maximum size of a hash.
|
||||
|
@ -959,6 +991,7 @@
|
|||
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
|
||||
(alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
|
||||
0)
|
||||
|
||||
/** The maximum IV size for all supported cipher algorithms, in bytes.
|
||||
|
|
|
@ -72,6 +72,8 @@ extern "C" {
|
|||
|
||||
#include "mbedtls/cmac.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/chachapoly.h"
|
||||
|
||||
/* Include the context definition for the compiled-in drivers for the primitive
|
||||
* algorithms. */
|
||||
|
@ -148,19 +150,31 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
|
|||
|
||||
struct psa_aead_operation_s
|
||||
{
|
||||
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_crypto_driver_wrappers.h
|
||||
* ID value zero means the context is not valid or not assigned to
|
||||
* any driver (i.e. none of the driver contexts are active). */
|
||||
unsigned int MBEDTLS_PRIVATE(id);
|
||||
|
||||
psa_algorithm_t MBEDTLS_PRIVATE(alg);
|
||||
unsigned int MBEDTLS_PRIVATE(key_set) : 1;
|
||||
unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
|
||||
uint8_t MBEDTLS_PRIVATE(iv_size);
|
||||
uint8_t MBEDTLS_PRIVATE(block_size);
|
||||
union
|
||||
{
|
||||
unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
|
||||
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
|
||||
} MBEDTLS_PRIVATE(ctx);
|
||||
psa_key_type_t MBEDTLS_PRIVATE(key_type);
|
||||
|
||||
size_t MBEDTLS_PRIVATE(ad_remaining);
|
||||
size_t MBEDTLS_PRIVATE(body_remaining);
|
||||
|
||||
unsigned int MBEDTLS_PRIVATE(nonce_set) : 1;
|
||||
unsigned int MBEDTLS_PRIVATE(lengths_set) : 1;
|
||||
unsigned int MBEDTLS_PRIVATE(ad_started) : 1;
|
||||
unsigned int MBEDTLS_PRIVATE(body_started) : 1;
|
||||
unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
|
||||
|
||||
psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx);
|
||||
};
|
||||
|
||||
#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
|
||||
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
|
||||
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
|
||||
{
|
||||
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
|
||||
|
|
|
@ -466,6 +466,10 @@
|
|||
*/
|
||||
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
|
||||
|
||||
/** Key for a cipher, AEAD or MAC algorithm based on the
|
||||
* ARIA block cipher. */
|
||||
#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
|
||||
|
||||
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
|
||||
*
|
||||
* The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or
|
||||
|
@ -843,6 +847,9 @@
|
|||
(PSA_ALG_IS_KEY_DERIVATION(alg) && \
|
||||
(alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
|
||||
|
||||
/** An invalid algorithm identifier value. */
|
||||
#define PSA_ALG_NONE ((psa_algorithm_t)0)
|
||||
|
||||
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
|
||||
/** MD5 */
|
||||
#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
|
||||
|
@ -886,7 +893,7 @@
|
|||
* algorithm parametrized with any supported hash.
|
||||
*
|
||||
* That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
|
||||
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
|
||||
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT,
|
||||
* - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
|
||||
* Then you may create and use a key as follows:
|
||||
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
|
||||
|
@ -1195,6 +1202,17 @@
|
|||
*/
|
||||
#define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
|
||||
|
||||
/** The CCM* cipher mode without authentication.
|
||||
*
|
||||
* This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0.
|
||||
* For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM.
|
||||
*
|
||||
* The underlying block cipher is determined by the key type.
|
||||
*
|
||||
* Currently only 13-byte long IV's are supported.
|
||||
*/
|
||||
#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t)0x04c01300)
|
||||
|
||||
/** The GCM authenticated encryption algorithm.
|
||||
*
|
||||
* The underlying block cipher is determined by the key type.
|
||||
|
@ -1341,6 +1359,7 @@
|
|||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
|
||||
|
||||
#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
|
||||
#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
|
||||
/** RSA PSS signature with hashing.
|
||||
*
|
||||
* This is the signature scheme defined by RFC 8017
|
||||
|
@ -1361,9 +1380,72 @@
|
|||
*/
|
||||
#define PSA_ALG_RSA_PSS(hash_alg) \
|
||||
(PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
||||
#define PSA_ALG_IS_RSA_PSS(alg) \
|
||||
|
||||
/** RSA PSS signature with hashing with relaxed verification.
|
||||
*
|
||||
* This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing,
|
||||
* but allows an arbitrary salt length (including \c 0) when verifying a
|
||||
* signature.
|
||||
*
|
||||
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
||||
* This includes #PSA_ALG_ANY_HASH
|
||||
* when specifying the algorithm in a usage policy.
|
||||
*
|
||||
* \return The corresponding RSA PSS signature algorithm.
|
||||
* \return Unspecified if \p hash_alg is not a supported
|
||||
* hash algorithm.
|
||||
*/
|
||||
#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
|
||||
(PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
/** Whether the specified algorithm is RSA PSS with standard salt.
|
||||
*
|
||||
* \param alg An algorithm value or an algorithm policy wildcard.
|
||||
*
|
||||
* \return 1 if \p alg is of the form
|
||||
* #PSA_ALG_RSA_PSS(\c hash_alg),
|
||||
* where \c hash_alg is a hash algorithm or
|
||||
* #PSA_ALG_ANY_HASH. 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \p alg is not
|
||||
* a supported algorithm identifier or policy.
|
||||
*/
|
||||
#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
|
||||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
|
||||
|
||||
/** Whether the specified algorithm is RSA PSS with any salt.
|
||||
*
|
||||
* \param alg An algorithm value or an algorithm policy wildcard.
|
||||
*
|
||||
* \return 1 if \p alg is of the form
|
||||
* #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
|
||||
* where \c hash_alg is a hash algorithm or
|
||||
* #PSA_ALG_ANY_HASH. 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \p alg is not
|
||||
* a supported algorithm identifier or policy.
|
||||
*/
|
||||
#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
|
||||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
|
||||
|
||||
/** Whether the specified algorithm is RSA PSS.
|
||||
*
|
||||
* This includes any of the RSA PSS algorithm variants, regardless of the
|
||||
* constraints on salt length.
|
||||
*
|
||||
* \param alg An algorithm value or an algorithm policy wildcard.
|
||||
*
|
||||
* \return 1 if \p alg is of the form
|
||||
* #PSA_ALG_RSA_PSS(\c hash_alg) or
|
||||
* #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
|
||||
* where \c hash_alg is a hash algorithm or
|
||||
* #PSA_ALG_ANY_HASH. 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \p alg is not
|
||||
* a supported algorithm identifier or policy.
|
||||
*/
|
||||
#define PSA_ALG_IS_RSA_PSS(alg) \
|
||||
(PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
|
||||
PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
|
||||
|
||||
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
|
||||
/** ECDSA signature with hashing.
|
||||
*
|
||||
|
@ -1521,20 +1603,24 @@
|
|||
* file. */
|
||||
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
|
||||
|
||||
/** Whether the specified algorithm is a hash-and-sign algorithm.
|
||||
/** Whether the specified algorithm is a signature algorithm that can be used
|
||||
* with psa_sign_hash() and psa_verify_hash().
|
||||
*
|
||||
* Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
|
||||
* structured in two parts: first the calculation of a hash in a way that
|
||||
* does not depend on the key, then the calculation of a signature from the
|
||||
* hash value and the key.
|
||||
* This encompasses all strict hash-and-sign algorithms categorized by
|
||||
* PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
|
||||
* paradigm more loosely:
|
||||
* - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
|
||||
* - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
|
||||
*
|
||||
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
|
||||
* \param alg An algorithm identifier (value of type psa_algorithm_t).
|
||||
*
|
||||
* \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \p alg is not a supported
|
||||
* algorithm identifier.
|
||||
* \return 1 if alg is a signature algorithm that can be used to sign a
|
||||
* hash. 0 if alg is a signature algorithm that can only be used
|
||||
* to sign a message. 0 if alg is not a signature algorithm.
|
||||
* This macro can return either 0 or 1 if alg is not a
|
||||
* supported algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||
#define PSA_ALG_IS_SIGN_HASH(alg) \
|
||||
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
||||
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
|
||||
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
|
||||
|
@ -1551,7 +1637,37 @@
|
|||
* supported algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
|
||||
(PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
|
||||
|
||||
/** Whether the specified algorithm is a hash-and-sign algorithm.
|
||||
*
|
||||
* Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
|
||||
* structured in two parts: first the calculation of a hash in a way that
|
||||
* does not depend on the key, then the calculation of a signature from the
|
||||
* hash value and the key. Hash-and-sign algorithms encode the hash
|
||||
* used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH
|
||||
* to extract this algorithm.
|
||||
*
|
||||
* Thus, for a hash-and-sign algorithm,
|
||||
* `psa_sign_message(key, alg, input, ...)` is equivalent to
|
||||
* ```
|
||||
* psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...);
|
||||
* psa_sign_hash(key, alg, hash, ..., signature, ...);
|
||||
* ```
|
||||
* Most usefully, separating the hash from the signature allows the hash
|
||||
* to be calculated in multiple steps with psa_hash_setup(), psa_hash_update()
|
||||
* and psa_hash_finish(). Likewise psa_verify_message() is equivalent to
|
||||
* calculating the hash and then calling psa_verify_hash().
|
||||
*
|
||||
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
|
||||
*
|
||||
* \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \p alg is not a supported
|
||||
* algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||
(PSA_ALG_IS_SIGN_HASH(alg) && \
|
||||
((alg) & PSA_ALG_HASH_MASK) != 0)
|
||||
|
||||
/** Get the hash used by a hash-and-sign signature algorithm.
|
||||
*
|
||||
|
@ -1573,7 +1689,6 @@
|
|||
*/
|
||||
#define PSA_ALG_SIGN_GET_HASH(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
|
||||
((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 : \
|
||||
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
|
||||
0)
|
||||
|
||||
|
@ -2064,6 +2179,9 @@
|
|||
|
||||
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
|
||||
|
||||
/** The null key identifier.
|
||||
*/
|
||||
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
|
||||
/** The minimum value for a key identifier chosen by the application.
|
||||
*/
|
||||
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
|
||||
|
|
|
@ -107,8 +107,47 @@ set(src_tls
|
|||
ssl_tls13_keys.c
|
||||
ssl_tls13_server.c
|
||||
ssl_tls13_client.c
|
||||
ssl_tls13_generic.c
|
||||
)
|
||||
|
||||
if(GEN_FILES)
|
||||
find_package(Perl REQUIRED)
|
||||
|
||||
file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
|
||||
add_custom_command(
|
||||
OUTPUT
|
||||
${CMAKE_CURRENT_BINARY_DIR}/error.c
|
||||
COMMAND
|
||||
${PERL_EXECUTABLE}
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
|
||||
${CMAKE_CURRENT_BINARY_DIR}/error.c
|
||||
DEPENDS
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
|
||||
${error_headers}
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
|
||||
)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT
|
||||
${CMAKE_CURRENT_BINARY_DIR}/version_features.c
|
||||
COMMAND
|
||||
${PERL_EXECUTABLE}
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
|
||||
${CMAKE_CURRENT_BINARY_DIR}/version_features.c
|
||||
DEPENDS
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
|
||||
)
|
||||
else()
|
||||
link_to_source(error.c)
|
||||
link_to_source(version_features.c)
|
||||
endif()
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
|
|
@ -170,6 +170,7 @@ OBJS_TLS= \
|
|||
ssl_tls13_keys.o \
|
||||
ssl_tls13_client.o \
|
||||
ssl_tls13_server.o \
|
||||
ssl_tls13_generic.o \
|
||||
# This line is intentionally left blank
|
||||
|
||||
.SILENT:
|
||||
|
@ -186,6 +187,14 @@ static: libmbedcrypto.a libmbedx509.a libmbedtls.a
|
|||
|
||||
shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
|
||||
|
||||
# Windows builds under Mingw can fail if make tries to create archives in the same
|
||||
# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002.
|
||||
# This forces builds of the .a files to be serialised.
|
||||
ifdef WINDOWS
|
||||
libmbedtls.a: | libmbedx509.a
|
||||
libmbedx509.a: | libmbedcrypto.a
|
||||
endif
|
||||
|
||||
# tls
|
||||
libmbedtls.a: $(OBJS_TLS)
|
||||
echo " AR $@"
|
||||
|
@ -199,7 +208,7 @@ endif
|
|||
|
||||
libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
|
||||
echo " LD $@"
|
||||
$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
|
||||
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedtls.so: libmbedtls.$(SOEXT_TLS)
|
||||
echo " LN $@ -> $<"
|
||||
|
@ -207,11 +216,11 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS)
|
|||
|
||||
libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
|
||||
echo " LD $@"
|
||||
$(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
|
||||
$(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
|
||||
echo " LD $@"
|
||||
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -lmbedx509 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
# x509
|
||||
libmbedx509.a: $(OBJS_X509)
|
||||
|
@ -226,7 +235,7 @@ endif
|
|||
|
||||
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
|
||||
echo " LD $@"
|
||||
$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
|
||||
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedx509.so: libmbedx509.$(SOEXT_X509)
|
||||
echo " LN $@ -> $<"
|
||||
|
@ -234,7 +243,7 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509)
|
|||
|
||||
libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
|
||||
echo " LD $@"
|
||||
$(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
|
||||
$(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
|
||||
echo " LD $@"
|
||||
|
@ -253,7 +262,7 @@ endif
|
|||
|
||||
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
|
||||
echo " LD $@"
|
||||
$(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
|
||||
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
|
||||
echo " LN $@ -> $<"
|
||||
|
@ -261,7 +270,7 @@ libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
|
|||
|
||||
libmbedcrypto.dylib: $(OBJS_CRYPTO)
|
||||
echo " LD $@"
|
||||
$(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
|
||||
$(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
|
||||
|
||||
libmbedcrypto.dll: $(OBJS_CRYPTO)
|
||||
echo " LD $@"
|
||||
|
|
326
library/aes.c
326
library/aes.c
|
@ -57,29 +57,6 @@
|
|||
#define AES_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_LE
|
||||
#define GET_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_LE
|
||||
#define PUT_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && \
|
||||
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
|
||||
static int aes_padlock_ace = -1;
|
||||
|
@ -409,7 +386,7 @@ static void aes_gen_tables( void )
|
|||
{
|
||||
pow[i] = x;
|
||||
log[x] = i;
|
||||
x = ( x ^ XTIME( x ) ) & 0xFF;
|
||||
x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -418,7 +395,7 @@ static void aes_gen_tables( void )
|
|||
for( i = 0, x = 1; i < 10; i++ )
|
||||
{
|
||||
RCON[i] = (uint32_t) x;
|
||||
x = XTIME( x ) & 0xFF;
|
||||
x = MBEDTLS_BYTE_0( XTIME( x ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -431,10 +408,10 @@ static void aes_gen_tables( void )
|
|||
{
|
||||
x = pow[255 - log[i]];
|
||||
|
||||
y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
||||
y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||
x ^= y ^ 0x63;
|
||||
|
||||
FSb[i] = (unsigned char) x;
|
||||
|
@ -447,8 +424,8 @@ static void aes_gen_tables( void )
|
|||
for( i = 0; i < 256; i++ )
|
||||
{
|
||||
x = FSb[i];
|
||||
y = XTIME( x ) & 0xFF;
|
||||
z = ( y ^ x ) & 0xFF;
|
||||
y = MBEDTLS_BYTE_0( XTIME( x ) );
|
||||
z = MBEDTLS_BYTE_0( y ^ x );
|
||||
|
||||
FT0[i] = ( (uint32_t) y ) ^
|
||||
( (uint32_t) x << 8 ) ^
|
||||
|
@ -590,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
|
||||
for( i = 0; i < ( keybits >> 5 ); i++ )
|
||||
{
|
||||
GET_UINT32_LE( RK[i], key, i << 2 );
|
||||
RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
|
||||
}
|
||||
|
||||
switch( ctx->nr )
|
||||
|
@ -600,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
for( i = 0; i < 10; i++, RK += 4 )
|
||||
{
|
||||
RK[4] = RK[0] ^ RCON[i] ^
|
||||
( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
|
||||
|
||||
RK[5] = RK[1] ^ RK[4];
|
||||
RK[6] = RK[2] ^ RK[5];
|
||||
|
@ -616,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
for( i = 0; i < 8; i++, RK += 6 )
|
||||
{
|
||||
RK[6] = RK[0] ^ RCON[i] ^
|
||||
( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
|
||||
|
||||
RK[7] = RK[1] ^ RK[6];
|
||||
RK[8] = RK[2] ^ RK[7];
|
||||
|
@ -634,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
for( i = 0; i < 7; i++, RK += 8 )
|
||||
{
|
||||
RK[8] = RK[0] ^ RCON[i] ^
|
||||
( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
|
||||
|
||||
RK[9] = RK[1] ^ RK[8];
|
||||
RK[10] = RK[2] ^ RK[9];
|
||||
RK[11] = RK[3] ^ RK[10];
|
||||
|
||||
RK[12] = RK[4] ^
|
||||
( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
|
||||
|
||||
RK[13] = RK[5] ^ RK[12];
|
||||
RK[14] = RK[6] ^ RK[13];
|
||||
|
@ -713,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
{
|
||||
for( j = 0; j < 4; j++, SK++ )
|
||||
{
|
||||
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
|
||||
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
|
||||
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
|
||||
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
|
||||
*RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
|
||||
AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
|
||||
AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
|
||||
AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -812,49 +789,49 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
|||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
do \
|
||||
{ \
|
||||
(X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
|
||||
(X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
|
||||
AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
|
||||
AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
|
||||
AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \
|
||||
\
|
||||
(X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
|
||||
(X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
|
||||
AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
|
||||
AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
|
||||
AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \
|
||||
\
|
||||
(X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
|
||||
(X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
|
||||
AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
|
||||
AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
|
||||
AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \
|
||||
\
|
||||
(X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
|
||||
(X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
|
||||
AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
|
||||
AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
|
||||
AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \
|
||||
} while( 0 )
|
||||
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
do \
|
||||
{ \
|
||||
(X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
|
||||
(X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
|
||||
AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
|
||||
AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
|
||||
AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \
|
||||
\
|
||||
(X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
|
||||
(X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
|
||||
AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
|
||||
AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
|
||||
AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \
|
||||
\
|
||||
(X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
|
||||
(X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
|
||||
AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
|
||||
AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
|
||||
AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \
|
||||
\
|
||||
(X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
|
||||
(X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
|
||||
AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
|
||||
AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
|
||||
AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \
|
||||
} while( 0 )
|
||||
|
||||
/*
|
||||
|
@ -873,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
uint32_t Y[4];
|
||||
} t;
|
||||
|
||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
||||
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
|
||||
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
|
||||
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
|
||||
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
|
||||
|
||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||
{
|
||||
|
@ -887,33 +864,33 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
|
||||
t.X[0] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
|
||||
|
||||
t.X[1] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
|
||||
|
||||
t.X[2] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
|
||||
|
||||
t.X[3] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
|
||||
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
|
||||
|
||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
|
||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||
|
||||
|
@ -937,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
uint32_t Y[4];
|
||||
} t;
|
||||
|
||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
||||
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
|
||||
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
|
||||
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
|
||||
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
|
||||
|
||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||
{
|
||||
|
@ -951,33 +928,33 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
|
||||
t.X[0] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
|
||||
|
||||
t.X[1] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
|
||||
|
||||
t.X[2] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
|
||||
|
||||
t.X[3] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
|
||||
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
|
||||
|
||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
|
||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||
|
||||
|
@ -1034,6 +1011,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char temp[16];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
|
@ -1063,7 +1041,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
while( length > 0 )
|
||||
{
|
||||
memcpy( temp, input, 16 );
|
||||
mbedtls_aes_crypt_ecb( ctx, mode, input, output );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < 16; i++ )
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
|
@ -1082,7 +1062,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
for( i = 0; i < 16; i++ )
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
mbedtls_aes_crypt_ecb( ctx, mode, output, output );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
memcpy( iv, output, 16 );
|
||||
|
||||
input += 16;
|
||||
|
@ -1090,42 +1072,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
length -= 16;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
|
||||
/* Endianess with 64 bits values */
|
||||
#ifndef GET_UINT64_LE
|
||||
#define GET_UINT64_LE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
|
||||
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
|
||||
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
|
||||
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
|
||||
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
|
||||
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
|
||||
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
|
||||
| ( (uint64_t) (b)[(i) ] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT64_LE
|
||||
#define PUT_UINT64_LE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
|
||||
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
|
||||
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
|
||||
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) ] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
typedef unsigned char mbedtls_be128[16];
|
||||
|
||||
/*
|
||||
|
@ -1141,14 +1096,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16],
|
|||
{
|
||||
uint64_t a, b, ra, rb;
|
||||
|
||||
GET_UINT64_LE( a, x, 0 );
|
||||
GET_UINT64_LE( b, x, 8 );
|
||||
a = MBEDTLS_GET_UINT64_LE( x, 0 );
|
||||
b = MBEDTLS_GET_UINT64_LE( x, 8 );
|
||||
|
||||
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
|
||||
rb = ( a >> 63 ) | ( b << 1 );
|
||||
|
||||
PUT_UINT64_LE( ra, r, 0 );
|
||||
PUT_UINT64_LE( rb, r, 8 );
|
||||
MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
|
||||
MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1274,6 +1229,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
|
@ -1294,7 +1250,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
c = *input++;
|
||||
*output++ = (unsigned char)( c ^ iv[n] );
|
||||
|
@ -1308,7 +1268,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
|
||||
|
||||
|
@ -1317,8 +1281,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
}
|
||||
|
||||
*iv_off = n;
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1331,6 +1297,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char c;
|
||||
unsigned char ov[17];
|
||||
|
||||
|
@ -1343,7 +1310,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
while( length-- )
|
||||
{
|
||||
memcpy( ov, iv, 16 );
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
ov[16] = *input;
|
||||
|
@ -1355,8 +1324,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
|
||||
memcpy( iv, ov + 1, 16 );
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
|
@ -1418,6 +1389,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
|
@ -1435,7 +1407,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 16; i > 0; i-- )
|
||||
if( ++nonce_counter[i - 1] != 0 )
|
||||
|
@ -1448,8 +1422,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
}
|
||||
|
||||
*nc_off = n;
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
|
|
|
@ -55,29 +55,6 @@
|
|||
#define ARIA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_LE
|
||||
#define GET_UINT32_LE( n, b, i ) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_LE
|
||||
#define PUT_UINT32_LE( n, b, i ) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
|
||||
*
|
||||
|
@ -235,22 +212,22 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
|
|||
const uint8_t sa[256], const uint8_t sb[256],
|
||||
const uint8_t sc[256], const uint8_t sd[256] )
|
||||
{
|
||||
*a = ( (uint32_t) sa[ *a & 0xFF] ) ^
|
||||
(((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^
|
||||
(((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^
|
||||
(((uint32_t) sd[ *a >> 24 ]) << 24);
|
||||
*b = ( (uint32_t) sa[ *b & 0xFF] ) ^
|
||||
(((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^
|
||||
(((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^
|
||||
(((uint32_t) sd[ *b >> 24 ]) << 24);
|
||||
*c = ( (uint32_t) sa[ *c & 0xFF] ) ^
|
||||
(((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^
|
||||
(((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^
|
||||
(((uint32_t) sd[ *c >> 24 ]) << 24);
|
||||
*d = ( (uint32_t) sa[ *d & 0xFF] ) ^
|
||||
(((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^
|
||||
(((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^
|
||||
(((uint32_t) sd[ *d >> 24 ]) << 24);
|
||||
*a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^
|
||||
(((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^
|
||||
(((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
|
||||
(((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
|
||||
*b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^
|
||||
(((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^
|
||||
(((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
|
||||
(((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
|
||||
*c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^
|
||||
(((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^
|
||||
(((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
|
||||
(((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
|
||||
*d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^
|
||||
(((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^
|
||||
(((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
|
||||
(((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -408,7 +385,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
|
|||
* Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
|
||||
*
|
||||
* We chose to store bytes into 32-bit words in little-endian format (see
|
||||
* GET/PUT_UINT32_LE) so we need to reverse bytes here.
|
||||
* MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
|
||||
* bytes here.
|
||||
*/
|
||||
static void aria_rot128( uint32_t r[4], const uint32_t a[4],
|
||||
const uint32_t b[4], uint8_t n )
|
||||
|
@ -456,21 +434,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
|||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||
|
||||
/* Copy key to W0 (and potential remainder to W1) */
|
||||
GET_UINT32_LE( w[0][0], key, 0 );
|
||||
GET_UINT32_LE( w[0][1], key, 4 );
|
||||
GET_UINT32_LE( w[0][2], key, 8 );
|
||||
GET_UINT32_LE( w[0][3], key, 12 );
|
||||
w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 );
|
||||
w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 );
|
||||
w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 );
|
||||
w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
|
||||
|
||||
memset( w[1], 0, 16 );
|
||||
if( keybits >= 192 )
|
||||
{
|
||||
GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key
|
||||
GET_UINT32_LE( w[1][1], key, 20 );
|
||||
w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key
|
||||
w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||
}
|
||||
if( keybits == 256 )
|
||||
{
|
||||
GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key
|
||||
GET_UINT32_LE( w[1][3], key, 28 );
|
||||
w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key
|
||||
w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||
}
|
||||
|
||||
i = ( keybits - 128 ) >> 6; // index: 0, 1, 2
|
||||
|
@ -547,10 +525,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
|||
ARIA_VALIDATE_RET( input != NULL );
|
||||
ARIA_VALIDATE_RET( output != NULL );
|
||||
|
||||
GET_UINT32_LE( a, input, 0 );
|
||||
GET_UINT32_LE( b, input, 4 );
|
||||
GET_UINT32_LE( c, input, 8 );
|
||||
GET_UINT32_LE( d, input, 12 );
|
||||
a = MBEDTLS_GET_UINT32_LE( input, 0 );
|
||||
b = MBEDTLS_GET_UINT32_LE( input, 4 );
|
||||
c = MBEDTLS_GET_UINT32_LE( input, 8 );
|
||||
d = MBEDTLS_GET_UINT32_LE( input, 12 );
|
||||
|
||||
i = 0;
|
||||
while( 1 )
|
||||
|
@ -582,10 +560,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
|||
c ^= ctx->rk[i][2];
|
||||
d ^= ctx->rk[i][3];
|
||||
|
||||
PUT_UINT32_LE( a, output, 0 );
|
||||
PUT_UINT32_LE( b, output, 4 );
|
||||
PUT_UINT32_LE( c, output, 8 );
|
||||
PUT_UINT32_LE( d, output, 12 );
|
||||
MBEDTLS_PUT_UINT32_LE( a, output, 0 );
|
||||
MBEDTLS_PUT_UINT32_LE( b, output, 4 );
|
||||
MBEDTLS_PUT_UINT32_LE( c, output, 8 );
|
||||
MBEDTLS_PUT_UINT32_LE( d, output, 12 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
|||
if( *p - start < 3 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||
*--(*p) = 0x82;
|
||||
return( 3 );
|
||||
}
|
||||
|
@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
|||
if( *p - start < 4 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||
*--(*p) = MBEDTLS_BYTE_2( len );
|
||||
*--(*p) = 0x83;
|
||||
return( 4 );
|
||||
}
|
||||
|
@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
|||
if( *p - start < 5 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = ( len >> 24 ) & 0xFF;
|
||||
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||
*--(*p) = MBEDTLS_BYTE_2( len );
|
||||
*--(*p) = MBEDTLS_BYTE_3( len );
|
||||
*--(*p) = 0x84;
|
||||
return( 5 );
|
||||
}
|
||||
|
|
257
library/base64.c
257
library/base64.c
|
@ -22,6 +22,7 @@
|
|||
#if defined(MBEDTLS_BASE64_C)
|
||||
|
||||
#include "mbedtls/base64.h"
|
||||
#include "base64_invasive.h"
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
|
@ -35,127 +36,41 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
static const unsigned char base64_enc_map[64] =
|
||||
{
|
||||
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
|
||||
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
|
||||
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
|
||||
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
|
||||
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
|
||||
'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
|
||||
'8', '9', '+', '/'
|
||||
};
|
||||
|
||||
static const unsigned char base64_dec_map[128] =
|
||||
{
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
|
||||
54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
|
||||
127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
|
||||
5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
|
||||
15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
|
||||
25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
|
||||
29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
|
||||
39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
|
||||
49, 50, 51, 127, 127, 127, 127, 127
|
||||
};
|
||||
|
||||
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
|
||||
|
||||
/*
|
||||
* Constant flow conditional assignment to unsigned char
|
||||
/* Return 0xff if low <= c <= high, 0 otherwise.
|
||||
*
|
||||
* Constant flow with respect to c.
|
||||
*/
|
||||
static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
|
||||
unsigned char condition )
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
unsigned char mbedtls_base64_mask_of_range( unsigned char low,
|
||||
unsigned char high,
|
||||
unsigned char c )
|
||||
{
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
/* Generate bitmask from condition, mask will either be 0xFF or 0 */
|
||||
unsigned char mask = ( condition | -condition );
|
||||
mask >>= 7;
|
||||
mask = -mask;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
*dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
|
||||
/* low_mask is: 0 if low <= c, 0x...ff if low > c */
|
||||
unsigned low_mask = ( (unsigned) c - low ) >> 8;
|
||||
/* high_mask is: 0 if c <= high, 0x...ff if c > high */
|
||||
unsigned high_mask = ( (unsigned) high - c ) >> 8;
|
||||
return( ~( low_mask | high_mask ) & 0xff );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow conditional assignment to uint_32
|
||||
/* Given a value in the range 0..63, return the corresponding Base64 digit.
|
||||
* The implementation assumes that letters are consecutive (e.g. ASCII
|
||||
* but not EBCDIC).
|
||||
*/
|
||||
static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
|
||||
uint32_t condition )
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
unsigned char mbedtls_base64_enc_char( unsigned char val )
|
||||
{
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
/* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
|
||||
uint32_t mask = ( condition | -condition );
|
||||
mask >>= 31;
|
||||
mask = -mask;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
*dest = ( src & mask ) | ( ( *dest ) & ~mask );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow check for equality
|
||||
*/
|
||||
static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
|
||||
{
|
||||
size_t difference = in_a ^ in_b;
|
||||
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
difference |= -difference;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
/* cope with the varying size of size_t per platform */
|
||||
difference >>= ( sizeof( difference ) * 8 - 1 );
|
||||
|
||||
return (unsigned char) ( 1 ^ difference );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow lookup into table.
|
||||
*/
|
||||
static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
|
||||
const size_t table_size, const size_t table_index )
|
||||
{
|
||||
size_t i;
|
||||
unsigned char result = 0;
|
||||
|
||||
for( i = 0; i < table_size; ++i )
|
||||
{
|
||||
mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
|
||||
}
|
||||
|
||||
return result;
|
||||
unsigned char digit = 0;
|
||||
/* For each range of values, if val is in that range, mask digit with
|
||||
* the corresponding value. Since val can only be in a single range,
|
||||
* only at most one masking will change digit. */
|
||||
digit |= mbedtls_base64_mask_of_range( 0, 25, val ) & ( 'A' + val );
|
||||
digit |= mbedtls_base64_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
|
||||
digit |= mbedtls_base64_mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
|
||||
digit |= mbedtls_base64_mask_of_range( 62, 62, val ) & '+';
|
||||
digit |= mbedtls_base64_mask_of_range( 63, 63, val ) & '/';
|
||||
return( digit );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -198,17 +113,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
C2 = *src++;
|
||||
C3 = *src++;
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( C1 >> 2 ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( C3 & 0x3F ) );
|
||||
*p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
|
||||
*p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
|
||||
& 0x3F );
|
||||
*p++ = mbedtls_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
|
||||
& 0x3F );
|
||||
*p++ = mbedtls_base64_enc_char( C3 & 0x3F );
|
||||
}
|
||||
|
||||
if( i < slen )
|
||||
|
@ -216,15 +126,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
C1 = *src++;
|
||||
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( C1 >> 2 ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
|
||||
*p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
|
||||
*p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
|
||||
& 0x3F );
|
||||
|
||||
if( ( i + 1 ) < slen )
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
|
||||
*p++ = mbedtls_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
|
||||
else *p++ = '=';
|
||||
|
||||
*p++ = '=';
|
||||
|
@ -236,26 +143,58 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/* Given a Base64 digit, return its value.
|
||||
* If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
|
||||
* return -1.
|
||||
*
|
||||
* The implementation assumes that letters are consecutive (e.g. ASCII
|
||||
* but not EBCDIC).
|
||||
*
|
||||
* The implementation is constant-flow (no branch or memory access depending
|
||||
* on the value of c) unless the compiler inlines and optimizes a specific
|
||||
* access.
|
||||
*/
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
signed char mbedtls_base64_dec_value( unsigned char c )
|
||||
{
|
||||
unsigned char val = 0;
|
||||
/* For each range of digits, if c is in that range, mask val with
|
||||
* the corresponding value. Since c can only be in a single range,
|
||||
* only at most one masking will change val. Set val to one plus
|
||||
* the desired value so that it stays 0 if c is in none of the ranges. */
|
||||
val |= mbedtls_base64_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
|
||||
val |= mbedtls_base64_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
|
||||
val |= mbedtls_base64_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
|
||||
val |= mbedtls_base64_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
|
||||
val |= mbedtls_base64_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
|
||||
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
|
||||
* a digit with the value v. */
|
||||
return( val - 1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decode a base64-formatted buffer
|
||||
*/
|
||||
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
const unsigned char *src, size_t slen )
|
||||
{
|
||||
size_t i, n;
|
||||
uint32_t j, x;
|
||||
size_t i; /* index in source */
|
||||
size_t n; /* number of digits or trailing = in source */
|
||||
uint32_t x; /* value accumulator */
|
||||
unsigned accumulated_digits = 0;
|
||||
unsigned equals = 0;
|
||||
int spaces_present = 0;
|
||||
unsigned char *p;
|
||||
unsigned char dec_map_lookup;
|
||||
|
||||
/* First pass: check for validity and get output length */
|
||||
for( i = n = j = 0; i < slen; i++ )
|
||||
for( i = n = 0; i < slen; i++ )
|
||||
{
|
||||
/* Skip spaces before checking for EOL */
|
||||
x = 0;
|
||||
spaces_present = 0;
|
||||
while( i < slen && src[i] == ' ' )
|
||||
{
|
||||
++i;
|
||||
++x;
|
||||
spaces_present = 1;
|
||||
}
|
||||
|
||||
/* Spaces at end of buffer are OK */
|
||||
|
@ -270,20 +209,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
continue;
|
||||
|
||||
/* Space inside a line is an error */
|
||||
if( x != 0 )
|
||||
if( spaces_present )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( src[i] == '=' && ++j > 2 )
|
||||
if( src[i] > 127 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
|
||||
|
||||
if( src[i] > 127 || dec_map_lookup == 127 )
|
||||
if( src[i] == '=' )
|
||||
{
|
||||
if( ++equals > 2 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( dec_map_lookup < 64 && j != 0 )
|
||||
}
|
||||
else
|
||||
{
|
||||
if( equals != 0 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( mbedtls_base64_dec_value( src[i] ) < 0 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
}
|
||||
n++;
|
||||
}
|
||||
|
||||
|
@ -298,7 +241,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
* n = ( ( n * 6 ) + 7 ) >> 3;
|
||||
*/
|
||||
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
|
||||
n -= j;
|
||||
n -= equals;
|
||||
|
||||
if( dst == NULL || dlen < n )
|
||||
{
|
||||
|
@ -306,22 +249,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
|
||||
equals = 0;
|
||||
for( x = 0, p = dst; i > 0; i--, src++ )
|
||||
{
|
||||
if( *src == '\r' || *src == '\n' || *src == ' ' )
|
||||
continue;
|
||||
|
||||
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
|
||||
x = x << 6;
|
||||
if( *src == '=' )
|
||||
++equals;
|
||||
else
|
||||
x |= mbedtls_base64_dec_value( *src );
|
||||
|
||||
mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
|
||||
x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
|
||||
|
||||
if( ++n == 4 )
|
||||
if( ++accumulated_digits == 4 )
|
||||
{
|
||||
n = 0;
|
||||
if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
|
||||
if( j > 1 ) *p++ = (unsigned char)( x >> 8 );
|
||||
if( j > 2 ) *p++ = (unsigned char)( x );
|
||||
accumulated_digits = 0;
|
||||
*p++ = MBEDTLS_BYTE_2( x );
|
||||
if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
|
||||
if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
55
library/base64_invasive.h
Normal file
55
library/base64_invasive.h
Normal file
|
@ -0,0 +1,55 @@
|
|||
/**
|
||||
* \file base_invasive.h
|
||||
*
|
||||
* \brief Base64 module: interfaces for invasive testing only.
|
||||
*
|
||||
* The interfaces in this file are intended for testing purposes only.
|
||||
* They SHOULD NOT be made available in library integrations except when
|
||||
* building the library for testing.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef MBEDTLS_BASE64_INVASIVE_H
|
||||
#define MBEDTLS_BASE64_INVASIVE_H
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
/* Return 0xff if low <= c <= high, 0 otherwise.
|
||||
*
|
||||
* Constant flow with respect to c.
|
||||
*/
|
||||
unsigned char mbedtls_base64_mask_of_range( unsigned char low,
|
||||
unsigned char high,
|
||||
unsigned char c );
|
||||
|
||||
/* Given a value in the range 0..63, return the corresponding Base64 digit.
|
||||
*
|
||||
* Operates in constant time (no branches or memory access depending on val).
|
||||
*/
|
||||
unsigned char mbedtls_base64_enc_char( unsigned char val );
|
||||
|
||||
/* Given a Base64 digit, return its value.
|
||||
* If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
|
||||
* return -1.
|
||||
*
|
||||
* Operates in constant time (no branches or memory access depending on c).
|
||||
*/
|
||||
signed char mbedtls_base64_dec_value( unsigned char c );
|
||||
#endif /* MBEDTLS_TEST_HOOKS */
|
||||
|
||||
#endif /* MBEDTLS_BASE64_INVASIVE_H */
|
|
@ -225,8 +225,8 @@
|
|||
"addq $8, %%rdi\n"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
: "+c" (c), "+D" (d), "+S" (s) \
|
||||
: "b" (b) \
|
||||
: "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
|
||||
: "b" (b), "m" (*(const uint64_t (*)[16]) s) \
|
||||
: "rax", "rdx", "r8" \
|
||||
);
|
||||
|
||||
|
@ -240,8 +240,8 @@
|
|||
#define MULADDC_CORE \
|
||||
"ldr x4, [%2], #8 \n\t" \
|
||||
"ldr x5, [%1] \n\t" \
|
||||
"mul x6, x4, %3 \n\t" \
|
||||
"umulh x7, x4, %3 \n\t" \
|
||||
"mul x6, x4, %4 \n\t" \
|
||||
"umulh x7, x4, %4 \n\t" \
|
||||
"adds x5, x5, x6 \n\t" \
|
||||
"adc x7, x7, xzr \n\t" \
|
||||
"adds x5, x5, %0 \n\t" \
|
||||
|
@ -249,8 +249,8 @@
|
|||
"str x5, [%1], #8 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
: "+r" (c), "+r" (d), "+r" (s) \
|
||||
: "r" (b) \
|
||||
: "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \
|
||||
: "r" (b), "m" (*(const uint64_t (*)[16]) s) \
|
||||
: "x4", "x5", "x6", "x7", "cc" \
|
||||
);
|
||||
|
||||
|
|
|
@ -49,29 +49,6 @@
|
|||
#define CAMELLIA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char SIGMA_CHARS[6][8] =
|
||||
{
|
||||
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
|
||||
|
@ -301,14 +278,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
|
|||
I0 = x[0] ^ k[0];
|
||||
I1 = x[1] ^ k[1];
|
||||
|
||||
I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX4((I0 ) & 0xFF) );
|
||||
I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX1((I1 ) & 0xFF) );
|
||||
I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
|
||||
((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
|
||||
((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) |
|
||||
((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) );
|
||||
I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
|
||||
((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
|
||||
((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) |
|
||||
((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) );
|
||||
|
||||
I0 ^= (I1 << 8) | (I1 >> 24);
|
||||
I1 ^= (I0 << 16) | (I0 >> 16);
|
||||
|
@ -376,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
|||
* Prepare SIGMA values
|
||||
*/
|
||||
for( i = 0; i < 6; i++ ) {
|
||||
GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
|
||||
GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
|
||||
SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
|
||||
SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -388,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
|||
|
||||
/* Store KL, KR */
|
||||
for( i = 0; i < 8; i++ )
|
||||
GET_UINT32_BE( KC[i], t, i * 4 );
|
||||
KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
|
||||
|
||||
/* Generate KA */
|
||||
for( i = 0; i < 4; ++i )
|
||||
|
@ -514,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
NR = ctx->nr;
|
||||
RK = ctx->rk;
|
||||
|
||||
GET_UINT32_BE( X[0], input, 0 );
|
||||
GET_UINT32_BE( X[1], input, 4 );
|
||||
GET_UINT32_BE( X[2], input, 8 );
|
||||
GET_UINT32_BE( X[3], input, 12 );
|
||||
X[0] = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||
X[1] = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||
X[2] = MBEDTLS_GET_UINT32_BE( input, 8 );
|
||||
X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
|
||||
|
||||
X[0] ^= *RK++;
|
||||
X[1] ^= *RK++;
|
||||
|
@ -552,10 +529,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
|||
X[0] ^= *RK++;
|
||||
X[1] ^= *RK++;
|
||||
|
||||
PUT_UINT32_BE( X[2], output, 0 );
|
||||
PUT_UINT32_BE( X[3], output, 4 );
|
||||
PUT_UINT32_BE( X[0], output, 8 );
|
||||
PUT_UINT32_BE( X[1], output, 12 );
|
||||
MBEDTLS_PUT_UINT32_BE( X[2], output, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( X[3], output, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( X[0], output, 8 );
|
||||
MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
592
library/ccm.c
592
library/ccm.c
|
@ -36,31 +36,23 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
|
||||
#define CCM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
|
||||
#define CCM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
#define CCM_DECRYPT 1
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
CCM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
|
@ -72,9 +64,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( key != NULL );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
|
||||
MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
|
@ -108,82 +97,78 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
|
|||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Macros for common operations.
|
||||
* Results in smaller compiled code than static inline functions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Update the CBC-MAC state in y using a block in b
|
||||
* (Always using b as the source helps the compiler optimise a bit better.)
|
||||
*/
|
||||
#define UPDATE_CBC_MAC \
|
||||
for( i = 0; i < 16; i++ ) \
|
||||
y[i] ^= b[i]; \
|
||||
\
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
|
||||
return( ret );
|
||||
#define CCM_STATE__CLEAR 0
|
||||
#define CCM_STATE__STARTED (1 << 0)
|
||||
#define CCM_STATE__LENGHTS_SET (1 << 1)
|
||||
#define CCM_STATE__AUTH_DATA_STARTED (1 << 2)
|
||||
#define CCM_STATE__AUTH_DATA_FINISHED (1 << 3)
|
||||
#define CCM_STATE__ERROR (1 << 4)
|
||||
|
||||
/*
|
||||
* Encrypt or decrypt a partial block with CTR
|
||||
* Warning: using b for temporary storage! src and dst must not be b!
|
||||
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
|
||||
*/
|
||||
#define CTR_CRYPT( dst, src, len ) \
|
||||
do \
|
||||
{ \
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
|
||||
16, b, &olen ) ) != 0 ) \
|
||||
{ \
|
||||
return( ret ); \
|
||||
} \
|
||||
\
|
||||
for( i = 0; i < (len); i++ ) \
|
||||
(dst)[i] = (src)[i] ^ b[i]; \
|
||||
} while( 0 )
|
||||
static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
|
||||
size_t offset, size_t use_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
size_t i;
|
||||
size_t olen = 0;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char tmp_buf[16] = {0};
|
||||
|
||||
/*
|
||||
* Authenticated encryption or decryption
|
||||
*/
|
||||
static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
|
||||
&olen ) ) != 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
for( i = 0; i < use_len; i++ )
|
||||
output[i] = input[i] ^ tmp_buf[offset + i];
|
||||
|
||||
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
|
||||
ctx->state = CCM_STATE__CLEAR;
|
||||
memset( ctx->y, 0, 16);
|
||||
memset( ctx->ctr, 0, 16);
|
||||
}
|
||||
|
||||
static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char i;
|
||||
unsigned char q;
|
||||
size_t len_left, olen;
|
||||
unsigned char b[16];
|
||||
unsigned char y[16];
|
||||
unsigned char ctr[16];
|
||||
const unsigned char *src;
|
||||
unsigned char *dst;
|
||||
|
||||
/*
|
||||
* Check length requirements: SP800-38C A.1
|
||||
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
|
||||
* 'length' checked later (when writing it to the first block)
|
||||
*
|
||||
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
|
||||
/* length calulcation can be done only after both
|
||||
* mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
|
||||
*/
|
||||
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
|
||||
return 0;
|
||||
|
||||
/* Also implies q is within bounds */
|
||||
if( iv_len < 7 || iv_len > 13 )
|
||||
/* CCM expects non-empty tag.
|
||||
* CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
|
||||
*/
|
||||
if( ctx->tag_len == 0 )
|
||||
{
|
||||
if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
|
||||
{
|
||||
ctx->plaintext_len = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( add_len >= 0xFF00 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
q = 16 - 1 - (unsigned char) iv_len;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* First block B_0:
|
||||
* First block:
|
||||
* 0 .. 0 flags
|
||||
* 1 .. iv_len nonce (aka iv)
|
||||
* 1 .. iv_len nonce (aka iv) - set by: mbedtls_ccm_starts()
|
||||
* iv_len+1 .. 15 length
|
||||
*
|
||||
* With flags as (bits):
|
||||
|
@ -192,57 +177,40 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
|||
* 5 .. 3 (t - 2) / 2
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
b[0] = 0;
|
||||
b[0] |= ( add_len > 0 ) << 6;
|
||||
b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
|
||||
b[0] |= q - 1;
|
||||
ctx->y[0] |= ( ctx->add_len > 0 ) << 6;
|
||||
ctx->y[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3;
|
||||
ctx->y[0] |= ctx->q - 1;
|
||||
|
||||
memcpy( b + 1, iv, iv_len );
|
||||
|
||||
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
|
||||
b[15-i] = (unsigned char)( len_left & 0xFF );
|
||||
for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
|
||||
ctx->y[15-i] = MBEDTLS_BYTE_0( len_left );
|
||||
|
||||
if( len_left > 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
}
|
||||
|
||||
/* Start CBC-MAC with first block*/
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
|
||||
int mode,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len )
|
||||
{
|
||||
/* Also implies q is within bounds */
|
||||
if( iv_len < 7 || iv_len > 13 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
|
||||
/* Start CBC-MAC with first block */
|
||||
memset( y, 0, 16 );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
/*
|
||||
* If there is additional data, update CBC-MAC with
|
||||
* add_len, add, 0 (padding to a block boundary)
|
||||
*/
|
||||
if( add_len > 0 )
|
||||
{
|
||||
size_t use_len;
|
||||
len_left = add_len;
|
||||
src = add;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
|
||||
b[1] = (unsigned char)( ( add_len ) & 0xFF );
|
||||
|
||||
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
|
||||
memcpy( b + 2, src, use_len );
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
use_len = len_left > 16 ? 16 : len_left;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
}
|
||||
}
|
||||
ctx->mode = mode;
|
||||
ctx->q = 16 - 1 - (unsigned char) iv_len;
|
||||
|
||||
/*
|
||||
* Prepare counter block for encryption:
|
||||
|
@ -254,62 +222,293 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
|||
* 7 .. 3 0
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
ctr[0] = q - 1;
|
||||
memcpy( ctr + 1, iv, iv_len );
|
||||
memset( ctr + 1 + iv_len, 0, q );
|
||||
ctr[15] = 1;
|
||||
memset( ctx->ctr, 0, 16);
|
||||
ctx->ctr[0] = ctx->q - 1;
|
||||
memcpy( ctx->ctr + 1, iv, iv_len );
|
||||
memset( ctx->ctr + 1 + iv_len, 0, ctx->q );
|
||||
ctx->ctr[15] = 1;
|
||||
|
||||
/*
|
||||
* Authenticate and {en,de}crypt the message.
|
||||
* See ccm_calculate_first_block_if_ready() for block layout description
|
||||
*/
|
||||
memcpy( ctx->y + 1, iv, iv_len );
|
||||
|
||||
ctx->state |= CCM_STATE__STARTED;
|
||||
return ccm_calculate_first_block_if_ready(ctx);
|
||||
}
|
||||
|
||||
int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
|
||||
size_t total_ad_len,
|
||||
size_t plaintext_len,
|
||||
size_t tag_len )
|
||||
{
|
||||
/*
|
||||
* Check length requirements: SP800-38C A.1
|
||||
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
|
||||
* 'length' checked later (when writing it to the first block)
|
||||
*
|
||||
* The only difference between encryption and decryption is
|
||||
* the respective order of authentication and {en,de}cryption.
|
||||
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
|
||||
*/
|
||||
len_left = length;
|
||||
src = input;
|
||||
dst = output;
|
||||
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
size_t use_len = len_left > 16 ? 16 : len_left;
|
||||
if( total_ad_len >= 0xFF00 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( mode == CCM_ENCRYPT )
|
||||
ctx->plaintext_len = plaintext_len;
|
||||
ctx->add_len = total_ad_len;
|
||||
ctx->tag_len = tag_len;
|
||||
ctx->processed = 0;
|
||||
|
||||
ctx->state |= CCM_STATE__LENGHTS_SET;
|
||||
return ccm_calculate_first_block_if_ready(ctx);
|
||||
}
|
||||
|
||||
int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
|
||||
const unsigned char *add,
|
||||
size_t add_len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char i;
|
||||
size_t olen, use_len, offset;
|
||||
|
||||
if( ctx->state & CCM_STATE__ERROR )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
CTR_CRYPT( dst, src, use_len );
|
||||
|
||||
if( mode == CCM_DECRYPT )
|
||||
if( add_len > 0 )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, dst, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
dst += use_len;
|
||||
src += use_len;
|
||||
len_left -= use_len;
|
||||
if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) )
|
||||
{
|
||||
if ( add_len > ctx->add_len )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
/*
|
||||
* Increment counter.
|
||||
* No need to check for overflow thanks to the length check above.
|
||||
ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
|
||||
ctx->y[1] ^= (unsigned char)( ( ctx->add_len ) & 0xFF );
|
||||
|
||||
ctx->state |= CCM_STATE__AUTH_DATA_STARTED;
|
||||
}
|
||||
else if ( ctx->processed + add_len > ctx->add_len )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
while( add_len > 0 )
|
||||
{
|
||||
offset = (ctx->processed + 2) % 16; /* account for y[0] and y[1]
|
||||
* holding total auth data length */
|
||||
use_len = 16 - offset;
|
||||
|
||||
if( use_len > add_len )
|
||||
use_len = add_len;
|
||||
|
||||
for( i = 0; i < use_len; i++ )
|
||||
ctx->y[i + offset] ^= add[i];
|
||||
|
||||
ctx->processed += use_len;
|
||||
add_len -= use_len;
|
||||
add += use_len;
|
||||
|
||||
if( use_len + offset == 16 || ctx->processed == ctx->add_len )
|
||||
{
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( ctx->processed == ctx->add_len )
|
||||
{
|
||||
ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
|
||||
ctx->processed = 0; // prepare for mbedtls_ccm_update()
|
||||
}
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
|
||||
const unsigned char *input, size_t input_len,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char i;
|
||||
size_t use_len, offset, olen;
|
||||
|
||||
unsigned char local_output[16];
|
||||
|
||||
if( ctx->state & CCM_STATE__ERROR )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
/* Check against plaintext length only if performing operation with
|
||||
* authentication
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
if( ++ctr[15-i] != 0 )
|
||||
if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
if( output_size < input_len )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
*output_len = input_len;
|
||||
|
||||
ret = 0;
|
||||
|
||||
while ( input_len > 0 )
|
||||
{
|
||||
offset = ctx->processed % 16;
|
||||
|
||||
use_len = 16 - offset;
|
||||
|
||||
if( use_len > input_len )
|
||||
use_len = input_len;
|
||||
|
||||
ctx->processed += use_len;
|
||||
|
||||
if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
|
||||
ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
|
||||
{
|
||||
for( i = 0; i < use_len; i++ )
|
||||
ctx->y[i + offset] ^= input[i];
|
||||
|
||||
if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
|
||||
{
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
|
||||
ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
|
||||
{
|
||||
/* Since output may be in shared memory, we cannot be sure that
|
||||
* it will contain what we wrote to it. Therefore, we should avoid using
|
||||
* it as input to any operations.
|
||||
* Write decrypted data to local_output to avoid using output variable as
|
||||
* input in the XOR operation for Y.
|
||||
*/
|
||||
ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < use_len; i++ )
|
||||
ctx->y[i + offset] ^= local_output[i];
|
||||
|
||||
memcpy( output, local_output, use_len );
|
||||
mbedtls_platform_zeroize( local_output, 16 );
|
||||
|
||||
if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
|
||||
{
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
|
||||
{
|
||||
ctx->state |= CCM_STATE__ERROR;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
|
||||
{
|
||||
for( i = 0; i < ctx->q; i++ )
|
||||
if( ++(ctx->ctr)[15-i] != 0 )
|
||||
break;
|
||||
}
|
||||
|
||||
input_len -= use_len;
|
||||
input += use_len;
|
||||
output += use_len;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( local_output, 16 );
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char i;
|
||||
|
||||
if( ctx->state & CCM_STATE__ERROR )
|
||||
{
|
||||
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
}
|
||||
|
||||
if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
|
||||
{
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
/*
|
||||
* Authentication: reset counter and crypt/mask internal tag
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
ctr[15-i] = 0;
|
||||
for( i = 0; i < ctx->q; i++ )
|
||||
ctx->ctr[15-i] = 0;
|
||||
|
||||
CTR_CRYPT( y, y, 16 );
|
||||
memcpy( tag, y, tag_len );
|
||||
ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y );
|
||||
if( ret != 0 )
|
||||
return ret;
|
||||
if( tag != NULL )
|
||||
memcpy( tag, ctx->y, tag_len );
|
||||
mbedtls_ccm_clear_state(ctx);
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated encryption or decryption
|
||||
*/
|
||||
static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t olen;
|
||||
|
||||
if( ( ret = mbedtls_ccm_starts( ctx, mode, iv, iv_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ccm_set_lengths( ctx, add_len, length, tag_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ccm_update_ad( ctx, add, add_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ccm_update( ctx, input, length,
|
||||
output, length, &olen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ccm_finish( ctx, tag, tag_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -323,13 +522,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
|
||||
return( ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
|
||||
add, add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
||||
|
@ -339,23 +532,31 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
|
||||
add_len, input, output, tag, tag_len ) );
|
||||
return( ccm_auth_crypt( ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
|
||||
add, add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated decryption
|
||||
*/
|
||||
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len)
|
||||
{
|
||||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for( diff = 0, i = 0; i < tag_len; i++ )
|
||||
diff |= tag1[i] ^ tag2[i];
|
||||
|
||||
if( diff != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int ccm_auth_decrypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
|
@ -363,54 +564,43 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char check_tag[16];
|
||||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
|
||||
if( ( ret = ccm_auth_crypt( ctx, mode, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, check_tag, tag_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for( diff = 0, i = 0; i < tag_len; i++ )
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
|
||||
if( diff != 0 )
|
||||
if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
|
||||
{
|
||||
mbedtls_platform_zeroize( output, length );
|
||||
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
return ccm_auth_decrypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, tag, tag_len );
|
||||
}
|
||||
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
|
||||
add_len, input, output, tag, tag_len ) );
|
||||
return ccm_auth_decrypt( ctx, MBEDTLS_CCM_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, tag, tag_len );
|
||||
}
|
||||
#endif /* !MBEDTLS_CCM_ALT */
|
||||
|
||||
|
|
|
@ -54,13 +54,6 @@
|
|||
#define CHACHA20_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
( (uint32_t) (data)[offset] \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
|
||||
)
|
||||
|
||||
#define ROTL32( value, amount ) \
|
||||
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
|
||||
|
||||
|
@ -171,10 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16],
|
|||
{
|
||||
size_t offset = i * 4U;
|
||||
|
||||
keystream[offset ] = (unsigned char)( working_state[i] );
|
||||
keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 );
|
||||
keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
|
||||
keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
|
||||
MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
|
||||
|
@ -212,14 +202,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
|||
ctx->state[3] = 0x6b206574;
|
||||
|
||||
/* Set key */
|
||||
ctx->state[4] = BYTES_TO_U32_LE( key, 0 );
|
||||
ctx->state[5] = BYTES_TO_U32_LE( key, 4 );
|
||||
ctx->state[6] = BYTES_TO_U32_LE( key, 8 );
|
||||
ctx->state[7] = BYTES_TO_U32_LE( key, 12 );
|
||||
ctx->state[8] = BYTES_TO_U32_LE( key, 16 );
|
||||
ctx->state[9] = BYTES_TO_U32_LE( key, 20 );
|
||||
ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
|
||||
ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
|
||||
ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 );
|
||||
ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 );
|
||||
ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 );
|
||||
ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 );
|
||||
ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 );
|
||||
ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||
ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
|
||||
ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -235,9 +225,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||
ctx->state[12] = counter;
|
||||
|
||||
/* Nonce */
|
||||
ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
|
||||
ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
|
||||
ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
|
||||
ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
|
||||
ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
|
||||
ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
|
||||
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
|
||||
|
|
|
@ -263,22 +263,8 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
|||
/* The lengths of the AAD and ciphertext are processed by
|
||||
* Poly1305 as the final 128-bit block, encoded as little-endian integers.
|
||||
*/
|
||||
len_block[ 0] = (unsigned char)( ctx->aad_len );
|
||||
len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 );
|
||||
len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
|
||||
len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
|
||||
len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
|
||||
len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
|
||||
len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
|
||||
len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
|
||||
len_block[ 8] = (unsigned char)( ctx->ciphertext_len );
|
||||
len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 );
|
||||
len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
|
||||
len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
|
||||
len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
|
||||
len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
|
||||
len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
|
||||
len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
|
||||
MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
|
||||
MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
|
||||
|
||||
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
|
||||
if( ret != 0 )
|
||||
|
|
|
@ -404,6 +404,31 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
|
||||
{
|
||||
int set_lengths_result;
|
||||
int ccm_star_mode;
|
||||
|
||||
set_lengths_result = mbedtls_ccm_set_lengths(
|
||||
(mbedtls_ccm_context *) ctx->cipher_ctx,
|
||||
0, 0, 0 );
|
||||
if( set_lengths_result != 0 )
|
||||
return set_lengths_result;
|
||||
|
||||
if( ctx->operation == MBEDTLS_DECRYPT )
|
||||
ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
|
||||
else if( ctx->operation == MBEDTLS_ENCRYPT )
|
||||
ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
|
||||
else
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
|
||||
return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
|
||||
ccm_star_mode,
|
||||
iv, iv_len ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( actual_iv_size != 0 )
|
||||
{
|
||||
memcpy( ctx->iv, iv, actual_iv_size );
|
||||
|
@ -540,6 +565,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
|
||||
{
|
||||
return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
|
||||
input, ilen,
|
||||
output, ilen, olen ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
|
||||
{
|
||||
|
@ -927,6 +961,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
|
||||
{
|
||||
|
@ -1246,9 +1281,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
|
||||
if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
|
||||
{
|
||||
status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
status = psa_cipher_update( &cipher_op,
|
||||
input, ilen,
|
||||
|
|
|
@ -639,6 +639,39 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
|
|||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
128,
|
||||
"AES-128-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
192,
|
||||
"AES-192-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
256,
|
||||
"AES-256-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
@ -1014,6 +1047,39 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
|
|||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t camellia_128_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
128,
|
||||
"CAMELLIA-128-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t camellia_192_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
192,
|
||||
"CAMELLIA-192-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t camellia_256_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
256,
|
||||
"CAMELLIA-256-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
@ -1390,6 +1456,39 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = {
|
|||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_128_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
128,
|
||||
"ARIA-128-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
192,
|
||||
"ARIA-192-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_ccm_star_no_tag_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG,
|
||||
256,
|
||||
"ARIA-256-CCM*-NO-TAG",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
@ -2055,6 +2154,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
|
|||
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
|
||||
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
|
||||
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
|
||||
{ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info },
|
||||
#endif
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -2086,6 +2188,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
|
|||
{ MBEDTLS_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
|
||||
{ MBEDTLS_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
|
||||
{ MBEDTLS_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
|
||||
{ MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, &camellia_128_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, &camellia_192_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, &camellia_256_ccm_star_no_tag_info },
|
||||
#endif
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
|
@ -2117,6 +2222,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
|
|||
{ MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, &aria_128_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, &aria_192_ccm_star_no_tag_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, &aria_256_ccm_star_no_tag_info },
|
||||
#endif
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
||||
|
|
332
library/common.h
332
library/common.h
|
@ -25,6 +25,8 @@
|
|||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/** Helper to define a function as static except when building invasive tests.
|
||||
*
|
||||
* If a function is only used inside its own source file and should be
|
||||
|
@ -66,4 +68,334 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
|
|||
*/
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
/** Byte Reading Macros
|
||||
*
|
||||
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
|
||||
* byte from x, where byte 0 is the least significant byte.
|
||||
*/
|
||||
#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
|
||||
#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
|
||||
|
||||
/**
|
||||
* Get the unsigned 32 bits integer corresponding to four bytes in
|
||||
* big-endian order (MSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the four bytes from.
|
||||
* \param offset Offset from \p data of the first and most significant
|
||||
* byte of the four bytes to build the 32 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT32_BE
|
||||
#define MBEDTLS_GET_UINT32_BE( data , offset ) \
|
||||
( \
|
||||
( (uint32_t) ( data )[( offset ) ] << 24 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 3] ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 32 bits unsigned integer in big-endian order.
|
||||
*
|
||||
* \param n 32 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 32
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the most significant
|
||||
* byte of the 32 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT32_BE
|
||||
#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 32 bits integer corresponding to four bytes in
|
||||
* little-endian order (LSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the four bytes from.
|
||||
* \param offset Offset from \p data of the first and least significant
|
||||
* byte of the four bytes to build the 32 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT32_LE
|
||||
#define MBEDTLS_GET_UINT32_LE( data, offset ) \
|
||||
( \
|
||||
( (uint32_t) ( data )[( offset ) ] ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 32 bits unsigned integer in little-endian order.
|
||||
*
|
||||
* \param n 32 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 32
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the least significant
|
||||
* byte of the 32 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT32_LE
|
||||
#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
|
||||
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 16 bits integer corresponding to two bytes in
|
||||
* little-endian order (LSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the two bytes from.
|
||||
* \param offset Offset from \p data of the first and least significant
|
||||
* byte of the two bytes to build the 16 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT16_LE
|
||||
#define MBEDTLS_GET_UINT16_LE( data, offset ) \
|
||||
( \
|
||||
( (uint16_t) ( data )[( offset ) ] ) \
|
||||
| ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 16 bits unsigned integer in little-endian order.
|
||||
*
|
||||
* \param n 16 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 16
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the least significant
|
||||
* byte of the 16 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT16_LE
|
||||
#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 16 bits integer corresponding to two bytes in
|
||||
* big-endian order (MSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the two bytes from.
|
||||
* \param offset Offset from \p data of the first and most significant
|
||||
* byte of the two bytes to build the 16 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT16_BE
|
||||
#define MBEDTLS_GET_UINT16_BE( data, offset ) \
|
||||
( \
|
||||
( (uint16_t) ( data )[( offset ) ] << 8 ) \
|
||||
| ( (uint16_t) ( data )[( offset ) + 1] ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 16 bits unsigned integer in big-endian order.
|
||||
*
|
||||
* \param n 16 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 16
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the most significant
|
||||
* byte of the 16 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT16_BE
|
||||
#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 24 bits integer corresponding to three bytes in
|
||||
* big-endian order (MSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the three bytes from.
|
||||
* \param offset Offset from \p data of the first and most significant
|
||||
* byte of the three bytes to build the 24 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT24_BE
|
||||
#define MBEDTLS_GET_UINT24_BE( data , offset ) \
|
||||
( \
|
||||
( (uint32_t) ( data )[( offset ) ] << 16 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 2] ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 24 bits unsigned integer in big-endian order.
|
||||
*
|
||||
* \param n 24 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 24
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the most significant
|
||||
* byte of the 24 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT24_BE
|
||||
#define MBEDTLS_PUT_UINT24_BE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_2( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_0( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 24 bits integer corresponding to three bytes in
|
||||
* little-endian order (LSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the three bytes from.
|
||||
* \param offset Offset from \p data of the first and least significant
|
||||
* byte of the three bytes to build the 24 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT24_LE
|
||||
#define MBEDTLS_GET_UINT24_LE( data, offset ) \
|
||||
( \
|
||||
( (uint32_t) ( data )[( offset ) ] ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
|
||||
| ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 24 bits unsigned integer in little-endian order.
|
||||
*
|
||||
* \param n 24 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 24
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the least significant
|
||||
* byte of the 24 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT24_LE
|
||||
#define MBEDTLS_PUT_UINT24_LE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 64 bits integer corresponding to eight bytes in
|
||||
* big-endian order (MSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the eight bytes from.
|
||||
* \param offset Offset from \p data of the first and most significant
|
||||
* byte of the eight bytes to build the 64 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT64_BE
|
||||
#define MBEDTLS_GET_UINT64_BE( data, offset ) \
|
||||
( \
|
||||
( (uint64_t) ( data )[( offset ) ] << 56 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 7] ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 64 bits unsigned integer in big-endian order.
|
||||
*
|
||||
* \param n 64 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 64
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the most significant
|
||||
* byte of the 64 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT64_BE
|
||||
#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \
|
||||
( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \
|
||||
( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \
|
||||
( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \
|
||||
( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Get the unsigned 64 bits integer corresponding to eight bytes in
|
||||
* little-endian order (LSB first).
|
||||
*
|
||||
* \param data Base address of the memory to get the eight bytes from.
|
||||
* \param offset Offset from \p data of the first and least significant
|
||||
* byte of the eight bytes to build the 64 bits unsigned
|
||||
* integer from.
|
||||
*/
|
||||
#ifndef MBEDTLS_GET_UINT64_LE
|
||||
#define MBEDTLS_GET_UINT64_LE( data, offset ) \
|
||||
( \
|
||||
( (uint64_t) ( data )[( offset ) + 7] << 56 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \
|
||||
| ( (uint64_t) ( data )[( offset ) ] ) \
|
||||
)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Put in memory a 64 bits unsigned integer in little-endian order.
|
||||
*
|
||||
* \param n 64 bits unsigned integer to put in memory.
|
||||
* \param data Base address of the memory where to put the 64
|
||||
* bits unsigned integer in.
|
||||
* \param offset Offset from \p data where to put the least significant
|
||||
* byte of the 64 bits unsigned integer \p n.
|
||||
*/
|
||||
#ifndef MBEDTLS_PUT_UINT64_LE
|
||||
#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \
|
||||
{ \
|
||||
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
|
||||
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
|
||||
( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \
|
||||
( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \
|
||||
( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \
|
||||
( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Fix MSVC C99 compatible issue
|
||||
* MSVC support __func__ from visual studio 2015( 1900 )
|
||||
* Use MSVC predefine macro to avoid name check fail.
|
||||
*/
|
||||
#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
|
||||
#define /*no-check-names*/ __func__ __FUNCTION__
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_LIBRARY_COMMON_H */
|
||||
|
|
|
@ -152,11 +152,8 @@ static int block_cipher_df( unsigned char *output,
|
|||
* (Total is padded to a multiple of 16-bytes with zeroes)
|
||||
*/
|
||||
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
*p++ = ( data_len >> 24 ) & 0xff;
|
||||
*p++ = ( data_len >> 16 ) & 0xff;
|
||||
*p++ = ( data_len >> 8 ) & 0xff;
|
||||
*p++ = ( data_len ) & 0xff;
|
||||
p += 3;
|
||||
MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
|
||||
p += 4 + 3;
|
||||
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
|
||||
memcpy( p, data, data_len );
|
||||
p[data_len] = 0x80;
|
||||
|
|
118
library/des.c
118
library/des.c
|
@ -28,6 +28,7 @@
|
|||
#if defined(MBEDTLS_DES_C)
|
||||
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
@ -43,29 +44,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Expanded DES S-boxes
|
||||
*/
|
||||
|
@ -423,8 +401,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
|
|||
int i;
|
||||
uint32_t X, Y, T;
|
||||
|
||||
GET_UINT32_BE( X, key, 0 );
|
||||
GET_UINT32_BE( Y, key, 4 );
|
||||
X = MBEDTLS_GET_UINT32_BE( key, 0 );
|
||||
Y = MBEDTLS_GET_UINT32_BE( key, 4 );
|
||||
|
||||
/*
|
||||
* Permuted Choice 1
|
||||
|
@ -633,8 +611,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|||
|
||||
SK = ctx->sk;
|
||||
|
||||
GET_UINT32_BE( X, input, 0 );
|
||||
GET_UINT32_BE( Y, input, 4 );
|
||||
X = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||
Y = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||
|
||||
DES_IP( X, Y );
|
||||
|
||||
|
@ -646,8 +624,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|||
|
||||
DES_FP( Y, X );
|
||||
|
||||
PUT_UINT32_BE( Y, output, 0 );
|
||||
PUT_UINT32_BE( X, output, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( X, output, 4 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -665,6 +643,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char temp[8];
|
||||
|
||||
if( length % 8 )
|
||||
|
@ -677,7 +656,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|||
for( i = 0; i < 8; i++ )
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
mbedtls_des_crypt_ecb( ctx, output, output );
|
||||
ret = mbedtls_des_crypt_ecb( ctx, output, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
memcpy( iv, output, 8 );
|
||||
|
||||
input += 8;
|
||||
|
@ -690,7 +671,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|||
while( length > 0 )
|
||||
{
|
||||
memcpy( temp, input, 8 );
|
||||
mbedtls_des_crypt_ecb( ctx, input, output );
|
||||
ret = mbedtls_des_crypt_ecb( ctx, input, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < 8; i++ )
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
|
@ -702,8 +685,10 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|||
length -= 8;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
|
@ -720,8 +705,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
|||
|
||||
SK = ctx->sk;
|
||||
|
||||
GET_UINT32_BE( X, input, 0 );
|
||||
GET_UINT32_BE( Y, input, 4 );
|
||||
X = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||
Y = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||
|
||||
DES_IP( X, Y );
|
||||
|
||||
|
@ -745,8 +730,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
|||
|
||||
DES_FP( Y, X );
|
||||
|
||||
PUT_UINT32_BE( Y, output, 0 );
|
||||
PUT_UINT32_BE( X, output, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( X, output, 4 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -764,6 +749,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char temp[8];
|
||||
|
||||
if( length % 8 )
|
||||
|
@ -776,7 +762,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
for( i = 0; i < 8; i++ )
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
mbedtls_des3_crypt_ecb( ctx, output, output );
|
||||
ret = mbedtls_des3_crypt_ecb( ctx, output, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
memcpy( iv, output, 8 );
|
||||
|
||||
input += 8;
|
||||
|
@ -789,7 +777,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
while( length > 0 )
|
||||
{
|
||||
memcpy( temp, input, 8 );
|
||||
mbedtls_des3_crypt_ecb( ctx, input, output );
|
||||
ret = mbedtls_des3_crypt_ecb( ctx, input, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < 8; i++ )
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
|
@ -801,8 +791,10 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
length -= 8;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
|
@ -895,39 +887,43 @@ int mbedtls_des_self_test( int verbose )
|
|||
switch( i )
|
||||
{
|
||||
case 0:
|
||||
mbedtls_des_setkey_dec( &ctx, des3_test_keys );
|
||||
ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 1:
|
||||
mbedtls_des_setkey_enc( &ctx, des3_test_keys );
|
||||
ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 2:
|
||||
mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 3:
|
||||
mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 4:
|
||||
mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 5:
|
||||
mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
default:
|
||||
return( 1 );
|
||||
}
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( j = 0; j < 100; j++ )
|
||||
{
|
||||
if( u == 0 )
|
||||
mbedtls_des_crypt_ecb( &ctx, buf, buf );
|
||||
ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
|
||||
else
|
||||
mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
|
||||
ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( v == MBEDTLS_DES_DECRYPT &&
|
||||
|
@ -970,41 +966,45 @@ int mbedtls_des_self_test( int verbose )
|
|||
switch( i )
|
||||
{
|
||||
case 0:
|
||||
mbedtls_des_setkey_dec( &ctx, des3_test_keys );
|
||||
ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 1:
|
||||
mbedtls_des_setkey_enc( &ctx, des3_test_keys );
|
||||
ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 2:
|
||||
mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 3:
|
||||
mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 4:
|
||||
mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
case 5:
|
||||
mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
|
||||
ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
|
||||
break;
|
||||
|
||||
default:
|
||||
return( 1 );
|
||||
}
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( v == MBEDTLS_DES_DECRYPT )
|
||||
{
|
||||
for( j = 0; j < 100; j++ )
|
||||
{
|
||||
if( u == 0 )
|
||||
mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
|
||||
ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
|
||||
else
|
||||
mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
|
||||
ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -1014,9 +1014,11 @@ int mbedtls_des_self_test( int verbose )
|
|||
unsigned char tmp[8];
|
||||
|
||||
if( u == 0 )
|
||||
mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
|
||||
ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
|
||||
else
|
||||
mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
|
||||
ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
memcpy( tmp, prv, 8 );
|
||||
memcpy( prv, buf, 8 );
|
||||
|
@ -1050,6 +1052,8 @@ exit:
|
|||
mbedtls_des_free( &ctx );
|
||||
mbedtls_des3_free( &ctx3 );
|
||||
|
||||
if( ret != 0 )
|
||||
ret = 1;
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -270,8 +270,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
|
||||
p + 2, \
|
||||
( n ) ) ); \
|
||||
*p++ = (unsigned char)( ( n ) >> 8 ); \
|
||||
*p++ = (unsigned char)( ( n ) ); \
|
||||
*p++ = MBEDTLS_BYTE_1( n ); \
|
||||
*p++ = MBEDTLS_BYTE_0( n ); \
|
||||
p += ( n ); \
|
||||
} while( 0 )
|
||||
|
||||
|
|
136
library/ecdh.c
136
library/ecdh.c
|
@ -32,6 +32,8 @@
|
|||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
#include "ecdh_misc.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
|
@ -726,4 +728,138 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
|
||||
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, int point_format, unsigned char *buf, size_t blen,
|
||||
int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
|
||||
olen, buf, blen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int ( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ctx-> restart_enabled )
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format,
|
||||
buf, blen, f_rng, p_rng ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
case MBEDTLS_ECDH_VARIANT_EVEREST:
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
|
||||
ctx->point_format, buf, blen,
|
||||
f_rng, p_rng ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup context without Everest
|
||||
*/
|
||||
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
|
||||
mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_setup_internal( ctx, grp_id ) );
|
||||
#else
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
ctx->grp_id = grp_id;
|
||||
ecdh_init_internal( &ctx->ctx.mbed_ecdh );
|
||||
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *p = buf;
|
||||
size_t data_len;
|
||||
|
||||
if( buf_len < 3 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
p += 2;
|
||||
|
||||
if( data_len < 1 || data_len != ( buf_len - 2 ) )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
|
||||
&ctx->Qp, p, data_len ) ) != 0)
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse and import the client's TLS 1.3 public value
|
||||
*/
|
||||
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
case MBEDTLS_ECDH_VARIANT_EVEREST:
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
|
||||
buf, buf_len ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
|
57
library/ecdh_misc.h
Normal file
57
library/ecdh_misc.h
Normal file
|
@ -0,0 +1,57 @@
|
|||
/**
|
||||
* \file ecdh_misc.h
|
||||
*
|
||||
* \brief Internal functions shared by the ECDH module
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 ( the "License" ); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#if !defined(MBEDTLS_ECDH_MISC_H)
|
||||
#define MBEDTLS_ECDH_MISC_H
|
||||
|
||||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
|
||||
/*
|
||||
* Setup context without Everest
|
||||
*/
|
||||
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
|
||||
mbedtls_ecp_group_id grp_id );
|
||||
|
||||
/*
|
||||
* TLS 1.3 version of mbedtls_ecdh_make_params
|
||||
*/
|
||||
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t buf_len,
|
||||
int ( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng );
|
||||
|
||||
/*
|
||||
* TLS 1.3 version of mbedtls_ecdh_read_public
|
||||
*/
|
||||
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#endif /* !MBEDTLS_ECDH_MISC_H */
|
|
@ -180,10 +180,7 @@ static int ecjpake_write_len_point( unsigned char **p,
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
(*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );
|
||||
(*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
|
||||
(*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF );
|
||||
(*p)[3] = (unsigned char)( ( len ) & 0xFF );
|
||||
MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
|
||||
|
||||
*p += 4 + len;
|
||||
|
||||
|
@ -223,10 +220,8 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
|
|||
if( end - p < 4 )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
||||
*p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( id_len ) & 0xFF );
|
||||
MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
|
||||
p += 4;
|
||||
|
||||
if( end < p || (size_t)( end - p ) < id_len )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
@ -366,7 +361,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
*(*p)++ = (unsigned char)( len & 0xFF );
|
||||
*(*p)++ = MBEDTLS_BYTE_0( len );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
|
||||
*p += len;
|
||||
|
||||
|
|
|
@ -1012,8 +1012,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
|||
/*
|
||||
* Next two bytes are the namedcurve value
|
||||
*/
|
||||
buf[0] = curve_info->tls_id >> 8;
|
||||
buf[1] = curve_info->tls_id & 0xFF;
|
||||
MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -58,29 +58,6 @@
|
|||
#define GCM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Initialize a context
|
||||
*/
|
||||
|
@ -111,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
|
|||
return( ret );
|
||||
|
||||
/* pack h as two 64-bits ints, big-endian */
|
||||
GET_UINT32_BE( hi, h, 0 );
|
||||
GET_UINT32_BE( lo, h, 4 );
|
||||
hi = MBEDTLS_GET_UINT32_BE( h, 0 );
|
||||
lo = MBEDTLS_GET_UINT32_BE( h, 4 );
|
||||
vh = (uint64_t) hi << 32 | lo;
|
||||
|
||||
GET_UINT32_BE( hi, h, 8 );
|
||||
GET_UINT32_BE( lo, h, 12 );
|
||||
hi = MBEDTLS_GET_UINT32_BE( h, 8 );
|
||||
lo = MBEDTLS_GET_UINT32_BE( h, 12 );
|
||||
vl = (uint64_t) hi << 32 | lo;
|
||||
|
||||
/* 8 = 1000 corresponds to 1 in GF(2^128) */
|
||||
|
@ -223,10 +200,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
|
|||
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
|
||||
unsigned char h[16];
|
||||
|
||||
PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
|
||||
PUT_UINT32_BE( ctx->HH[8], h, 4 );
|
||||
PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
|
||||
PUT_UINT32_BE( ctx->HL[8], h, 12 );
|
||||
MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
|
||||
MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 );
|
||||
|
||||
mbedtls_aesni_gcm_mult( output, x, h );
|
||||
return;
|
||||
|
@ -262,10 +239,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
|
|||
zl ^= ctx->HL[hi];
|
||||
}
|
||||
|
||||
PUT_UINT32_BE( zh >> 32, output, 0 );
|
||||
PUT_UINT32_BE( zh, output, 4 );
|
||||
PUT_UINT32_BE( zl >> 32, output, 8 );
|
||||
PUT_UINT32_BE( zl, output, 12 );
|
||||
MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
|
||||
MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
|
||||
}
|
||||
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
|
@ -277,6 +254,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
size_t i;
|
||||
const unsigned char *p;
|
||||
size_t use_len, olen = 0;
|
||||
uint64_t iv_bits;
|
||||
|
||||
GCM_VALIDATE_RET( ctx != NULL );
|
||||
GCM_VALIDATE_RET( iv != NULL );
|
||||
|
@ -301,7 +279,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
else
|
||||
{
|
||||
memset( work_buf, 0x00, 16 );
|
||||
PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
|
||||
iv_bits = (uint64_t)iv_len * 8;
|
||||
MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 );
|
||||
|
||||
p = iv;
|
||||
while( iv_len > 0 )
|
||||
|
@ -454,7 +433,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
unsigned char ectr[16];
|
||||
|
||||
if( output_size < input_length )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
|
||||
GCM_VALIDATE_RET( output_length != NULL );
|
||||
*output_length = input_length;
|
||||
|
||||
|
@ -569,10 +548,10 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||
{
|
||||
memset( work_buf, 0x00, 16 );
|
||||
|
||||
PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
|
||||
PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
|
||||
PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
|
||||
PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
|
||||
MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
|
||||
MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
|
||||
MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
|
||||
MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
|
||||
|
||||
for( i = 0; i < 16; i++ )
|
||||
ctx->buf[i] ^= work_buf[i];
|
||||
|
|
|
@ -43,29 +43,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_LE
|
||||
#define GET_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_LE
|
||||
#define PUT_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_md5_init( mbedtls_md5_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_md5_context ) );
|
||||
|
@ -110,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
|||
uint32_t X[16], A, B, C, D;
|
||||
} local;
|
||||
|
||||
GET_UINT32_LE( local.X[ 0], data, 0 );
|
||||
GET_UINT32_LE( local.X[ 1], data, 4 );
|
||||
GET_UINT32_LE( local.X[ 2], data, 8 );
|
||||
GET_UINT32_LE( local.X[ 3], data, 12 );
|
||||
GET_UINT32_LE( local.X[ 4], data, 16 );
|
||||
GET_UINT32_LE( local.X[ 5], data, 20 );
|
||||
GET_UINT32_LE( local.X[ 6], data, 24 );
|
||||
GET_UINT32_LE( local.X[ 7], data, 28 );
|
||||
GET_UINT32_LE( local.X[ 8], data, 32 );
|
||||
GET_UINT32_LE( local.X[ 9], data, 36 );
|
||||
GET_UINT32_LE( local.X[10], data, 40 );
|
||||
GET_UINT32_LE( local.X[11], data, 44 );
|
||||
GET_UINT32_LE( local.X[12], data, 48 );
|
||||
GET_UINT32_LE( local.X[13], data, 52 );
|
||||
GET_UINT32_LE( local.X[14], data, 56 );
|
||||
GET_UINT32_LE( local.X[15], data, 60 );
|
||||
local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
|
||||
local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
|
||||
local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
|
||||
local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
|
||||
local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
|
||||
local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
|
||||
local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
|
||||
local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
|
||||
local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
|
||||
local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
|
||||
local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
|
||||
local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
|
||||
local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
|
||||
local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
|
||||
local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
|
||||
local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
|
||||
|
||||
#define S(x,n) \
|
||||
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
|
||||
|
@ -330,8 +307,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
|||
| ( ctx->total[1] << 3 );
|
||||
low = ( ctx->total[0] << 3 );
|
||||
|
||||
PUT_UINT32_LE( low, ctx->buffer, 56 );
|
||||
PUT_UINT32_LE( high, ctx->buffer, 60 );
|
||||
MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 );
|
||||
MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
|
||||
|
||||
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -339,10 +316,10 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
|||
/*
|
||||
* Output final state
|
||||
*/
|
||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||
MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||
MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||
MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -58,26 +58,6 @@ static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
|
|||
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
||||
static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
|
||||
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
do { \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
} while( 0 )
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
do { \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
} while( 0 )
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
|
@ -224,7 +204,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
|
|||
}
|
||||
|
||||
memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
|
||||
PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
|
||||
MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
|
||||
KW_SEMIBLOCK_LENGTH / 2 );
|
||||
|
||||
memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
|
||||
|
@ -455,7 +435,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
|
|||
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
|
||||
}
|
||||
|
||||
GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
|
||||
Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
|
||||
|
||||
/*
|
||||
* Plen is the length of the plaintext, when the input is valid.
|
||||
|
|
|
@ -285,8 +285,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
|||
for( i = v; i > 0; i-- )
|
||||
{
|
||||
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = (unsigned char) (j >> 8);
|
||||
salt_block[i - 1] = j & 0xFF;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
salt_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
}
|
||||
|
||||
// pwd_block += B
|
||||
|
@ -294,8 +294,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
|||
for( i = v; i > 0; i-- )
|
||||
{
|
||||
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = (unsigned char) (j >> 8);
|
||||
pwd_block[i - 1] = j & 0xFF;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1370,8 +1370,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
}
|
||||
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
||||
|
||||
if( ( ret = pk_parse_key_pkcs8_unencrypted_der(
|
||||
pk, key, keylen, f_rng, p_rng ) ) == 0 )
|
||||
ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen, f_rng, p_rng );
|
||||
if( ret == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -52,13 +52,6 @@
|
|||
|
||||
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
( (uint32_t) (data)[offset] \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
|
||||
)
|
||||
|
||||
/*
|
||||
* Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
|
||||
* However we provided an alternative for platforms without such a multiplier.
|
||||
|
@ -129,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
|
|||
for( i = 0U; i < nblocks; i++ )
|
||||
{
|
||||
/* The input block is treated as a 128-bit little-endian integer */
|
||||
d0 = BYTES_TO_U32_LE( input, offset + 0 );
|
||||
d1 = BYTES_TO_U32_LE( input, offset + 4 );
|
||||
d2 = BYTES_TO_U32_LE( input, offset + 8 );
|
||||
d3 = BYTES_TO_U32_LE( input, offset + 12 );
|
||||
d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 );
|
||||
d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 );
|
||||
d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 );
|
||||
d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
|
||||
|
||||
/* Compute: acc += (padded) block as a 130-bit integer */
|
||||
d0 += (uint64_t) acc0;
|
||||
|
@ -257,22 +250,10 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
|
|||
acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
|
||||
|
||||
/* Compute MAC (128 least significant bits of the accumulator) */
|
||||
mac[ 0] = (unsigned char)( acc0 );
|
||||
mac[ 1] = (unsigned char)( acc0 >> 8 );
|
||||
mac[ 2] = (unsigned char)( acc0 >> 16 );
|
||||
mac[ 3] = (unsigned char)( acc0 >> 24 );
|
||||
mac[ 4] = (unsigned char)( acc1 );
|
||||
mac[ 5] = (unsigned char)( acc1 >> 8 );
|
||||
mac[ 6] = (unsigned char)( acc1 >> 16 );
|
||||
mac[ 7] = (unsigned char)( acc1 >> 24 );
|
||||
mac[ 8] = (unsigned char)( acc2 );
|
||||
mac[ 9] = (unsigned char)( acc2 >> 8 );
|
||||
mac[10] = (unsigned char)( acc2 >> 16 );
|
||||
mac[11] = (unsigned char)( acc2 >> 24 );
|
||||
mac[12] = (unsigned char)( acc3 );
|
||||
mac[13] = (unsigned char)( acc3 >> 8 );
|
||||
mac[14] = (unsigned char)( acc3 >> 16 );
|
||||
mac[15] = (unsigned char)( acc3 >> 24 );
|
||||
MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 );
|
||||
MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 );
|
||||
MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 );
|
||||
MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
|
||||
}
|
||||
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
|
||||
|
@ -297,15 +278,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
|||
POLY1305_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
|
||||
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU;
|
||||
ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU;
|
||||
ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU;
|
||||
ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
|
||||
ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU;
|
||||
ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU;
|
||||
ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU;
|
||||
ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
|
||||
|
||||
ctx->s[0] = BYTES_TO_U32_LE( key, 16 );
|
||||
ctx->s[1] = BYTES_TO_U32_LE( key, 20 );
|
||||
ctx->s[2] = BYTES_TO_U32_LE( key, 24 );
|
||||
ctx->s[3] = BYTES_TO_U32_LE( key, 28 );
|
||||
ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
|
||||
ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||
ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
|
||||
ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||
|
||||
/* Initial accumulator state */
|
||||
ctx->acc[0] = 0U;
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -25,58 +25,24 @@
|
|||
#include "psa_crypto_aead.h"
|
||||
#include "psa_crypto_core.h"
|
||||
|
||||
#include <string.h>
|
||||
#include "mbedtls/platform.h"
|
||||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/chachapoly.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
|
||||
typedef struct
|
||||
{
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
mbedtls_ccm_context ccm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
mbedtls_gcm_context gcm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
mbedtls_chachapoly_context chachapoly;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
} ctx;
|
||||
psa_algorithm_t core_alg;
|
||||
uint8_t tag_length;
|
||||
} aead_operation_t;
|
||||
|
||||
#define AEAD_OPERATION_INIT {{0}, 0, 0}
|
||||
|
||||
static void psa_aead_abort_internal( aead_operation_t *operation )
|
||||
{
|
||||
switch( operation->core_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_CCM:
|
||||
mbedtls_ccm_free( &operation->ctx.ccm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_GCM:
|
||||
mbedtls_gcm_free( &operation->ctx.gcm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_CHACHA20_POLY1305:
|
||||
mbedtls_chachapoly_free( &operation->ctx.chachapoly );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
}
|
||||
}
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
static psa_status_t psa_aead_setup(
|
||||
aead_operation_t *operation,
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -85,6 +51,8 @@ static psa_status_t psa_aead_setup(
|
|||
mbedtls_cipher_id_t cipher_id;
|
||||
size_t full_tag_length = 0;
|
||||
|
||||
( void ) key_buffer_size;
|
||||
|
||||
key_bits = attributes->core.bits;
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg,
|
||||
|
@ -97,7 +65,7 @@ static psa_status_t psa_aead_setup(
|
|||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_CCM;
|
||||
operation->alg = PSA_ALG_CCM;
|
||||
full_tag_length = 16;
|
||||
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
||||
* The call to mbedtls_ccm_encrypt_and_tag or
|
||||
|
@ -116,7 +84,7 @@ static psa_status_t psa_aead_setup(
|
|||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_GCM;
|
||||
operation->alg = PSA_ALG_GCM;
|
||||
full_tag_length = 16;
|
||||
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
||||
* The call to mbedtls_gcm_crypt_and_tag or
|
||||
|
@ -135,7 +103,7 @@ static psa_status_t psa_aead_setup(
|
|||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
|
||||
operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
|
||||
operation->alg = PSA_ALG_CHACHA20_POLY1305;
|
||||
full_tag_length = 16;
|
||||
/* We only support the default tag length. */
|
||||
if( alg != PSA_ALG_CHACHA20_POLY1305 )
|
||||
|
@ -159,7 +127,9 @@ static psa_status_t psa_aead_setup(
|
|||
> full_tag_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
|
||||
operation->key_type = psa_get_key_type( attributes );
|
||||
|
||||
operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type,
|
||||
key_bits,
|
||||
alg );
|
||||
|
||||
|
@ -176,11 +146,12 @@ psa_status_t mbedtls_psa_aead_encrypt(
|
|||
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
|
||||
uint8_t *tag;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer,
|
||||
key_buffer_size, alg );
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
|
@ -194,7 +165,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
|
|||
tag = ciphertext + plaintext_length;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
if( operation.alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
|
||||
|
@ -208,7 +179,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
|
|||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
if( operation.alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
|
||||
|
@ -222,9 +193,9 @@ psa_status_t mbedtls_psa_aead_encrypt(
|
|||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
if( operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
|
@ -250,7 +221,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
|
|||
*ciphertext_length = plaintext_length + operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
mbedtls_psa_aead_abort( &operation );
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
@ -286,11 +257,12 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
|
||||
const uint8_t *tag = NULL;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer,
|
||||
key_buffer_size, alg );
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
|
@ -301,7 +273,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
if( operation.alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
|
||||
|
@ -315,7 +287,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
if( operation.alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
|
||||
|
@ -329,9 +301,9 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
if( operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
|
@ -356,12 +328,314 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
mbedtls_psa_aead_abort( &operation );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Set the key and algorithm for a multipart authenticated encryption
|
||||
* operation. */
|
||||
psa_status_t mbedtls_psa_aead_encrypt_setup(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation->alg == PSA_ALG_CCM )
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
|
||||
status = psa_aead_setup( operation, attributes, key_buffer,
|
||||
key_buffer_size, alg );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->is_encrypt = 1;
|
||||
|
||||
return ( status );
|
||||
}
|
||||
|
||||
/* Set the key and algorithm for a multipart authenticated decryption
|
||||
* operation. */
|
||||
psa_status_t mbedtls_psa_aead_decrypt_setup(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation->alg == PSA_ALG_CCM )
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
|
||||
status = psa_aead_setup( operation, attributes, key_buffer,
|
||||
key_buffer_size, alg );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
operation->is_encrypt = 0;
|
||||
|
||||
return ( status );
|
||||
}
|
||||
|
||||
/* Set a nonce for the multipart AEAD operation*/
|
||||
psa_status_t mbedtls_psa_aead_set_nonce(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation->alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_starts( &operation->ctx.gcm,
|
||||
operation->is_encrypt ?
|
||||
MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
|
||||
nonce,
|
||||
nonce_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
/* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
|
||||
* allocate a buffer in the operation, copy the nonce to it and pad
|
||||
* it, so for now check the nonce is 12 bytes, as
|
||||
* mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
|
||||
* passed in buffer. */
|
||||
if( nonce_length != 12 )
|
||||
{
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
|
||||
nonce,
|
||||
operation->is_encrypt ?
|
||||
MBEDTLS_CHACHAPOLY_ENCRYPT :
|
||||
MBEDTLS_CHACHAPOLY_DECRYPT ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
( void ) nonce;
|
||||
|
||||
return ( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Declare the lengths of the message and additional data for AEAD. */
|
||||
psa_status_t mbedtls_psa_aead_set_lengths(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
size_t ad_length,
|
||||
size_t plaintext_length )
|
||||
{
|
||||
/* Nothing here yet, work is currently done in PSA Core, however support
|
||||
* for CCM will require this function. */
|
||||
( void ) operation;
|
||||
( void ) ad_length;
|
||||
( void ) plaintext_length;
|
||||
|
||||
return ( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/* Pass additional data to an active multipart AEAD operation. */
|
||||
psa_status_t mbedtls_psa_aead_update_ad(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation->alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly,
|
||||
input,
|
||||
input_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
( void ) operation;
|
||||
( void ) input;
|
||||
( void ) input_length;
|
||||
|
||||
return ( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
return ( status );
|
||||
}
|
||||
|
||||
/* Encrypt or decrypt a message fragment in an active multipart AEAD
|
||||
* operation.*/
|
||||
psa_status_t mbedtls_psa_aead_update(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length )
|
||||
{
|
||||
size_t update_output_length;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
update_output_length = input_length;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation->alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_update( &operation->ctx.gcm,
|
||||
input, input_length,
|
||||
output, output_size,
|
||||
&update_output_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( output_size < input_length )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_update( &operation->ctx.chachapoly,
|
||||
input_length,
|
||||
input,
|
||||
output ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
( void ) input;
|
||||
( void ) input_length;
|
||||
|
||||
return ( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*output_length = update_output_length;
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Finish encrypting a message in a multipart AEAD operation. */
|
||||
psa_status_t mbedtls_psa_aead_finish(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length,
|
||||
uint8_t *tag,
|
||||
size_t tag_size,
|
||||
size_t *tag_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
size_t finish_output_size = 0;
|
||||
|
||||
if( tag_size < operation->tag_length )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation->alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_finish( &operation->ctx.gcm,
|
||||
ciphertext, ciphertext_size, ciphertext_length,
|
||||
tag, operation->tag_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
/* Belt and braces. Although the above tag_size check should have
|
||||
* already done this, if we later start supporting smaller tag sizes
|
||||
* for chachapoly, then passing a tag buffer smaller than 16 into here
|
||||
* could cause a buffer overflow, so better safe than sorry. */
|
||||
if( tag_size < 16 )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
|
||||
tag ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
( void ) ciphertext;
|
||||
( void ) ciphertext_size;
|
||||
( void ) ciphertext_length;
|
||||
( void ) tag;
|
||||
( void ) tag_size;
|
||||
( void ) tag_length;
|
||||
|
||||
return ( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
/* This will be zero for all supported algorithms currently, but left
|
||||
* here for future support. */
|
||||
*ciphertext_length = finish_output_size;
|
||||
*tag_length = operation->tag_length;
|
||||
}
|
||||
|
||||
return ( status );
|
||||
}
|
||||
|
||||
/* Abort an AEAD operation */
|
||||
psa_status_t mbedtls_psa_aead_abort(
|
||||
mbedtls_psa_aead_operation_t *operation )
|
||||
{
|
||||
switch( operation->alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_CCM:
|
||||
mbedtls_ccm_free( &operation->ctx.ccm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_GCM:
|
||||
mbedtls_gcm_free( &operation->ctx.gcm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_CHACHA20_POLY1305:
|
||||
mbedtls_chachapoly_free( &operation->ctx.chachapoly );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
}
|
||||
|
||||
operation->is_encrypt = 0;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
|
|
|
@ -148,4 +148,364 @@ psa_status_t mbedtls_psa_aead_decrypt(
|
|||
const uint8_t *ciphertext, size_t ciphertext_length,
|
||||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
|
||||
|
||||
/** Set the key for a multipart authenticated encryption operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_encrypt_setup entry point. This function behaves as an
|
||||
* aead_encrypt_setup entry point as defined in the PSA driver interface
|
||||
* specification for transparent drivers.
|
||||
*
|
||||
* If an error occurs at any step after a call to
|
||||
* mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a
|
||||
* call to mbedtls_psa_aead_abort(). The PSA core may call
|
||||
* mbedtls_psa_aead_abort() at any time after the operation has been
|
||||
* initialized, and is required to when the operation is no longer needed.
|
||||
*
|
||||
* \param[in,out] operation The operation object to set up. It must have
|
||||
* been initialized as per the documentation for
|
||||
* #mbedtls_psa_aead_operation_t and not yet in
|
||||
* use.
|
||||
* \param[in] attributes The attributes of the key to use for the
|
||||
* operation.
|
||||
* \param[in] key_buffer The buffer containing the key context.
|
||||
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||
It must be consistent with the size in bits
|
||||
recorded in \p attributes.
|
||||
* \param alg The AEAD algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* An invalid block length was supplied.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p alg is not supported.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* Failed to allocate memory for key material
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_encrypt_setup(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
/** Set the key for a multipart authenticated decryption operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_decrypt_setup entry point. This function behaves as an
|
||||
* aead_decrypt_setup entry point as defined in the PSA driver interface
|
||||
* specification for transparent drivers.
|
||||
*
|
||||
* If an error occurs at any step after a call to
|
||||
* mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a
|
||||
* call to mbedtls_psa_aead_abort(). The PSA core may call
|
||||
* mbedtls_psa_aead_abort() at any time after the operation has been
|
||||
* initialized, and is required to when the operation is no longer needed.
|
||||
*
|
||||
* \param[in,out] operation The operation object to set up. It must have
|
||||
* been initialized as per the documentation for
|
||||
* #mbedtls_psa_aead_operation_t and not yet in
|
||||
* use.
|
||||
* \param[in] attributes The attributes of the key to use for the
|
||||
* operation.
|
||||
* \param[in] key_buffer The buffer containing the key context.
|
||||
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||
It must be consistent with the size in bits
|
||||
recorded in \p attributes.
|
||||
* \param alg The AEAD algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* An invalid block length was supplied.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p alg is not supported.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* Failed to allocate memory for key material
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_decrypt_setup(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
/** Set the nonce for an authenticated encryption or decryption operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver aead_set_nonce
|
||||
* entry point. This function behaves as an aead_set_nonce entry point as
|
||||
* defined in the PSA driver interface specification for transparent
|
||||
* drivers.
|
||||
*
|
||||
* This function sets the nonce for the authenticated
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* The PSA core calls mbedtls_psa_aead_encrypt_setup() or
|
||||
* mbedtls_psa_aead_decrypt_setup() before calling this function.
|
||||
*
|
||||
* If this function returns an error status, the PSA core will call
|
||||
* mbedtls_psa_aead_abort().
|
||||
*
|
||||
* \param[in,out] operation Active AEAD operation.
|
||||
* \param[in] nonce Buffer containing the nonce to use.
|
||||
* \param nonce_length Size of the nonce in bytes.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The size of \p nonce is not acceptable for the chosen algorithm.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* Algorithm previously set is not supported in this configuration of
|
||||
* the library.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_set_nonce(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length );
|
||||
|
||||
/** Declare the lengths of the message and additional data for AEAD.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver aead_set_lengths
|
||||
* entry point. This function behaves as an aead_set_lengths entry point
|
||||
* as defined in the PSA driver interface specification for transparent
|
||||
* drivers.
|
||||
*
|
||||
* The PSA core calls this function before calling mbedtls_psa_aead_update_ad()
|
||||
* or mbedtls_psa_aead_update() if the algorithm for the operation requires it.
|
||||
* If the algorithm does not require it, calling this function is optional, but
|
||||
* if this function is called then the implementation must enforce the lengths.
|
||||
*
|
||||
* The PSA core may call this function before or after setting the nonce with
|
||||
* mbedtls_psa_aead_set_nonce().
|
||||
*
|
||||
* - For #PSA_ALG_CCM, calling this function is required.
|
||||
* - For the other AEAD algorithms defined in this specification, calling
|
||||
* this function is not required.
|
||||
*
|
||||
* If this function returns an error status, the PSA core calls
|
||||
* mbedtls_psa_aead_abort().
|
||||
*
|
||||
* \param[in,out] operation Active AEAD operation.
|
||||
* \param ad_length Size of the non-encrypted additional
|
||||
* authenticated data in bytes.
|
||||
* \param plaintext_length Size of the plaintext to encrypt in bytes.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* At least one of the lengths is not acceptable for the chosen
|
||||
* algorithm.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* Algorithm previously set is not supported in this configuration of
|
||||
* the library.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_set_lengths(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
size_t ad_length,
|
||||
size_t plaintext_length );
|
||||
|
||||
/** Pass additional data to an active AEAD operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_update_ad entry point. This function behaves as an aead_update_ad
|
||||
* entry point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* Additional data is authenticated, but not encrypted.
|
||||
*
|
||||
* The PSA core can call this function multiple times to pass successive
|
||||
* fragments of the additional data. It will not call this function after
|
||||
* passing data to encrypt or decrypt with mbedtls_psa_aead_update().
|
||||
*
|
||||
* Before calling this function, the PSA core will:
|
||||
* 1. Call either mbedtls_psa_aead_encrypt_setup() or
|
||||
* mbedtls_psa_aead_decrypt_setup().
|
||||
* 2. Set the nonce with mbedtls_psa_aead_set_nonce().
|
||||
*
|
||||
* If this function returns an error status, the PSA core will call
|
||||
* mbedtls_psa_aead_abort().
|
||||
*
|
||||
* \param[in,out] operation Active AEAD operation.
|
||||
* \param[in] input Buffer containing the fragment of
|
||||
* additional data.
|
||||
* \param input_length Size of the \p input buffer in bytes.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* Algorithm previously set is not supported in this configuration of
|
||||
* the library.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_update_ad(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length );
|
||||
|
||||
/** Encrypt or decrypt a message fragment in an active AEAD operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_update entry point. This function behaves as an aead_update entry
|
||||
* point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* Before calling this function, the PSA core will:
|
||||
* 1. Call either mbedtls_psa_aead_encrypt_setup() or
|
||||
* mbedtls_psa_aead_decrypt_setup(). The choice of setup function
|
||||
* determines whether this function encrypts or decrypts its input.
|
||||
* 2. Set the nonce with mbedtls_psa_aead_set_nonce().
|
||||
* 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data.
|
||||
*
|
||||
* If this function returns an error status, the PSA core will call
|
||||
* mbedtls_psa_aead_abort().
|
||||
*
|
||||
* This function does not require the input to be aligned to any
|
||||
* particular block boundary. If the implementation can only process
|
||||
* a whole block at a time, it must consume all the input provided, but
|
||||
* it may delay the end of the corresponding output until a subsequent
|
||||
* call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides
|
||||
* sufficient input. The amount of data that can be delayed in this way is
|
||||
* bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
|
||||
*
|
||||
* \param[in,out] operation Active AEAD operation.
|
||||
* \param[in] input Buffer containing the message fragment to
|
||||
* encrypt or decrypt.
|
||||
* \param input_length Size of the \p input buffer in bytes.
|
||||
* \param[out] output Buffer where the output is to be written.
|
||||
* \param output_size Size of the \p output buffer in bytes.
|
||||
* This must be appropriate for the selected
|
||||
* algorithm and key:
|
||||
* - A sufficient output size is
|
||||
* #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
|
||||
* \c alg, \p input_length) where
|
||||
* \c key_type is the type of key and \c alg is
|
||||
* the algorithm that were used to set up the
|
||||
* operation.
|
||||
* - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
|
||||
* input_length) evaluates to the maximum
|
||||
* output size of any supported AEAD
|
||||
* algorithm.
|
||||
* \param[out] output_length On success, the number of bytes
|
||||
* that make up the returned output.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
*
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p output buffer is too small.
|
||||
* #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
|
||||
* #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
|
||||
* determine the required buffer size.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_update(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length );
|
||||
|
||||
/** Finish encrypting a message in an AEAD operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_finish entry point. This function behaves as an aead_finish entry
|
||||
* point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* The operation must have been set up by the PSA core with
|
||||
* mbedtls_psa_aead_encrypt_setup().
|
||||
*
|
||||
* This function finishes the authentication of the additional data
|
||||
* formed by concatenating the inputs passed to preceding calls to
|
||||
* mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the
|
||||
* inputs passed to preceding calls to mbedtls_psa_aead_update().
|
||||
*
|
||||
* This function has two output buffers:
|
||||
* - \p ciphertext contains trailing ciphertext that was buffered from
|
||||
* preceding calls to mbedtls_psa_aead_update().
|
||||
* - \p tag contains the authentication tag.
|
||||
*
|
||||
* Whether or not this function returns successfuly, the PSA core subsequently
|
||||
* calls mbedtls_psa_aead_abort() to deactivate the operation.
|
||||
*
|
||||
* \param[in,out] operation Active AEAD operation.
|
||||
* \param[out] ciphertext Buffer where the last part of the ciphertext
|
||||
* is to be written.
|
||||
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
|
||||
* This must be appropriate for the selected
|
||||
* algorithm and key:
|
||||
* - A sufficient output size is
|
||||
* #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
|
||||
* \c alg) where \c key_type is the type of key
|
||||
* and \c alg is the algorithm that were used to
|
||||
* set up the operation.
|
||||
* - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
|
||||
* the maximum output size of any supported AEAD
|
||||
* algorithm.
|
||||
* \param[out] ciphertext_length On success, the number of bytes of
|
||||
* returned ciphertext.
|
||||
* \param[out] tag Buffer where the authentication tag is
|
||||
* to be written.
|
||||
* \param tag_size Size of the \p tag buffer in bytes.
|
||||
* This must be appropriate for the selected
|
||||
* algorithm and key:
|
||||
* - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
|
||||
* key_type, \c key_bits, \c alg) where
|
||||
* \c key_type and \c key_bits are the type and
|
||||
* bit-size of the key, and \c alg are the
|
||||
* algorithm that were used in the call to
|
||||
* mbedtls_psa_aead_encrypt_setup().
|
||||
* - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
|
||||
* maximum tag size of any supported AEAD
|
||||
* algorithm.
|
||||
* \param[out] tag_length On success, the number of bytes
|
||||
* that make up the returned tag.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p tag buffer is too small.
|
||||
* #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
|
||||
* #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
|
||||
* buffer size.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_finish(
|
||||
mbedtls_psa_aead_operation_t *operation,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length,
|
||||
uint8_t *tag,
|
||||
size_t tag_size,
|
||||
size_t *tag_length );
|
||||
|
||||
/** Abort an AEAD operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_abort entry point. This function behaves as an aead_abort entry
|
||||
* point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* Aborting an operation frees all associated resources except for the
|
||||
* \p operation structure itself. Once aborted, the operation object
|
||||
* can be reused for another operation by the PSA core by it calling
|
||||
* mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
|
||||
*
|
||||
* The PSA core may call this function any time after the operation object has
|
||||
* been initialized as described in #mbedtls_psa_aead_operation_t.
|
||||
*
|
||||
* In particular, calling mbedtls_psa_aead_abort() after the operation has been
|
||||
* terminated by a call to mbedtls_psa_aead_abort() or
|
||||
* mbedtls_psa_aead_finish() is safe and has no effect.
|
||||
*
|
||||
* \param[in,out] operation Initialized AEAD operation.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_abort(
|
||||
mbedtls_psa_aead_operation_t *operation );
|
||||
|
||||
#endif /* PSA_CRYPTO_AEAD */
|
||||
|
|
|
@ -92,6 +92,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
case PSA_ALG_CBC_PKCS7:
|
||||
mode = MBEDTLS_MODE_CBC;
|
||||
break;
|
||||
case PSA_ALG_CCM_STAR_NO_TAG:
|
||||
mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
|
||||
break;
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
|
||||
mode = MBEDTLS_MODE_CCM;
|
||||
break;
|
||||
|
@ -115,6 +118,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
case PSA_KEY_TYPE_AES:
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
|
||||
break;
|
||||
case PSA_KEY_TYPE_ARIA:
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
|
||||
break;
|
||||
case PSA_KEY_TYPE_DES:
|
||||
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
|
||||
* and 192 for three-key Triple-DES. */
|
||||
|
@ -255,16 +261,34 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
|
|||
iv, iv_length ) ) );
|
||||
}
|
||||
|
||||
/* Process input for which the algorithm is set to ECB mode. This requires
|
||||
* manual processing, since the PSA API is defined as being able to process
|
||||
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the
|
||||
* underlying mbedtls_cipher_update only takes full blocks. */
|
||||
/** Process input for which the algorithm is set to ECB mode.
|
||||
*
|
||||
* This requires manual processing, since the PSA API is defined as being
|
||||
* able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
|
||||
* but the underlying mbedtls_cipher_update only takes full blocks.
|
||||
*
|
||||
* \param ctx The mbedtls cipher context to use. It must have been
|
||||
* set up for ECB.
|
||||
* \param[in] input The input plaintext or ciphertext to process.
|
||||
* \param input_length The number of bytes to process from \p input.
|
||||
* This does not need to be aligned to a block boundary.
|
||||
* If there is a partial block at the end of the input,
|
||||
* it is stored in \p ctx for future processing.
|
||||
* \param output The buffer where the output is written. It must be
|
||||
* at least `BS * floor((p + input_length) / BS)` bytes
|
||||
* long, where `p` is the number of bytes in the
|
||||
* unprocessed partial block in \p ctx (with
|
||||
* `0 <= p <= BS - 1`) and `BS` is the block size.
|
||||
* \param output_length On success, the number of bytes written to \p output.
|
||||
* \c 0 on error.
|
||||
*
|
||||
* \return #PSA_SUCCESS or an error from a hardware accelerator
|
||||
*/
|
||||
static psa_status_t psa_cipher_update_ecb(
|
||||
mbedtls_cipher_context_t *ctx,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -304,7 +328,6 @@ static psa_status_t psa_cipher_update_ecb(
|
|||
goto exit;
|
||||
|
||||
output += internal_output_length;
|
||||
output_size -= internal_output_length;
|
||||
*output_length += internal_output_length;
|
||||
ctx->unprocessed_len = 0;
|
||||
}
|
||||
|
@ -325,7 +348,6 @@ static psa_status_t psa_cipher_update_ecb(
|
|||
input += block_size;
|
||||
|
||||
output += internal_output_length;
|
||||
output_size -= internal_output_length;
|
||||
*output_length += internal_output_length;
|
||||
}
|
||||
|
||||
|
@ -380,7 +402,6 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
|
|||
input,
|
||||
input_length,
|
||||
output,
|
||||
output_size,
|
||||
output_length );
|
||||
}
|
||||
else
|
||||
|
|
|
@ -528,4 +528,23 @@ psa_status_t psa_verify_hash_builtin(
|
|||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||
const uint8_t *signature, size_t signature_length );
|
||||
|
||||
/**
|
||||
* \brief Validate the key bit size for unstructured keys.
|
||||
*
|
||||
* \note Check that the bit size is acceptable for a given key type for
|
||||
* unstructured keys.
|
||||
*
|
||||
* \param[in] type The key type
|
||||
* \param[in] bits The number of bits of the key
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* The key type and size are valid.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The size in bits of the key is not valid.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* The type and/or the size in bits of the key or the combination of
|
||||
* the two is not supported.
|
||||
*/
|
||||
psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
|
||||
size_t bits );
|
||||
#endif /* PSA_CRYPTO_CORE_H */
|
||||
|
|
|
@ -380,8 +380,49 @@ psa_status_t psa_driver_wrapper_verify_hash(
|
|||
}
|
||||
}
|
||||
|
||||
/** Calculate the key buffer size required to store the key material of a key
|
||||
* associated with an opaque driver from input key data.
|
||||
*
|
||||
* \param[in] attributes The key attributes
|
||||
* \param[in] data The input key data.
|
||||
* \param[in] data_length The input data length.
|
||||
* \param[out] key_buffer_size Minimum buffer size to contain the key material.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
*/
|
||||
psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data,
|
||||
size_t data_length,
|
||||
size_t *key_buffer_size )
|
||||
{
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
psa_key_type_t key_type = attributes->core.type;
|
||||
|
||||
*key_buffer_size = 0;
|
||||
switch( location )
|
||||
{
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
||||
*key_buffer_size = mbedtls_test_opaque_size_function( key_type,
|
||||
PSA_BYTES_TO_BITS( data_length ) );
|
||||
return( ( *key_buffer_size != 0 ) ?
|
||||
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
default:
|
||||
(void)key_type;
|
||||
(void)data;
|
||||
(void)data_length;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
/** Get the key buffer size required to store the key material of a key
|
||||
* associated with an opaque driver without storage.
|
||||
* associated with an opaque driver.
|
||||
*
|
||||
* \param[in] attributes The key attributes.
|
||||
* \param[out] key_buffer_size Minimum buffer size to contain the key material
|
||||
|
@ -389,11 +430,11 @@ psa_status_t psa_driver_wrapper_verify_hash(
|
|||
* \retval #PSA_SUCCESS
|
||||
* The minimum size for a buffer to contain the key material has been
|
||||
* returned successfully.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The size in bits of the key is not valid.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* The type and/or the size in bits of the key or the combination of
|
||||
* the two is not supported.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The key is declared with a lifetime not known to us.
|
||||
*/
|
||||
psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
||||
const psa_key_attributes_t *attributes,
|
||||
|
@ -418,7 +459,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
|
||||
*key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
|
||||
*key_buffer_size = mbedtls_test_opaque_size_function( key_type,
|
||||
key_bits );
|
||||
return( ( *key_buffer_size != 0 ) ?
|
||||
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
@ -426,7 +468,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
|||
default:
|
||||
(void)key_type;
|
||||
(void)key_bits;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -566,10 +608,18 @@ psa_status_t psa_driver_wrapper_import_key(
|
|||
data, data_length,
|
||||
key_buffer, key_buffer_size,
|
||||
key_buffer_length, bits ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
||||
return( mbedtls_test_opaque_import_key(
|
||||
attributes,
|
||||
data, data_length,
|
||||
key_buffer, key_buffer_size,
|
||||
key_buffer_length, bits ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
default:
|
||||
/* Importing a key with external storage in not yet supported.
|
||||
* Return in error indicating that the lifetime is not valid. */
|
||||
(void)status;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
@ -733,6 +783,50 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
|
|||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_copy_key(
|
||||
psa_key_attributes_t *attributes,
|
||||
const uint8_t *source_key, size_t source_key_length,
|
||||
uint8_t *target_key_buffer, size_t target_key_buffer_size,
|
||||
size_t *target_key_buffer_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
{
|
||||
/* Copying to a secure element is not implemented yet. */
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
switch( location )
|
||||
{
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
||||
return( mbedtls_test_opaque_copy_key( attributes, source_key,
|
||||
source_key_length,
|
||||
target_key_buffer,
|
||||
target_key_buffer_size,
|
||||
target_key_buffer_length) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
default:
|
||||
(void)source_key;
|
||||
(void)source_key_length;
|
||||
(void)target_key_buffer;
|
||||
(void)target_key_buffer_size;
|
||||
(void)target_key_buffer_length;
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
|
||||
/*
|
||||
* Cipher functions
|
||||
*/
|
||||
|
@ -1471,6 +1565,381 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
|
|||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
|
||||
psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||
/* Key is stored in the slot in export representation, so
|
||||
* cycle through all known transparent accelerators */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
status = mbedtls_test_transparent_aead_encrypt_setup(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
attributes, key_buffer, key_buffer_size,
|
||||
alg );
|
||||
|
||||
/* Declared with fallback == true */
|
||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
status = mbedtls_psa_aead_encrypt_setup(
|
||||
&operation->ctx.mbedtls_ctx, attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg );
|
||||
|
||||
return( status );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
default:
|
||||
/* Key is declared with a lifetime not known to us */
|
||||
(void)status;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
|
||||
psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||
/* Key is stored in the slot in export representation, so
|
||||
* cycle through all known transparent accelerators */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
||||
status = mbedtls_test_transparent_aead_decrypt_setup(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg );
|
||||
|
||||
/* Declared with fallback == true */
|
||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
status = mbedtls_psa_aead_decrypt_setup(
|
||||
&operation->ctx.mbedtls_ctx,
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg );
|
||||
|
||||
return( status );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
default:
|
||||
/* Key is declared with a lifetime not known to us */
|
||||
(void)status;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_set_nonce(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
|
||||
nonce,
|
||||
nonce_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_set_nonce(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
nonce, nonce_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)nonce;
|
||||
(void)nonce_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_set_lengths(
|
||||
psa_aead_operation_t *operation,
|
||||
size_t ad_length,
|
||||
size_t plaintext_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
|
||||
ad_length,
|
||||
plaintext_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_set_lengths(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
ad_length, plaintext_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)ad_length;
|
||||
(void)plaintext_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_update_ad(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
|
||||
input,
|
||||
input_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_update_ad(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
input, input_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)input;
|
||||
(void)input_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_update(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
|
||||
input, input_length,
|
||||
output, output_size,
|
||||
output_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_update(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
input, input_length, output, output_size,
|
||||
output_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)input;
|
||||
(void)input_length;
|
||||
(void)output;
|
||||
(void)output_size;
|
||||
(void)output_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_finish(
|
||||
psa_aead_operation_t *operation,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length,
|
||||
uint8_t *tag,
|
||||
size_t tag_size,
|
||||
size_t *tag_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
|
||||
ciphertext,
|
||||
ciphertext_size,
|
||||
ciphertext_length, tag,
|
||||
tag_size, tag_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_finish(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
ciphertext, ciphertext_size,
|
||||
ciphertext_length, tag, tag_size, tag_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)ciphertext;
|
||||
(void)ciphertext_size;
|
||||
(void)ciphertext_length;
|
||||
(void)tag;
|
||||
(void)tag_size;
|
||||
(void)tag_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_verify(
|
||||
psa_aead_operation_t *operation,
|
||||
uint8_t *plaintext,
|
||||
size_t plaintext_size,
|
||||
size_t *plaintext_length,
|
||||
const uint8_t *tag,
|
||||
size_t tag_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
|
||||
size_t check_tag_length;
|
||||
|
||||
status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
|
||||
plaintext,
|
||||
plaintext_size,
|
||||
plaintext_length,
|
||||
check_tag,
|
||||
sizeof( check_tag ),
|
||||
&check_tag_length );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
if( tag_length != check_tag_length ||
|
||||
mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
|
||||
!= 0 )
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_verify(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
plaintext, plaintext_size,
|
||||
plaintext_length, tag, tag_length ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)plaintext;
|
||||
(void)plaintext_size;
|
||||
(void)plaintext_length;
|
||||
(void)tag;
|
||||
(void)tag_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_abort(
|
||||
psa_aead_operation_t *operation )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( mbedtls_test_transparent_aead_abort(
|
||||
&operation->ctx.transparent_test_driver_ctx ) );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
/*
|
||||
* MAC functions
|
||||
|
|
|
@ -85,6 +85,12 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
|||
const psa_key_attributes_t *attributes,
|
||||
size_t *key_buffer_size );
|
||||
|
||||
psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data,
|
||||
size_t data_length,
|
||||
size_t *key_buffer_size );
|
||||
|
||||
psa_status_t psa_driver_wrapper_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
||||
|
@ -94,6 +100,11 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
|
|||
psa_key_attributes_t *attributes,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_copy_key(
|
||||
psa_key_attributes_t *attributes,
|
||||
const uint8_t *source_key, size_t source_key_length,
|
||||
uint8_t *target_key_buffer, size_t target_key_buffer_size,
|
||||
size_t *target_key_buffer_length );
|
||||
/*
|
||||
* Cipher functions
|
||||
*/
|
||||
|
@ -208,6 +219,61 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
|
|||
const uint8_t *ciphertext, size_t ciphertext_length,
|
||||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
|
||||
psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
|
||||
psa_aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_set_nonce(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_set_lengths(
|
||||
psa_aead_operation_t *operation,
|
||||
size_t ad_length,
|
||||
size_t plaintext_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_update_ad(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_update(
|
||||
psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_finish(
|
||||
psa_aead_operation_t *operation,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length,
|
||||
uint8_t *tag,
|
||||
size_t tag_size,
|
||||
size_t *tag_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_verify(
|
||||
psa_aead_operation_t *operation,
|
||||
uint8_t *plaintext,
|
||||
size_t plaintext_size,
|
||||
size_t *plaintext_length,
|
||||
const uint8_t *tag,
|
||||
size_t tag_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_aead_abort(
|
||||
psa_aead_operation_t *operation );
|
||||
|
||||
/*
|
||||
* MAC functions
|
||||
*/
|
||||
|
|
|
@ -572,7 +572,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
|||
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
|
||||
psa_status_t mbedtls_test_driver_ecp_import_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data, size_t data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size,
|
||||
|
@ -583,7 +583,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
|
|||
key_buffer_length, bits ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
|
||||
psa_status_t mbedtls_test_driver_ecp_export_public_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length )
|
||||
|
|
|
@ -224,13 +224,13 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
|||
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
|
||||
psa_status_t mbedtls_test_driver_ecp_import_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data, size_t data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size,
|
||||
size_t *key_buffer_length, size_t *bits );
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
|
||||
psa_status_t mbedtls_test_driver_ecp_export_public_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length );
|
||||
|
|
|
@ -42,29 +42,6 @@
|
|||
#endif
|
||||
|
||||
#if defined(BUILTIN_ALG_HMAC)
|
||||
static size_t psa_get_hash_block_size( psa_algorithm_t alg )
|
||||
{
|
||||
switch( alg )
|
||||
{
|
||||
case PSA_ALG_MD5:
|
||||
return( 64 );
|
||||
case PSA_ALG_RIPEMD160:
|
||||
return( 64 );
|
||||
case PSA_ALG_SHA_1:
|
||||
return( 64 );
|
||||
case PSA_ALG_SHA_224:
|
||||
return( 64 );
|
||||
case PSA_ALG_SHA_256:
|
||||
return( 64 );
|
||||
case PSA_ALG_SHA_384:
|
||||
return( 128 );
|
||||
case PSA_ALG_SHA_512:
|
||||
return( 128 );
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
static psa_status_t psa_hmac_abort_internal(
|
||||
mbedtls_psa_hmac_operation_t *hmac )
|
||||
{
|
||||
|
@ -81,7 +58,7 @@ static psa_status_t psa_hmac_setup_internal(
|
|||
uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
|
||||
size_t i;
|
||||
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
|
||||
size_t block_size = psa_get_hash_block_size( hash_alg );
|
||||
size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
|
||||
psa_status_t status;
|
||||
|
||||
hmac->alg = hash_alg;
|
||||
|
@ -153,7 +130,7 @@ static psa_status_t psa_hmac_finish_internal(
|
|||
uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
|
||||
psa_algorithm_t hash_alg = hmac->alg;
|
||||
size_t hash_size = 0;
|
||||
size_t block_size = psa_get_hash_block_size( hash_alg );
|
||||
size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
|
||||
psa_status_t status;
|
||||
|
||||
status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
|
||||
|
|
|
@ -453,6 +453,27 @@ exit:
|
|||
return( status );
|
||||
}
|
||||
|
||||
#if defined(BUILTIN_ALG_RSA_PSS)
|
||||
static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
|
||||
const mbedtls_rsa_context *rsa,
|
||||
size_t hash_length )
|
||||
{
|
||||
if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
|
||||
return( MBEDTLS_RSA_SALT_LEN_ANY );
|
||||
/* Otherwise: standard salt length, i.e. largest possible salt length
|
||||
* up to the hash length. */
|
||||
int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
|
||||
int hlen = (int) hash_length; // known to fit
|
||||
int room = klen - 2 - hlen;
|
||||
if( room < 0 )
|
||||
return( 0 ); // there is no valid signature in this case anyway
|
||||
else if( room > hlen )
|
||||
return( hlen );
|
||||
else
|
||||
return( room );
|
||||
}
|
||||
#endif
|
||||
|
||||
static psa_status_t rsa_verify_hash(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
|
@ -503,10 +524,13 @@ static psa_status_t rsa_verify_hash(
|
|||
ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
||||
if( ret == 0 )
|
||||
{
|
||||
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
|
||||
int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
|
||||
ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa,
|
||||
md_alg,
|
||||
(unsigned int) hash_length,
|
||||
(unsigned) hash_length,
|
||||
hash,
|
||||
md_alg,
|
||||
slen,
|
||||
signature );
|
||||
}
|
||||
}
|
||||
|
@ -611,7 +635,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
|
|||
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
|
||||
psa_status_t mbedtls_test_driver_rsa_import_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data, size_t data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size,
|
||||
|
@ -622,7 +646,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
|
|||
key_buffer_length, bits ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
|
||||
psa_status_t mbedtls_test_driver_rsa_export_public_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length )
|
||||
|
|
|
@ -218,13 +218,13 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
|
|||
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
|
||||
psa_status_t mbedtls_test_driver_rsa_import_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *data, size_t data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size,
|
||||
size_t *key_buffer_length, size_t *bits );
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
|
||||
psa_status_t mbedtls_test_driver_rsa_export_public_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length );
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue