diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index f6f755913..8378589f3 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -87,16 +87,6 @@ int mbedtls_base64_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST */ -#if defined(MBEDTLS_TEST_HOOKS) -/* These functions are only exposed in testing configurations for testing - * purposes and may change or disappear at any time. */ -unsigned char mbedtls_base64_mask_of_range( unsigned char low, - unsigned char high, - unsigned char c ); -unsigned char mbedtls_base64_enc_char( unsigned char val ); -signed char mbedtls_base64_dec_value( unsigned char c ); -#endif - #ifdef __cplusplus } #endif diff --git a/library/base64.c b/library/base64.c index 96c94d1c6..085c71f3c 100644 --- a/library/base64.c +++ b/library/base64.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" +#include "base64_invasive.h" #include diff --git a/library/base64_invasive.h b/library/base64_invasive.h new file mode 100644 index 000000000..9e264719d --- /dev/null +++ b/library/base64_invasive.h @@ -0,0 +1,55 @@ +/** + * \file base_invasive.h + * + * \brief Base64 module: interfaces for invasive testing only. + * + * The interfaces in this file are intended for testing purposes only. + * They SHOULD NOT be made available in library integrations except when + * building the library for testing. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_BASE64_INVASIVE_H +#define MBEDTLS_BASE64_INVASIVE_H + +#include "common.h" + +#if defined(MBEDTLS_TEST_HOOKS) +/* Return 0xff if low <= c <= high, 0 otherwise. + * + * Constant flow with respect to c. + */ +unsigned char mbedtls_base64_mask_of_range( unsigned char low, + unsigned char high, + unsigned char c ); + +/* Given a value in the range 0..63, return the corresponding Base64 digit. + * + * Operates in constant time (no branches or memory access depending on val). + */ +unsigned char mbedtls_base64_enc_char( unsigned char val ); + +/* Given a Base64 digit, return its value. + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * Operates in constant time (no branches or memory access depending on c). + */ +signed char mbedtls_base64_dec_value( unsigned char c ); +#endif /* MBEDTLS_TEST_HOOKS */ + +#endif /* MBEDTLS_SSL_INVASIVE_H */ diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index c0548956e..d0e116770 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" +#include "base64_invasive.h" #include /* END_HEADER */