Merge branch 'development' into ccm_chunked

Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
This commit is contained in:
Mateusz Starzyk 2021-08-24 15:14:23 +02:00
commit cbefb6ba4d
54 changed files with 2140 additions and 1261 deletions

View file

@ -14,6 +14,8 @@ jobs:
- graphviz - graphviz
- gcc-arm-none-eabi - gcc-arm-none-eabi
- libnewlib-arm-none-eabi - libnewlib-arm-none-eabi
- gcc-arm-linux-gnueabi
- libc6-dev-armel-cross
language: python # Needed to get pip for Python 3 language: python # Needed to get pip for Python 3
python: 3.5 # version from Ubuntu 16.04 python: 3.5 # version from Ubuntu 16.04
install: install:
@ -22,7 +24,7 @@ jobs:
- tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k 'check_*'
- tests/scripts/all.sh -k test_default_out_of_box - tests/scripts/all.sh -k test_default_out_of_box
- tests/scripts/all.sh -k test_ref_configs - tests/scripts/all.sh -k test_ref_configs
- tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
- name: full configuration - name: full configuration
script: script:

View file

@ -330,7 +330,7 @@ install(
DESTINATION "cmake" DESTINATION "cmake"
FILE "MbedTLSTargets.cmake") FILE "MbedTLSTargets.cmake")
if(CMAKE_VERSION VERSION_GREATER 3.14) if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
# Do not export the package by default # Do not export the package by default
cmake_policy(SET CMP0090 NEW) cmake_policy(SET CMP0090 NEW)

View file

@ -0,0 +1,3 @@
Features
* The identifier of the CID TLS extension can be configured by defining
MBEDTLS_TLS_EXT_CID at compile time.

View file

@ -3194,6 +3194,17 @@
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
/** \def MBEDTLS_TLS_EXT_CID
*
* At the time of writing, the CID extension has not been assigned its
* final value. Set this configuration option to make Mbed TLS use a
* different value.
*
* A future minor revision of Mbed TLS may change the default value of
* this option to match evolving standards and usage.
*/
//#define MBEDTLS_TLS_EXT_CID 254
/** /**
* Complete list of ciphersuites to use, in order of preference. * Complete list of ciphersuites to use, in order of preference.
* *

View file

@ -337,6 +337,41 @@
#define MBEDTLS_SSL_SIG_RSA 1 #define MBEDTLS_SSL_SIG_RSA 1
#define MBEDTLS_SSL_SIG_ECDSA 3 #define MBEDTLS_SSL_SIG_ECDSA 3
/*
* TLS 1.3 signature algorithms
* RFC 8446, Section 4.2.2
*/
/* RSASSA-PKCS1-v1_5 algorithms */
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601
/* ECDSA algorithms */
#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403
#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503
#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603
/* RSASSA-PSS algorithms with public key OID rsaEncryption */
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806
/* EdDSA algorithms */
#define MBEDTLS_TLS13_SIG_ED25519 0x0807
#define MBEDTLS_TLS13_SIG_ED448 0x0808
/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B
/* LEGACY ALGORITHMS */
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201
#define MBEDTLS_TLS13_SIG_ECDSA_SHA1 0x0203
#define MBEDTLS_TLS13_SIG_NONE 0x0
/* /*
* Client Certificate Types * Client Certificate Types
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
@ -425,8 +460,14 @@
/* The value of the CID extension is still TBD as of /* The value of the CID extension is still TBD as of
* draft-ietf-tls-dtls-connection-id-05 * draft-ietf-tls-dtls-connection-id-05
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
*
* A future minor revision of Mbed TLS may change the default value of
* this option to match evolving standards and usage.
*/
#if !defined(MBEDTLS_TLS_EXT_CID)
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */ #define MBEDTLS_TLS_EXT_CID 254 /* TBD */
#endif
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
@ -537,10 +578,11 @@ typedef int mbedtls_ssl_send_t( void *ctx,
* \param buf Buffer to write the received data to * \param buf Buffer to write the received data to
* \param len Length of the receive buffer * \param len Length of the receive buffer
* *
* \return The callback must return the number of bytes received, * \returns If data has been received, the positive number of bytes received.
* or a non-zero error code. * \returns \c 0 if the connection has been closed.
* If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ * \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
* must be returned when the operation would block. * must be returned when the operation would block.
* \returns Another negative error code on other kinds of failures.
* *
* \note The callback may receive fewer bytes than the length of the * \note The callback may receive fewer bytes than the length of the
* buffer. It must always return the number of bytes actually * buffer. It must always return the number of bytes actually
@ -560,7 +602,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
* \param ctx Context for the receive callback (typically a file descriptor) * \param ctx Context for the receive callback (typically a file descriptor)
* \param buf Buffer to write the received data to * \param buf Buffer to write the received data to
* \param len Length of the receive buffer * \param len Length of the receive buffer
* \param timeout Maximum nomber of millisecondes to wait for data * \param timeout Maximum number of milliseconds to wait for data
* 0 means no timeout (potentially waiting forever) * 0 means no timeout (potentially waiting forever)
* *
* \return The callback must return the number of bytes received, * \return The callback must return the number of bytes received,
@ -1147,6 +1189,10 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -1328,10 +1374,24 @@ struct mbedtls_ssl_context
/* /*
* Record layer transformations * Record layer transformations
*/ */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in)
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */ * This is always a reference,
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ * never an owning pointer. */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out)
* This is always a reference,
* never an owning pointer. */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
* This pointer owns the transform
* it references. */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
* This pointer owns the transform
* it references. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
/*! The application data transform in TLS 1.3.
* This pointer owns the transform it references. */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* /*
* Timers * Timers
@ -2991,6 +3051,20 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
*/ */
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ); const int *hashes );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
/**
* \brief Configure allowed signature algorithms for use in TLS 1.3
*
* \param conf The SSL configuration to use.
* \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
* terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
* available throughout the lifetime of the conf object. Supported
* values are available as \c MBEDTLS_TLS13_SIG_XXXX
*/
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)

View file

@ -104,6 +104,8 @@ set(src_tls
ssl_ticket.c ssl_ticket.c
ssl_tls.c ssl_tls.c
ssl_tls13_keys.c ssl_tls13_keys.c
ssl_tls13_server.c
ssl_tls13_client.c
) )
if(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_GNUCC)

View file

@ -167,6 +167,8 @@ OBJS_TLS= \
ssl_ticket.o \ ssl_ticket.o \
ssl_tls.o \ ssl_tls.o \
ssl_tls13_keys.o \ ssl_tls13_keys.o \
ssl_tls13_client.o \
ssl_tls13_server.o \
# This line is intentionally left blank # This line is intentionally left blank
.SILENT: .SILENT:

View file

@ -57,29 +57,6 @@
#define AES_VALIDATE( cond ) \ #define AES_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
#if defined(MBEDTLS_PADLOCK_C) && \ #if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) ) ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1; static int aes_padlock_ace = -1;
@ -409,7 +386,7 @@ static void aes_gen_tables( void )
{ {
pow[i] = x; pow[i] = x;
log[x] = i; log[x] = i;
x = ( x ^ XTIME( x ) ) & 0xFF; x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
} }
/* /*
@ -418,7 +395,7 @@ static void aes_gen_tables( void )
for( i = 0, x = 1; i < 10; i++ ) for( i = 0, x = 1; i < 10; i++ )
{ {
RCON[i] = (uint32_t) x; RCON[i] = (uint32_t) x;
x = XTIME( x ) & 0xFF; x = MBEDTLS_BYTE_0( XTIME( x ) );
} }
/* /*
@ -431,10 +408,10 @@ static void aes_gen_tables( void )
{ {
x = pow[255 - log[i]]; x = pow[255 - log[i]];
y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
x ^= y ^ 0x63; x ^= y ^ 0x63;
FSb[i] = (unsigned char) x; FSb[i] = (unsigned char) x;
@ -447,8 +424,8 @@ static void aes_gen_tables( void )
for( i = 0; i < 256; i++ ) for( i = 0; i < 256; i++ )
{ {
x = FSb[i]; x = FSb[i];
y = XTIME( x ) & 0xFF; y = MBEDTLS_BYTE_0( XTIME( x ) );
z = ( y ^ x ) & 0xFF; z = MBEDTLS_BYTE_0( y ^ x );
FT0[i] = ( (uint32_t) y ) ^ FT0[i] = ( (uint32_t) y ) ^
( (uint32_t) x << 8 ) ^ ( (uint32_t) x << 8 ) ^
@ -590,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < ( keybits >> 5 ); i++ ) for( i = 0; i < ( keybits >> 5 ); i++ )
{ {
GET_UINT32_LE( RK[i], key, i << 2 ); RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
} }
switch( ctx->nr ) switch( ctx->nr )
@ -600,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 10; i++, RK += 4 ) for( i = 0; i < 10; i++, RK += 4 )
{ {
RK[4] = RK[0] ^ RCON[i] ^ RK[4] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^
( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^
( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
RK[5] = RK[1] ^ RK[4]; RK[5] = RK[1] ^ RK[4];
RK[6] = RK[2] ^ RK[5]; RK[6] = RK[2] ^ RK[5];
@ -616,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 8; i++, RK += 6 ) for( i = 0; i < 8; i++, RK += 6 )
{ {
RK[6] = RK[0] ^ RCON[i] ^ RK[6] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^
( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^
( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
RK[7] = RK[1] ^ RK[6]; RK[7] = RK[1] ^ RK[6];
RK[8] = RK[2] ^ RK[7]; RK[8] = RK[2] ^ RK[7];
@ -634,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
for( i = 0; i < 7; i++, RK += 8 ) for( i = 0; i < 7; i++, RK += 8 )
{ {
RK[8] = RK[0] ^ RCON[i] ^ RK[8] = RK[0] ^ RCON[i] ^
( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^
( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^
( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
RK[9] = RK[1] ^ RK[8]; RK[9] = RK[1] ^ RK[8];
RK[10] = RK[2] ^ RK[9]; RK[10] = RK[2] ^ RK[9];
RK[11] = RK[3] ^ RK[10]; RK[11] = RK[3] ^ RK[10];
RK[12] = RK[4] ^ RK[12] = RK[4] ^
( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^
( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^
( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
RK[13] = RK[5] ^ RK[12]; RK[13] = RK[5] ^ RK[12];
RK[14] = RK[6] ^ RK[13]; RK[14] = RK[6] ^ RK[13];
@ -713,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
{ {
for( j = 0; j < 4; j++, SK++ ) for( j = 0; j < 4; j++, SK++ )
{ {
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^ *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^ AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^ AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] ); AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
} }
} }
@ -809,52 +786,52 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
} }
#endif /* MBEDTLS_CIPHER_MODE_XTS */ #endif /* MBEDTLS_CIPHER_MODE_XTS */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \ do \
{ \ { \
(X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \ (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \ AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \ AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \ AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \
\ \
(X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \ (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \ AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \ AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \ AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \
\ \
(X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \ (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \ AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \ AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \ AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \
\ \
(X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \ (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \ AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \ AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \ AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \
} while( 0 ) } while( 0 )
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \ do \
{ \ { \
(X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \ (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \ AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \ AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \ AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \
\ \
(X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \ (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \ AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \ AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \ AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \
\ \
(X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \ (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \ AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \ AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \ AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \
\ \
(X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \ (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \ AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \ AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \ AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \
} while( 0 ) } while( 0 )
/* /*
@ -873,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
uint32_t Y[4]; uint32_t Y[4];
} t; } t;
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{ {
@ -887,33 +864,33 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
t.X[0] = *RK++ ^ \ t.X[0] = *RK++ ^ \
( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
t.X[1] = *RK++ ^ \ t.X[1] = *RK++ ^ \
( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
t.X[2] = *RK++ ^ \ t.X[2] = *RK++ ^ \
( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
t.X[3] = *RK++ ^ \ t.X[3] = *RK++ ^ \
( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
PUT_UINT32_LE( t.X[0], output, 0 ); MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
PUT_UINT32_LE( t.X[1], output, 4 ); MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
PUT_UINT32_LE( t.X[2], output, 8 ); MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
PUT_UINT32_LE( t.X[3], output, 12 ); MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
mbedtls_platform_zeroize( &t, sizeof( t ) ); mbedtls_platform_zeroize( &t, sizeof( t ) );
@ -937,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
uint32_t Y[4]; uint32_t Y[4];
} t; } t;
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{ {
@ -951,33 +928,33 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
t.X[0] = *RK++ ^ \ t.X[0] = *RK++ ^ \
( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
t.X[1] = *RK++ ^ \ t.X[1] = *RK++ ^ \
( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
t.X[2] = *RK++ ^ \ t.X[2] = *RK++ ^ \
( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
t.X[3] = *RK++ ^ \ t.X[3] = *RK++ ^ \
( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
PUT_UINT32_LE( t.X[0], output, 0 ); MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
PUT_UINT32_LE( t.X[1], output, 4 ); MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
PUT_UINT32_LE( t.X[2], output, 8 ); MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
PUT_UINT32_LE( t.X[3], output, 12 ); MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
mbedtls_platform_zeroize( &t, sizeof( t ) ); mbedtls_platform_zeroize( &t, sizeof( t ) );
@ -1097,35 +1074,6 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
#if defined(MBEDTLS_CIPHER_MODE_XTS) #if defined(MBEDTLS_CIPHER_MODE_XTS)
/* Endianess with 64 bits values */
#ifndef GET_UINT64_LE
#define GET_UINT64_LE(n,b,i) \
{ \
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
| ( (uint64_t) (b)[(i) ] ); \
}
#endif
#ifndef PUT_UINT64_LE
#define PUT_UINT64_LE(n,b,i) \
{ \
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) ] = (unsigned char) ( (n) ); \
}
#endif
typedef unsigned char mbedtls_be128[16]; typedef unsigned char mbedtls_be128[16];
/* /*
@ -1141,14 +1089,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16],
{ {
uint64_t a, b, ra, rb; uint64_t a, b, ra, rb;
GET_UINT64_LE( a, x, 0 ); a = MBEDTLS_GET_UINT64_LE( x, 0 );
GET_UINT64_LE( b, x, 8 ); b = MBEDTLS_GET_UINT64_LE( x, 8 );
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
rb = ( a >> 63 ) | ( b << 1 ); rb = ( a >> 63 ) | ( b << 1 );
PUT_UINT64_LE( ra, r, 0 ); MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
PUT_UINT64_LE( rb, r, 8 ); MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
} }
/* /*

View file

@ -55,29 +55,6 @@
#define ARIA_VALIDATE( cond ) \ #define ARIA_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE( n, b, i ) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE( n, b, i ) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
/* /*
* modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
* *
@ -235,22 +212,22 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
const uint8_t sa[256], const uint8_t sb[256], const uint8_t sa[256], const uint8_t sb[256],
const uint8_t sc[256], const uint8_t sd[256] ) const uint8_t sc[256], const uint8_t sd[256] )
{ {
*a = ( (uint32_t) sa[ *a & 0xFF] ) ^ *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^
(((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^
(((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^ (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
(((uint32_t) sd[ *a >> 24 ]) << 24); (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
*b = ( (uint32_t) sa[ *b & 0xFF] ) ^ *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^
(((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^ (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^
(((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^ (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
(((uint32_t) sd[ *b >> 24 ]) << 24); (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
*c = ( (uint32_t) sa[ *c & 0xFF] ) ^ *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^
(((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^ (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^
(((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^ (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
(((uint32_t) sd[ *c >> 24 ]) << 24); (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
*d = ( (uint32_t) sa[ *d & 0xFF] ) ^ *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^
(((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^ (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^
(((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^ (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
(((uint32_t) sd[ *d >> 24 ]) << 24); (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
} }
/* /*
@ -408,7 +385,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
* Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup. * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
* *
* We chose to store bytes into 32-bit words in little-endian format (see * We chose to store bytes into 32-bit words in little-endian format (see
* GET/PUT_UINT32_LE) so we need to reverse bytes here. * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
* bytes here.
*/ */
static void aria_rot128( uint32_t r[4], const uint32_t a[4], static void aria_rot128( uint32_t r[4], const uint32_t a[4],
const uint32_t b[4], uint8_t n ) const uint32_t b[4], uint8_t n )
@ -456,21 +434,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
/* Copy key to W0 (and potential remainder to W1) */ /* Copy key to W0 (and potential remainder to W1) */
GET_UINT32_LE( w[0][0], key, 0 ); w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 );
GET_UINT32_LE( w[0][1], key, 4 ); w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 );
GET_UINT32_LE( w[0][2], key, 8 ); w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 );
GET_UINT32_LE( w[0][3], key, 12 ); w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
memset( w[1], 0, 16 ); memset( w[1], 0, 16 );
if( keybits >= 192 ) if( keybits >= 192 )
{ {
GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key
GET_UINT32_LE( w[1][1], key, 20 ); w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
} }
if( keybits == 256 ) if( keybits == 256 )
{ {
GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key
GET_UINT32_LE( w[1][3], key, 28 ); w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
} }
i = ( keybits - 128 ) >> 6; // index: 0, 1, 2 i = ( keybits - 128 ) >> 6; // index: 0, 1, 2
@ -547,10 +525,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET( input != NULL ); ARIA_VALIDATE_RET( input != NULL );
ARIA_VALIDATE_RET( output != NULL ); ARIA_VALIDATE_RET( output != NULL );
GET_UINT32_LE( a, input, 0 ); a = MBEDTLS_GET_UINT32_LE( input, 0 );
GET_UINT32_LE( b, input, 4 ); b = MBEDTLS_GET_UINT32_LE( input, 4 );
GET_UINT32_LE( c, input, 8 ); c = MBEDTLS_GET_UINT32_LE( input, 8 );
GET_UINT32_LE( d, input, 12 ); d = MBEDTLS_GET_UINT32_LE( input, 12 );
i = 0; i = 0;
while( 1 ) while( 1 )
@ -582,10 +560,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
c ^= ctx->rk[i][2]; c ^= ctx->rk[i][2];
d ^= ctx->rk[i][3]; d ^= ctx->rk[i][3];
PUT_UINT32_LE( a, output, 0 ); MBEDTLS_PUT_UINT32_LE( a, output, 0 );
PUT_UINT32_LE( b, output, 4 ); MBEDTLS_PUT_UINT32_LE( b, output, 4 );
PUT_UINT32_LE( c, output, 8 ); MBEDTLS_PUT_UINT32_LE( c, output, 8 );
PUT_UINT32_LE( d, output, 12 ); MBEDTLS_PUT_UINT32_LE( d, output, 12 );
return( 0 ); return( 0 );
} }

View file

@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
if( *p - start < 3 ) if( *p - start < 3 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = ( len ) & 0xFF; *--(*p) = MBEDTLS_BYTE_0( len );
*--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_1( len );
*--(*p) = 0x82; *--(*p) = 0x82;
return( 3 ); return( 3 );
} }
@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
if( *p - start < 4 ) if( *p - start < 4 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = ( len ) & 0xFF; *--(*p) = MBEDTLS_BYTE_0( len );
*--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_1( len );
*--(*p) = ( len >> 16 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_2( len );
*--(*p) = 0x83; *--(*p) = 0x83;
return( 4 ); return( 4 );
} }
@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
if( *p - start < 5 ) if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = ( len ) & 0xFF; *--(*p) = MBEDTLS_BYTE_0( len );
*--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_1( len );
*--(*p) = ( len >> 16 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_2( len );
*--(*p) = ( len >> 24 ) & 0xFF; *--(*p) = MBEDTLS_BYTE_3( len );
*--(*p) = 0x84; *--(*p) = 0x84;
return( 5 ); return( 5 );
} }

View file

@ -319,9 +319,9 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
if( ++n == 4 ) if( ++n == 4 )
{ {
n = 0; n = 0;
if( j > 0 ) *p++ = (unsigned char)( x >> 16 ); if( j > 0 ) *p++ = MBEDTLS_BYTE_2( x );
if( j > 1 ) *p++ = (unsigned char)( x >> 8 ); if( j > 1 ) *p++ = MBEDTLS_BYTE_1( x );
if( j > 2 ) *p++ = (unsigned char)( x ); if( j > 2 ) *p++ = MBEDTLS_BYTE_0( x );
} }
} }

View file

@ -49,29 +49,6 @@
#define CAMELLIA_VALIDATE( cond ) \ #define CAMELLIA_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
static const unsigned char SIGMA_CHARS[6][8] = static const unsigned char SIGMA_CHARS[6][8] =
{ {
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@ -301,14 +278,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
I0 = x[0] ^ k[0]; I0 = x[0] ^ k[0];
I1 = x[1] ^ k[1]; I1 = x[1] ^ k[1];
I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) |
((uint32_t) SBOX4((I0 ) & 0xFF) ); ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) );
I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) |
((uint32_t) SBOX1((I1 ) & 0xFF) ); ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) );
I0 ^= (I1 << 8) | (I1 >> 24); I0 ^= (I1 << 8) | (I1 >> 24);
I1 ^= (I0 << 16) | (I0 >> 16); I1 ^= (I0 << 16) | (I0 >> 16);
@ -376,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
* Prepare SIGMA values * Prepare SIGMA values
*/ */
for( i = 0; i < 6; i++ ) { for( i = 0; i < 6; i++ ) {
GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
} }
/* /*
@ -388,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
/* Store KL, KR */ /* Store KL, KR */
for( i = 0; i < 8; i++ ) for( i = 0; i < 8; i++ )
GET_UINT32_BE( KC[i], t, i * 4 ); KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
/* Generate KA */ /* Generate KA */
for( i = 0; i < 4; ++i ) for( i = 0; i < 4; ++i )
@ -514,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
NR = ctx->nr; NR = ctx->nr;
RK = ctx->rk; RK = ctx->rk;
GET_UINT32_BE( X[0], input, 0 ); X[0] = MBEDTLS_GET_UINT32_BE( input, 0 );
GET_UINT32_BE( X[1], input, 4 ); X[1] = MBEDTLS_GET_UINT32_BE( input, 4 );
GET_UINT32_BE( X[2], input, 8 ); X[2] = MBEDTLS_GET_UINT32_BE( input, 8 );
GET_UINT32_BE( X[3], input, 12 ); X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
X[0] ^= *RK++; X[0] ^= *RK++;
X[1] ^= *RK++; X[1] ^= *RK++;
@ -552,10 +529,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
X[0] ^= *RK++; X[0] ^= *RK++;
X[1] ^= *RK++; X[1] ^= *RK++;
PUT_UINT32_BE( X[2], output, 0 ); MBEDTLS_PUT_UINT32_BE( X[2], output, 0 );
PUT_UINT32_BE( X[3], output, 4 ); MBEDTLS_PUT_UINT32_BE( X[3], output, 4 );
PUT_UINT32_BE( X[0], output, 8 ); MBEDTLS_PUT_UINT32_BE( X[0], output, 8 );
PUT_UINT32_BE( X[1], output, 12 ); MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
return( 0 ); return( 0 );
} }

View file

@ -171,7 +171,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
ctx->y[0] |= ctx->q - 1; ctx->y[0] |= ctx->q - 1;
for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 ) for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
ctx->y[15-i] = (unsigned char)( len_left & 0xFF ); ctx->y[15-i] = MBEDTLS_BYTE_0( len_left );
if( len_left > 0 ) if( len_left > 0 )
{ {

View file

@ -54,13 +54,6 @@
#define CHACHA20_VALIDATE( cond ) \ #define CHACHA20_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
#define BYTES_TO_U32_LE( data, offset ) \
( (uint32_t) (data)[offset] \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
)
#define ROTL32( value, amount ) \ #define ROTL32( value, amount ) \
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) ) ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
@ -171,10 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16],
{ {
size_t offset = i * 4U; size_t offset = i * 4U;
keystream[offset ] = (unsigned char)( working_state[i] ); MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 );
keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
} }
mbedtls_platform_zeroize( working_state, sizeof( working_state ) ); mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
@ -212,14 +202,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
ctx->state[3] = 0x6b206574; ctx->state[3] = 0x6b206574;
/* Set key */ /* Set key */
ctx->state[4] = BYTES_TO_U32_LE( key, 0 ); ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 );
ctx->state[5] = BYTES_TO_U32_LE( key, 4 ); ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 );
ctx->state[6] = BYTES_TO_U32_LE( key, 8 ); ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 );
ctx->state[7] = BYTES_TO_U32_LE( key, 12 ); ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 );
ctx->state[8] = BYTES_TO_U32_LE( key, 16 ); ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 );
ctx->state[9] = BYTES_TO_U32_LE( key, 20 ); ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 );
ctx->state[10] = BYTES_TO_U32_LE( key, 24 ); ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
ctx->state[11] = BYTES_TO_U32_LE( key, 28 ); ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
return( 0 ); return( 0 );
} }
@ -235,9 +225,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
ctx->state[12] = counter; ctx->state[12] = counter;
/* Nonce */ /* Nonce */
ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 ); ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 ); ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 ); ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );

View file

@ -263,22 +263,8 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
/* The lengths of the AAD and ciphertext are processed by /* The lengths of the AAD and ciphertext are processed by
* Poly1305 as the final 128-bit block, encoded as little-endian integers. * Poly1305 as the final 128-bit block, encoded as little-endian integers.
*/ */
len_block[ 0] = (unsigned char)( ctx->aad_len ); MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 ); MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
len_block[ 8] = (unsigned char)( ctx->ciphertext_len );
len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 );
len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
if( ret != 0 ) if( ret != 0 )

View file

@ -25,6 +25,8 @@
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
#include <stdint.h>
/** Helper to define a function as static except when building invasive tests. /** Helper to define a function as static except when building invasive tests.
* *
* If a function is only used inside its own source file and should be * If a function is only used inside its own source file and should be
@ -66,4 +68,254 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS #define MBEDTLS_ALLOW_PRIVATE_ACCESS
/** Byte Reading Macros
*
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
* byte from x, where byte 0 is the least significant byte.
*/
#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) )
#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
/**
* Get the unsigned 32 bits integer corresponding to four bytes in
* big-endian order (MSB first).
*
* \param data Base address of the memory to get the four bytes from.
* \param offset Offset from \p base of the first and most significant
* byte of the four bytes to build the 32 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT32_BE
#define MBEDTLS_GET_UINT32_BE( data , offset ) \
( \
( (uint32_t) ( data )[( offset ) ] << 24 ) \
| ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \
| ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \
| ( (uint32_t) ( data )[( offset ) + 3] ) \
)
#endif
/**
* Put in memory a 32 bits unsigned integer in big-endian order.
*
* \param n 32 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 32
* bits unsigned integer in.
* \param offset Offset from \p base where to put the most significant
* byte of the 32 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT32_BE
#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \
( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \
( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \
}
#endif
/**
* Get the unsigned 32 bits integer corresponding to four bytes in
* little-endian order (LSB first).
*
* \param data Base address of the memory to get the four bytes from.
* \param offset Offset from \p base of the first and least significant
* byte of the four bytes to build the 32 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT32_LE
#define MBEDTLS_GET_UINT32_LE( data, offset ) \
( \
( (uint32_t) ( data )[( offset ) ] ) \
| ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
| ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
| ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \
)
#endif
/**
* Put in memory a 32 bits unsigned integer in little-endian order.
*
* \param n 32 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 32
* bits unsigned integer in.
* \param offset Offset from \p base where to put the least significant
* byte of the 32 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT32_LE
#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
}
#endif
/**
* Get the unsigned 16 bits integer corresponding to two bytes in
* little-endian order (LSB first).
*
* \param data Base address of the memory to get the two bytes from.
* \param offset Offset from \p base of the first and least significant
* byte of the two bytes to build the 16 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT16_LE
#define MBEDTLS_GET_UINT16_LE( data, offset ) \
( \
( (uint16_t) ( data )[( offset ) ] ) \
| ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \
)
#endif
/**
* Put in memory a 16 bits unsigned integer in little-endian order.
*
* \param n 16 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 16
* bits unsigned integer in.
* \param offset Offset from \p base where to put the least significant
* byte of the 16 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT16_LE
#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
}
#endif
/**
* Get the unsigned 16 bits integer corresponding to two bytes in
* big-endian order (MSB first).
*
* \param data Base address of the memory to get the two bytes from.
* \param offset Offset from \p base of the first and most significant
* byte of the two bytes to build the 16 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT16_BE
#define MBEDTLS_GET_UINT16_BE( data, offset ) \
( \
( (uint16_t) ( data )[( offset ) ] << 8 ) \
| ( (uint16_t) ( data )[( offset ) + 1] ) \
)
#endif
/**
* Put in memory a 16 bits unsigned integer in big-endian order.
*
* \param n 16 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 16
* bits unsigned integer in.
* \param offset Offset from \p base where to put the most significant
* byte of the 16 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT16_BE
#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \
}
#endif
/**
* Get the unsigned 64 bits integer corresponding to eight bytes in
* big-endian order (MSB first).
*
* \param data Base address of the memory to get the eight bytes from.
* \param offset Offset from \p base of the first and most significant
* byte of the eight bytes to build the 64 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT64_BE
#define MBEDTLS_GET_UINT64_BE( data, offset ) \
( \
( (uint64_t) ( data )[( offset ) ] << 56 ) \
| ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \
| ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \
| ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \
| ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \
| ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \
| ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \
| ( (uint64_t) ( data )[( offset ) + 7] ) \
)
#endif
/**
* Put in memory a 64 bits unsigned integer in big-endian order.
*
* \param n 64 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 64
* bits unsigned integer in.
* \param offset Offset from \p base where to put the most significant
* byte of the 64 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT64_BE
#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \
( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \
( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \
( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \
( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \
( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \
( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \
}
#endif
/**
* Get the unsigned 64 bits integer corresponding to eight bytes in
* little-endian order (LSB first).
*
* \param data Base address of the memory to get the eight bytes from.
* \param offset Offset from \p base of the first and least significant
* byte of the eight bytes to build the 64 bits unsigned
* integer from.
*/
#ifndef MBEDTLS_GET_UINT64_LE
#define MBEDTLS_GET_UINT64_LE( data, offset ) \
( \
( (uint64_t) ( data )[( offset ) + 7] << 56 ) \
| ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \
| ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \
| ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \
| ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \
| ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \
| ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \
| ( (uint64_t) ( data )[( offset ) ] ) \
)
#endif
/**
* Put in memory a 64 bits unsigned integer in little-endian order.
*
* \param n 64 bits unsigned integer to put in memory.
* \param data Base address of the memory where to put the 64
* bits unsigned integer in.
* \param offset Offset from \p base where to put the least significant
* byte of the 64 bits unsigned integer \p n.
*/
#ifndef MBEDTLS_PUT_UINT64_LE
#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \
{ \
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \
( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \
( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \
( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \
}
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */ #endif /* MBEDTLS_LIBRARY_COMMON_H */

View file

@ -152,11 +152,8 @@ static int block_cipher_df( unsigned char *output,
* (Total is padded to a multiple of 16-bytes with zeroes) * (Total is padded to a multiple of 16-bytes with zeroes)
*/ */
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE; p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
*p++ = ( data_len >> 24 ) & 0xff; MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
*p++ = ( data_len >> 16 ) & 0xff; p += 4 + 3;
*p++ = ( data_len >> 8 ) & 0xff;
*p++ = ( data_len ) & 0xff;
p += 3;
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN; *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
memcpy( p, data, data_len ); memcpy( p, data, data_len );
p[data_len] = 0x80; p[data_len] = 0x80;

View file

@ -43,29 +43,6 @@
#if !defined(MBEDTLS_DES_ALT) #if !defined(MBEDTLS_DES_ALT)
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
/* /*
* Expanded DES S-boxes * Expanded DES S-boxes
*/ */
@ -423,8 +400,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
int i; int i;
uint32_t X, Y, T; uint32_t X, Y, T;
GET_UINT32_BE( X, key, 0 ); X = MBEDTLS_GET_UINT32_BE( key, 0 );
GET_UINT32_BE( Y, key, 4 ); Y = MBEDTLS_GET_UINT32_BE( key, 4 );
/* /*
* Permuted Choice 1 * Permuted Choice 1
@ -633,8 +610,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
SK = ctx->sk; SK = ctx->sk;
GET_UINT32_BE( X, input, 0 ); X = MBEDTLS_GET_UINT32_BE( input, 0 );
GET_UINT32_BE( Y, input, 4 ); Y = MBEDTLS_GET_UINT32_BE( input, 4 );
DES_IP( X, Y ); DES_IP( X, Y );
@ -646,8 +623,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
DES_FP( Y, X ); DES_FP( Y, X );
PUT_UINT32_BE( Y, output, 0 ); MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
PUT_UINT32_BE( X, output, 4 ); MBEDTLS_PUT_UINT32_BE( X, output, 4 );
return( 0 ); return( 0 );
} }
@ -720,8 +697,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
SK = ctx->sk; SK = ctx->sk;
GET_UINT32_BE( X, input, 0 ); X = MBEDTLS_GET_UINT32_BE( input, 0 );
GET_UINT32_BE( Y, input, 4 ); Y = MBEDTLS_GET_UINT32_BE( input, 4 );
DES_IP( X, Y ); DES_IP( X, Y );
@ -745,8 +722,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
DES_FP( Y, X ); DES_FP( Y, X );
PUT_UINT32_BE( Y, output, 0 ); MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
PUT_UINT32_BE( X, output, 4 ); MBEDTLS_PUT_UINT32_BE( X, output, 4 );
return( 0 ); return( 0 );
} }

View file

@ -270,8 +270,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
p + 2, \ p + 2, \
( n ) ) ); \ ( n ) ) ); \
*p++ = (unsigned char)( ( n ) >> 8 ); \ *p++ = MBEDTLS_BYTE_1( n ); \
*p++ = (unsigned char)( ( n ) ); \ *p++ = MBEDTLS_BYTE_0( n ); \
p += ( n ); \ p += ( n ); \
} while( 0 ) } while( 0 )

View file

@ -180,10 +180,7 @@ static int ecjpake_write_len_point( unsigned char **p,
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
(*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
(*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
(*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF );
(*p)[3] = (unsigned char)( ( len ) & 0xFF );
*p += 4 + len; *p += 4 + len;
@ -223,10 +220,8 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
if( end - p < 4 ) if( end - p < 4 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
*p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
*p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF ); p += 4;
*p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( id_len ) & 0xFF );
if( end < p || (size_t)( end - p ) < id_len ) if( end < p || (size_t)( end - p ) < id_len )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@ -366,7 +361,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
goto cleanup; goto cleanup;
} }
*(*p)++ = (unsigned char)( len & 0xFF ); *(*p)++ = MBEDTLS_BYTE_0( len );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
*p += len; *p += len;

View file

@ -1012,8 +1012,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
/* /*
* Next two bytes are the namedcurve value * Next two bytes are the namedcurve value
*/ */
buf[0] = curve_info->tls_id >> 8; MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
buf[1] = curve_info->tls_id & 0xFF;
return( 0 ); return( 0 );
} }

View file

@ -58,29 +58,6 @@
#define GCM_VALIDATE( cond ) \ #define GCM_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
/* /*
* Initialize a context * Initialize a context
*/ */
@ -111,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
return( ret ); return( ret );
/* pack h as two 64-bits ints, big-endian */ /* pack h as two 64-bits ints, big-endian */
GET_UINT32_BE( hi, h, 0 ); hi = MBEDTLS_GET_UINT32_BE( h, 0 );
GET_UINT32_BE( lo, h, 4 ); lo = MBEDTLS_GET_UINT32_BE( h, 4 );
vh = (uint64_t) hi << 32 | lo; vh = (uint64_t) hi << 32 | lo;
GET_UINT32_BE( hi, h, 8 ); hi = MBEDTLS_GET_UINT32_BE( h, 8 );
GET_UINT32_BE( lo, h, 12 ); lo = MBEDTLS_GET_UINT32_BE( h, 12 );
vl = (uint64_t) hi << 32 | lo; vl = (uint64_t) hi << 32 | lo;
/* 8 = 1000 corresponds to 1 in GF(2^128) */ /* 8 = 1000 corresponds to 1 in GF(2^128) */
@ -223,10 +200,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) { if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
unsigned char h[16]; unsigned char h[16];
PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 ); MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
PUT_UINT32_BE( ctx->HH[8], h, 4 ); MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 );
PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 ); MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
PUT_UINT32_BE( ctx->HL[8], h, 12 ); MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 );
mbedtls_aesni_gcm_mult( output, x, h ); mbedtls_aesni_gcm_mult( output, x, h );
return; return;
@ -262,10 +239,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
zl ^= ctx->HL[hi]; zl ^= ctx->HL[hi];
} }
PUT_UINT32_BE( zh >> 32, output, 0 ); MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
PUT_UINT32_BE( zh, output, 4 ); MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
PUT_UINT32_BE( zl >> 32, output, 8 ); MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
PUT_UINT32_BE( zl, output, 12 ); MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
} }
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
@ -301,7 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
else else
{ {
memset( work_buf, 0x00, 16 ); memset( work_buf, 0x00, 16 );
PUT_UINT32_BE( iv_len * 8, work_buf, 12 ); MBEDTLS_PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
p = iv; p = iv;
while( iv_len > 0 ) while( iv_len > 0 )
@ -569,10 +546,10 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
{ {
memset( work_buf, 0x00, 16 ); memset( work_buf, 0x00, 16 );
PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 ); MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 ); MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 ); MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
PUT_UINT32_BE( ( orig_len ), work_buf, 12 ); MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
ctx->buf[i] ^= work_buf[i]; ctx->buf[i] ^= work_buf[i];

View file

@ -43,29 +43,6 @@
#if !defined(MBEDTLS_MD5_ALT) #if !defined(MBEDTLS_MD5_ALT)
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
void mbedtls_md5_init( mbedtls_md5_context *ctx ) void mbedtls_md5_init( mbedtls_md5_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_md5_context ) ); memset( ctx, 0, sizeof( mbedtls_md5_context ) );
@ -110,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
uint32_t X[16], A, B, C, D; uint32_t X[16], A, B, C, D;
} local; } local;
GET_UINT32_LE( local.X[ 0], data, 0 ); local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
GET_UINT32_LE( local.X[ 1], data, 4 ); local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
GET_UINT32_LE( local.X[ 2], data, 8 ); local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
GET_UINT32_LE( local.X[ 3], data, 12 ); local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
GET_UINT32_LE( local.X[ 4], data, 16 ); local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
GET_UINT32_LE( local.X[ 5], data, 20 ); local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
GET_UINT32_LE( local.X[ 6], data, 24 ); local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
GET_UINT32_LE( local.X[ 7], data, 28 ); local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
GET_UINT32_LE( local.X[ 8], data, 32 ); local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
GET_UINT32_LE( local.X[ 9], data, 36 ); local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
GET_UINT32_LE( local.X[10], data, 40 ); local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
GET_UINT32_LE( local.X[11], data, 44 ); local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
GET_UINT32_LE( local.X[12], data, 48 ); local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
GET_UINT32_LE( local.X[13], data, 52 ); local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
GET_UINT32_LE( local.X[14], data, 56 ); local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
GET_UINT32_LE( local.X[15], data, 60 ); local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
#define S(x,n) \ #define S(x,n) \
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) ) ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
@ -330,8 +307,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 ); low = ( ctx->total[0] << 3 );
PUT_UINT32_LE( low, ctx->buffer, 56 ); MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 );
PUT_UINT32_LE( high, ctx->buffer, 60 ); MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
return( ret ); return( ret );
@ -339,10 +316,10 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
/* /*
* Output final state * Output final state
*/ */
PUT_UINT32_LE( ctx->state[0], output, 0 ); MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
PUT_UINT32_LE( ctx->state[1], output, 4 ); MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
PUT_UINT32_LE( ctx->state[2], output, 8 ); MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
PUT_UINT32_LE( ctx->state[3], output, 12 ); MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
return( 0 ); return( 0 );
} }

View file

@ -77,26 +77,6 @@ static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
/*! The 32-bit default integrity check value (ICV) for KWP mode. */ /*! The 32-bit default integrity check value (ICV) for KWP mode. */
static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6}; static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
do { \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
} while( 0 )
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
do { \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
} while( 0 )
#endif
/* /*
* Initialize context * Initialize context
*/ */
@ -243,7 +223,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
} }
memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 ); memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
PUT_UINT32_BE( ( in_len & 0xffffffff ), output, MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
KW_SEMIBLOCK_LENGTH / 2 ); KW_SEMIBLOCK_LENGTH / 2 );
memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len ); memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
@ -474,7 +454,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
} }
GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 ); Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
/* /*
* Plen is the length of the plaintext, when the input is valid. * Plen is the length of the plaintext, when the input is valid.

View file

@ -285,8 +285,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
for( i = v; i > 0; i-- ) for( i = v; i > 0; i-- )
{ {
j = salt_block[i - 1] + hash_block[i - 1] + c; j = salt_block[i - 1] + hash_block[i - 1] + c;
c = (unsigned char) (j >> 8); c = MBEDTLS_BYTE_1( j );
salt_block[i - 1] = j & 0xFF; salt_block[i - 1] = MBEDTLS_BYTE_0( j );
} }
// pwd_block += B // pwd_block += B
@ -294,8 +294,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
for( i = v; i > 0; i-- ) for( i = v; i > 0; i-- )
{ {
j = pwd_block[i - 1] + hash_block[i - 1] + c; j = pwd_block[i - 1] + hash_block[i - 1] + c;
c = (unsigned char) (j >> 8); c = MBEDTLS_BYTE_1( j );
pwd_block[i - 1] = j & 0xFF; pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
} }
} }

View file

@ -52,13 +52,6 @@
#define POLY1305_BLOCK_SIZE_BYTES ( 16U ) #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
#define BYTES_TO_U32_LE( data, offset ) \
( (uint32_t) (data)[offset] \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
)
/* /*
* Our implementation is tuned for 32-bit platforms with a 64-bit multiplier. * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
* However we provided an alternative for platforms without such a multiplier. * However we provided an alternative for platforms without such a multiplier.
@ -129,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
for( i = 0U; i < nblocks; i++ ) for( i = 0U; i < nblocks; i++ )
{ {
/* The input block is treated as a 128-bit little-endian integer */ /* The input block is treated as a 128-bit little-endian integer */
d0 = BYTES_TO_U32_LE( input, offset + 0 ); d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 );
d1 = BYTES_TO_U32_LE( input, offset + 4 ); d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 );
d2 = BYTES_TO_U32_LE( input, offset + 8 ); d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 );
d3 = BYTES_TO_U32_LE( input, offset + 12 ); d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
/* Compute: acc += (padded) block as a 130-bit integer */ /* Compute: acc += (padded) block as a 130-bit integer */
d0 += (uint64_t) acc0; d0 += (uint64_t) acc0;
@ -257,22 +250,10 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
/* Compute MAC (128 least significant bits of the accumulator) */ /* Compute MAC (128 least significant bits of the accumulator) */
mac[ 0] = (unsigned char)( acc0 ); MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 );
mac[ 1] = (unsigned char)( acc0 >> 8 ); MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 );
mac[ 2] = (unsigned char)( acc0 >> 16 ); MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 );
mac[ 3] = (unsigned char)( acc0 >> 24 ); MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
mac[ 4] = (unsigned char)( acc1 );
mac[ 5] = (unsigned char)( acc1 >> 8 );
mac[ 6] = (unsigned char)( acc1 >> 16 );
mac[ 7] = (unsigned char)( acc1 >> 24 );
mac[ 8] = (unsigned char)( acc2 );
mac[ 9] = (unsigned char)( acc2 >> 8 );
mac[10] = (unsigned char)( acc2 >> 16 );
mac[11] = (unsigned char)( acc2 >> 24 );
mac[12] = (unsigned char)( acc3 );
mac[13] = (unsigned char)( acc3 >> 8 );
mac[14] = (unsigned char)( acc3 >> 16 );
mac[15] = (unsigned char)( acc3 >> 24 );
} }
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
@ -297,15 +278,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
POLY1305_VALIDATE_RET( key != NULL ); POLY1305_VALIDATE_RET( key != NULL );
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU;
ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU; ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU;
ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU; ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU;
ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU; ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
ctx->s[0] = BYTES_TO_U32_LE( key, 16 ); ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
ctx->s[1] = BYTES_TO_U32_LE( key, 20 ); ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
ctx->s[2] = BYTES_TO_U32_LE( key, 24 ); ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
ctx->s[3] = BYTES_TO_U32_LE( key, 28 ); ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
/* Initial accumulator state */ /* Initial accumulator state */
ctx->acc[0] = 0U; ctx->acc[0] = 0U;

View file

@ -4506,8 +4506,8 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
* uint16 with the value N, and the PSK itself. * uint16 with the value N, and the PSK itself.
*/ */
*cur++ = ( data_length >> 8 ) & 0xff; *cur++ = MBEDTLS_BYTE_1( data_length );
*cur++ = ( data_length >> 0 ) & 0xff; *cur++ = MBEDTLS_BYTE_0( data_length );
memset( cur, 0, data_length ); memset( cur, 0, data_length );
cur += data_length; cur += data_length;
*cur++ = pms[0]; *cur++ = pms[0];

View file

@ -230,48 +230,6 @@ static psa_status_t psa_crypto_storage_get_data_length(
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE( n, b, i ) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE( n, b, i ) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
/*
* 16-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT16_LE
#define GET_UINT16_LE( n, b, i ) \
{ \
(n) = ( (uint16_t) (b)[(i) ] ) \
| ( (uint16_t) (b)[(i) + 1] << 8 ); \
}
#endif
#ifndef PUT_UINT16_LE
#define PUT_UINT16_LE( n, b, i ) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
}
#endif
/** /**
* Persistent key storage magic header. * Persistent key storage magic header.
*/ */
@ -298,14 +256,14 @@ void psa_format_key_data_for_storage( const uint8_t *data,
(psa_persistent_key_storage_format *) storage_data; (psa_persistent_key_storage_format *) storage_data;
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
PUT_UINT32_LE( 0, storage_format->version, 0 ); MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
PUT_UINT32_LE( data_length, storage_format->data_len, 0 ); MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
memcpy( storage_format->key_data, data, data_length ); memcpy( storage_format->key_data, data, data_length );
} }
@ -335,11 +293,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
GET_UINT32_LE( version, storage_format->version, 0 ); version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
if( version != 0 ) if( version != 0 )
return( PSA_ERROR_DATA_INVALID ); return( PSA_ERROR_DATA_INVALID );
GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 ); *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) || if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
return( PSA_ERROR_DATA_INVALID ); return( PSA_ERROR_DATA_INVALID );
@ -356,12 +314,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
memcpy( *key_data, storage_format->key_data, *key_data_length ); memcpy( *key_data, storage_format->key_data, *key_data_length );
} }
GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
GET_UINT16_LE( attr->type, storage_format->type, 0 ); attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
GET_UINT16_LE( attr->bits, storage_format->bits, 0 ); attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }

View file

@ -191,14 +191,8 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
size_t n; size_t n;
memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH ); memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
header.size[0] = data_length & 0xff; MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
header.size[1] = ( data_length >> 8 ) & 0xff; MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
header.size[2] = ( data_length >> 16 ) & 0xff;
header.size[3] = ( data_length >> 24 ) & 0xff;
header.flags[0] = create_flags & 0xff;
header.flags[1] = ( create_flags >> 8 ) & 0xff;
header.flags[2] = ( create_flags >> 16 ) & 0xff;
header.flags[3] = ( create_flags >> 24 ) & 0xff;
psa_its_fill_filename( uid, filename ); psa_its_fill_filename( uid, filename );
stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" ); stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );

View file

@ -44,29 +44,6 @@
#if !defined(MBEDTLS_RIPEMD160_ALT) #if !defined(MBEDTLS_RIPEMD160_ALT)
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
@ -115,22 +92,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
} local; } local;
GET_UINT32_LE( local.X[ 0], data, 0 ); local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
GET_UINT32_LE( local.X[ 1], data, 4 ); local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
GET_UINT32_LE( local.X[ 2], data, 8 ); local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
GET_UINT32_LE( local.X[ 3], data, 12 ); local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
GET_UINT32_LE( local.X[ 4], data, 16 ); local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
GET_UINT32_LE( local.X[ 5], data, 20 ); local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
GET_UINT32_LE( local.X[ 6], data, 24 ); local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
GET_UINT32_LE( local.X[ 7], data, 28 ); local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
GET_UINT32_LE( local.X[ 8], data, 32 ); local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
GET_UINT32_LE( local.X[ 9], data, 36 ); local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
GET_UINT32_LE( local.X[10], data, 40 ); local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
GET_UINT32_LE( local.X[11], data, 44 ); local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
GET_UINT32_LE( local.X[12], data, 48 ); local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
GET_UINT32_LE( local.X[13], data, 52 ); local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
GET_UINT32_LE( local.X[14], data, 56 ); local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
GET_UINT32_LE( local.X[15], data, 60 ); local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
local.A = local.Ap = ctx->state[0]; local.A = local.Ap = ctx->state[0];
local.B = local.Bp = ctx->state[1]; local.B = local.Bp = ctx->state[1];
@ -377,8 +354,8 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 ); low = ( ctx->total[0] << 3 );
PUT_UINT32_LE( low, msglen, 0 ); MBEDTLS_PUT_UINT32_LE( low, msglen, 0 );
PUT_UINT32_LE( high, msglen, 4 ); MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F; last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
@ -391,11 +368,11 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
PUT_UINT32_LE( ctx->state[0], output, 0 ); MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
PUT_UINT32_LE( ctx->state[1], output, 4 ); MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
PUT_UINT32_LE( ctx->state[2], output, 8 ); MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
PUT_UINT32_LE( ctx->state[3], output, 12 ); MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
PUT_UINT32_LE( ctx->state[4], output, 16 ); MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
return( 0 ); return( 0 );
} }

View file

@ -48,29 +48,6 @@
#if !defined(MBEDTLS_SHA1_ALT) #if !defined(MBEDTLS_SHA1_ALT)
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{ {
SHA1_VALIDATE( ctx != NULL ); SHA1_VALIDATE( ctx != NULL );
@ -126,22 +103,22 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
SHA1_VALIDATE_RET( ctx != NULL ); SHA1_VALIDATE_RET( ctx != NULL );
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
GET_UINT32_BE( local.W[ 0], data, 0 ); local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
GET_UINT32_BE( local.W[ 1], data, 4 ); local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
GET_UINT32_BE( local.W[ 2], data, 8 ); local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
GET_UINT32_BE( local.W[ 3], data, 12 ); local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
GET_UINT32_BE( local.W[ 4], data, 16 ); local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
GET_UINT32_BE( local.W[ 5], data, 20 ); local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
GET_UINT32_BE( local.W[ 6], data, 24 ); local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
GET_UINT32_BE( local.W[ 7], data, 28 ); local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
GET_UINT32_BE( local.W[ 8], data, 32 ); local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
GET_UINT32_BE( local.W[ 9], data, 36 ); local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
GET_UINT32_BE( local.W[10], data, 40 ); local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
GET_UINT32_BE( local.W[11], data, 44 ); local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
GET_UINT32_BE( local.W[12], data, 48 ); local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
GET_UINT32_BE( local.W[13], data, 52 ); local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
GET_UINT32_BE( local.W[14], data, 56 ); local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
GET_UINT32_BE( local.W[15], data, 60 ); local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
@ -385,8 +362,8 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 ); low = ( ctx->total[0] << 3 );
PUT_UINT32_BE( high, ctx->buffer, 56 ); MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
PUT_UINT32_BE( low, ctx->buffer, 60 ); MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
return( ret ); return( ret );
@ -394,11 +371,11 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
/* /*
* Output final state * Output final state
*/ */
PUT_UINT32_BE( ctx->state[0], output, 0 ); MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 ); MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 ); MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
PUT_UINT32_BE( ctx->state[3], output, 12 ); MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
PUT_UINT32_BE( ctx->state[4], output, 16 ); MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
return( 0 ); return( 0 );
} }

View file

@ -50,29 +50,6 @@
#if !defined(MBEDTLS_SHA256_ALT) #if !defined(MBEDTLS_SHA256_ALT)
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
do { \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
} while( 0 )
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) \
do { \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
} while( 0 )
#endif
void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{ {
SHA256_VALIDATE( ctx != NULL ); SHA256_VALIDATE( ctx != NULL );
@ -213,7 +190,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
for( i = 0; i < 64; i++ ) for( i = 0; i < 64; i++ )
{ {
if( i < 16 ) if( i < 16 )
GET_UINT32_BE( local.W[i], data, 4 * i ); local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
else else
R( i ); R( i );
@ -228,7 +205,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
} }
#else /* MBEDTLS_SHA256_SMALLER */ #else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
GET_UINT32_BE( local.W[i], data, 4 * i ); local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
for( i = 0; i < 16; i += 8 ) for( i = 0; i < 16; i += 8 )
{ {
@ -378,8 +355,8 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 ); low = ( ctx->total[0] << 3 );
PUT_UINT32_BE( high, ctx->buffer, 56 ); MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
PUT_UINT32_BE( low, ctx->buffer, 60 ); MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
return( ret ); return( ret );
@ -387,18 +364,18 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
/* /*
* Output final state * Output final state
*/ */
PUT_UINT32_BE( ctx->state[0], output, 0 ); MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 ); MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
PUT_UINT32_BE( ctx->state[2], output, 8 ); MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
PUT_UINT32_BE( ctx->state[3], output, 12 ); MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
PUT_UINT32_BE( ctx->state[4], output, 16 ); MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
PUT_UINT32_BE( ctx->state[5], output, 20 ); MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
PUT_UINT32_BE( ctx->state[6], output, 24 ); MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
#if defined(MBEDTLS_SHA224_C) #if defined(MBEDTLS_SHA224_C)
if( ctx->is224 == 0 ) if( ctx->is224 == 0 )
#endif #endif
PUT_UINT32_BE( ctx->state[7], output, 28 ); MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
return( 0 ); return( 0 );
} }

View file

@ -56,44 +56,13 @@
#if !defined(MBEDTLS_SHA512_ALT) #if !defined(MBEDTLS_SHA512_ALT)
/*
* 64-bit integer manipulation macros (big endian)
*/
#ifndef GET_UINT64_BE
#define GET_UINT64_BE(n,b,i) \
{ \
(n) = ( (uint64_t) (b)[(i) ] << 56 ) \
| ( (uint64_t) (b)[(i) + 1] << 48 ) \
| ( (uint64_t) (b)[(i) + 2] << 40 ) \
| ( (uint64_t) (b)[(i) + 3] << 32 ) \
| ( (uint64_t) (b)[(i) + 4] << 24 ) \
| ( (uint64_t) (b)[(i) + 5] << 16 ) \
| ( (uint64_t) (b)[(i) + 6] << 8 ) \
| ( (uint64_t) (b)[(i) + 7] ); \
}
#endif /* GET_UINT64_BE */
#ifndef PUT_UINT64_BE
#define PUT_UINT64_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
(b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 7] = (unsigned char) ( (n) ); \
}
#endif /* PUT_UINT64_BE */
#if defined(MBEDTLS_SHA512_SMALLER) #if defined(MBEDTLS_SHA512_SMALLER)
static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
{ {
PUT_UINT64_BE(n, b, i); MBEDTLS_PUT_UINT64_BE(n, b, i);
} }
#else #else
#define sha512_put_uint64_be PUT_UINT64_BE #define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE
#endif /* MBEDTLS_SHA512_SMALLER */ #endif /* MBEDTLS_SHA512_SMALLER */
void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
@ -261,7 +230,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
{ {
if( i < 16 ) if( i < 16 )
{ {
GET_UINT64_BE( local.W[i], data, i << 3 ); local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
} }
else else
{ {
@ -281,7 +250,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
#else /* MBEDTLS_SHA512_SMALLER */ #else /* MBEDTLS_SHA512_SMALLER */
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
{ {
GET_UINT64_BE( local.W[i], data, i << 3 ); local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
} }
for( ; i < 80; i++ ) for( ; i < 80; i++ )

View file

@ -136,18 +136,19 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
* } ServerNameList; * } ServerNameList;
* *
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
*p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
*p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
*p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( hostname_len ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
p += 2;
memcpy( p, ssl->hostname, hostname_len ); memcpy( p, ssl->hostname, hostname_len );
@ -181,14 +182,12 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
& 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO )
& 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF; *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
*p++ = ssl->verify_data_len & 0xFF; *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
@ -283,14 +282,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
* SignatureAndHashAlgorithm * SignatureAndHashAlgorithm
* supported_signature_algorithms<2..2^16-2>; * supported_signature_algorithms<2..2^16-2>;
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); p += 2;
*olen = 6 + sig_alg_len; *olen = 6 + sig_alg_len;
@ -354,20 +353,18 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
grp_id++ ) grp_id++ )
{ {
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
& 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES )
& 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); p += 2;
*olen = 6 + elliptic_curve_len; *olen = 6 + elliptic_curve_len;
@ -388,10 +385,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
( "client hello, adding supported_point_formats extension" ) ); ( "client hello, adding supported_point_formats extension" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
& 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS )
& 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 2; *p++ = 2;
@ -427,8 +422,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); p += 2;
/* /*
* We may need to send ClientHello multiple times for Hello verification. * We may need to send ClientHello multiple times for Hello verification.
@ -470,8 +465,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
} }
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); p += 2;
*olen = kkpp_len + 4; *olen = kkpp_len + 4;
@ -510,11 +505,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
/* Add extension ID + size */ /* Add extension ID + size */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); p += 2;
ext_len = (size_t) ssl->own_cid_len + 1; ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += 2;
*p++ = (uint8_t) ssl->own_cid_len; *p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len ); memcpy( p, ssl->own_cid, ssl->own_cid_len );
@ -543,10 +538,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
& 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH )
& 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 1; *p++ = 1;
@ -577,8 +570,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -607,10 +600,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
& 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET )
& 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -641,11 +632,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
/* The addition is safe here since the ticket length is 16 bit. */ /* The addition is safe here since the ticket length is 16 bit. */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
*p++ = (unsigned char)( ( tlen ) & 0xFF ); p += 2;
*olen = 4; *olen = 4;
@ -685,8 +676,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); p += 2;
/* /*
* opaque ProtocolName<1..2^8-1>; * opaque ProtocolName<1..2^8-1>;
@ -713,12 +704,10 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
*olen = p - buf; *olen = p - buf;
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
return( 0 ); return( 0 );
} }
@ -770,12 +759,11 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
*/ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); p += 2;
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
*p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ext_len & 0xFF );
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
/* micro-optimization: /* micro-optimization:
@ -786,8 +774,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
* >> 8 ) & 0xFF ); * >> 8 ) & 0xFF );
*/ */
*p++ = 0; *p++ = 0;
*p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
& 0xFF );
for( protection_profiles_index=0; for( protection_profiles_index=0;
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
@ -799,8 +786,8 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
profile_value ) ); profile_value ) );
*p++ = ( ( profile_value >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
*p++ = ( profile_value & 0xFF ); p += 2;
} }
else else
{ {
@ -868,10 +855,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
t = mbedtls_time( NULL ); t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 ); MBEDTLS_PUT_UINT32_BE( t, p, 0 );
*p++ = (unsigned char)( t >> 16 ); p += 4;
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
(long long) t ) ); (long long) t ) );
@ -1154,8 +1139,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
n++; n++;
*p++ = (unsigned char)( ciphersuites[i] >> 8 ); MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
*p++ = (unsigned char)( ciphersuites[i] ); p += 2;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, MBEDTLS_SSL_DEBUG_MSG( 3,
@ -1170,8 +1155,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); p += 2;
n++; n++;
} }
@ -1334,9 +1319,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
/* No need to check for space here, because the extension /* No need to check for space here, because the extension
* writing functions already took care of that. */ * writing functions already took care of that. */
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += 2 + ext_len;
p += ext_len;
} }
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
@ -2756,8 +2740,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 ) if( len_bytes == 2 )
{ {
ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 ); MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
ssl->out_msg[offset+1] = (unsigned char)( *olen );
*olen += 2; *olen += 2;
} }
#endif #endif
@ -3514,8 +3497,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
*/ */
content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
ssl->out_msg[5] = (unsigned char)( content_len );
header_len = 6; header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
@ -3730,8 +3712,8 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
ssl->out_msg[header_len++] = (unsigned char)( content_len ); ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
memcpy( ssl->out_msg + header_len, memcpy( ssl->out_msg + header_len,
ssl->conf->psk_identity, ssl->conf->psk_identity,
@ -3782,8 +3764,8 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
ssl->out_msg[header_len++] = (unsigned char)( content_len ); ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
@ -4065,8 +4047,7 @@ sign:
return( ret ); return( ret );
} }
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
ssl->out_msg[5 + offset] = (unsigned char)( n );
ssl->out_msglen = 6 + n + offset; ssl->out_msglen = 6 + n + offset;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@ -4210,23 +4191,8 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */ * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)

View file

@ -165,10 +165,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
t = ctx->serial++; t = ctx->serial++;
#endif #endif
(*p)[0] = (unsigned char)( t >> 24 ); MBEDTLS_PUT_UINT32_BE(t, *p, 0);
(*p)[1] = (unsigned char)( t >> 16 );
(*p)[2] = (unsigned char)( t >> 8 );
(*p)[3] = (unsigned char)( t );
*p += 4; *p += 4;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)

View file

@ -562,6 +562,13 @@ struct mbedtls_ssl_handshake_params
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
/*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
* Those pointers own the transforms they reference. */
mbedtls_ssl_transform *transform_handshake;
mbedtls_ssl_transform *transform_earlydata;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* /*
* Checksum contexts * Checksum contexts
*/ */
@ -740,7 +747,8 @@ struct mbedtls_ssl_transform
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/* We need the Hello random bytes in order to re-derive keys from the /* We need the Hello random bytes in order to re-derive keys from the
* Master Secret and other session info, see ssl_populate_transform() */ * Master Secret and other session info,
* see ssl_tls12_populate_transform() */
unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */ unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
}; };
@ -881,6 +889,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
#endif
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
@ -971,7 +983,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
unsigned update_hs_digest ); unsigned update_hs_digest );
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
int update_checksum );
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
}
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
@ -1259,4 +1277,50 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
* ssl utils functions for checking configuration.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
#endif /* ssl_misc.h */ #endif /* ssl_misc.h */

View file

@ -384,7 +384,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
static void ssl_extract_add_data_from_record( unsigned char* add_data, static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len, size_t *add_data_len,
mbedtls_record *rec, mbedtls_record *rec,
unsigned minor_ver ) unsigned minor_ver,
size_t taglen )
{ {
/* Quoting RFC 5246 (TLS 1.2): /* Quoting RFC 5246 (TLS 1.2):
* *
@ -403,15 +404,37 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
* *
* For TLS 1.3, the record sequence number is dropped from the AAD * For TLS 1.3, the record sequence number is dropped from the AAD
* and encoded within the nonce of the AEAD operation instead. * and encoded within the nonce of the AEAD operation instead.
* Moreover, the additional data involves the length of the TLS
* ciphertext, not the TLS plaintext as in earlier versions.
* Quoting RFC 8446 (TLS 1.3):
*
* additional_data = TLSCiphertext.opaque_type ||
* TLSCiphertext.legacy_record_version ||
* TLSCiphertext.length
*
* We pass the tag length to this function in order to compute the
* ciphertext length from the inner plaintext length rec->data_len via
*
* TLSCiphertext.length = TLSInnerPlaintext.length + taglen.
*
*/ */
unsigned char *cur = add_data; unsigned char *cur = add_data;
size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
* which differs from the length of the TLSInnerPlaintext
* by the length of the authentication tag. */
ad_len_field += taglen;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
{ {
((void) minor_ver); ((void) minor_ver);
((void) taglen);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr ); cur += sizeof( rec->ctr );
} }
@ -431,15 +454,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
*cur = rec->cid_len; *cur = rec->cid_len;
cur++; cur++;
cur[0] = ( rec->data_len >> 8 ) & 0xFF; MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
cur[1] = ( rec->data_len >> 0 ) & 0xFF;
cur += 2; cur += 2;
} }
else else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{ {
cur[0] = ( rec->data_len >> 8 ) & 0xFF; MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
cur[1] = ( rec->data_len >> 0 ) & 0xFF;
cur += 2; cur += 2;
} }
@ -646,7 +667,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
unsigned char mac[MBEDTLS_SSL_MAC_ADD]; unsigned char mac[MBEDTLS_SSL_MAC_ADD];
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver ); transform->minor_ver,
transform->taglen );
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len ); add_data_len );
@ -743,7 +765,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* This depends on the TLS version. * This depends on the TLS version.
*/ */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver ); transform->minor_ver,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
iv, transform->ivlen ); iv, transform->ivlen );
@ -897,7 +920,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
} }
ssl_extract_add_data_from_record( add_data, &add_data_len, ssl_extract_add_data_from_record( add_data, &add_data_len,
rec, transform->minor_ver ); rec, transform->minor_ver,
transform->taglen );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
@ -1304,7 +1328,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* This depends on the TLS version. * This depends on the TLS version.
*/ */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver ); transform->minor_ver,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len ); add_data, add_data_len );
@ -1414,7 +1439,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
* Further, we still know that data_len > minlen */ * Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen; rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver ); transform->minor_ver,
transform->taglen );
/* Calculate expected MAC. */ /* Calculate expected MAC. */
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
@ -1606,7 +1632,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
*/ */
rec->data_len -= transform->maclen; rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver ); transform->minor_ver,
transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* /*
@ -2226,13 +2253,13 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
memcpy( ssl->out_msg, cur->p, 6 ); memcpy( ssl->out_msg, cur->p, 6 );
ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off );
ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off );
ssl->out_msg[8] = ( ( frag_off ) & 0xff ); ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off );
ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len );
ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len );
ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
@ -2360,7 +2387,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
* (including handshake headers but excluding record headers) * (including handshake headers but excluding record headers)
* - ssl->out_msg: the record contents (handshake headers + content) * - ssl->out_msg: the record contents (handshake headers + content)
*/ */
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
int update_checksum )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4; const size_t hs_len = ssl->out_msglen - 4;
@ -2421,9 +2449,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
*/ */
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{ {
ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len );
ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len );
ssl->out_msg[3] = (unsigned char)( hs_len ); ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len );
/* /*
* DTLS has additional fields in the Handshake layer, * DTLS has additional fields in the Handshake layer,
@ -2451,8 +2479,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
/* Write message_seq and update it, except for HelloRequest */ /* Write message_seq and update it, except for HelloRequest */
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{ {
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 );
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
++( ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq );
} }
else else
@ -2469,7 +2496,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Update running hashes of handshake messages seen */ /* Update running hashes of handshake messages seen */
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
} }
@ -2536,8 +2563,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
ssl->conf->transport, ssl->out_hdr + 1 ); ssl->conf->transport, ssl->out_hdr + 1 );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
ssl->out_len[0] = (unsigned char)( len >> 8 ); MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
ssl->out_len[1] = (unsigned char)( len );
if( ssl->transform_out != NULL ) if( ssl->transform_out != NULL )
{ {
@ -2577,8 +2603,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
memcpy( ssl->out_cid, rec.cid, rec.cid_len ); memcpy( ssl->out_cid, rec.cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len; ssl->out_msglen = len = rec.data_len;
ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 );
ssl->out_len[1] = (unsigned char)( rec.data_len );
} }
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
@ -3150,12 +3175,11 @@ static int ssl_check_dtls_clihlo_cookie(
/* Go back and fill length fields */ /* Go back and fill length fields */
obuf[27] = (unsigned char)( *olen - 28 ); obuf[27] = (unsigned char)( *olen - 28 );
obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 );
obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 );
obuf[12] = (unsigned char)( ( *olen - 13 ) );
return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
} }
@ -4535,8 +4559,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
ssl->in_hdr[0] = rec.type; ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len; ssl->in_msglen = rec.data_len;
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 );
ssl->in_len[1] = (unsigned char)( rec.data_len );
return( 0 ); return( 0 );
} }

View file

@ -1848,8 +1848,7 @@ read_record_header:
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
for( i = 0; ciphersuites[i] != 0; i++ ) for( i = 0; ciphersuites[i] != 0; i++ )
{ {
if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue; continue;
got_common_suite = 1; got_common_suite = 1;
@ -1865,8 +1864,7 @@ read_record_header:
for( i = 0; ciphersuites[i] != 0; i++ ) for( i = 0; ciphersuites[i] != 0; i++ )
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
{ {
if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue; continue;
got_common_suite = 1; got_common_suite = 1;
@ -1970,12 +1968,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
* opaque cid<0..2^8-1>; * opaque cid<0..2^8-1>;
* } ConnectionId; * } ConnectionId;
*/ */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); p += 2;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
ext_len = (size_t) ssl->own_cid_len + 1; ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += 2;
*p++ = (uint8_t) ssl->own_cid_len; *p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len ); memcpy( p, ssl->own_cid, ssl->own_cid_len );
@ -2016,8 +2013,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2042,8 +2039,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
"extension" ) ); "extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2067,8 +2064,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2091,8 +2088,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); p += 2;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
@ -2132,8 +2129,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 1; *p++ = 1;
@ -2162,8 +2159,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); p += 2;
*p++ = 0x00; *p++ = 0x00;
*p++ = 2; *p++ = 2;
@ -2200,8 +2197,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); p += 2;
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
p + 2, end - p - 2, &kkpp_len, p + 2, end - p - 2, &kkpp_len,
@ -2212,8 +2209,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); p += 2;
*olen = kkpp_len + 4; *olen = kkpp_len + 4;
} }
@ -2238,18 +2235,15 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
* 6 . 6 protocol name length * 6 . 6 protocol name length
* 7 . 7+n protocol name * 7 . 7+n protocol name
*/ */
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0);
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
*olen = 7 + strlen( ssl->alpn_chosen ); *olen = 7 + strlen( ssl->alpn_chosen );
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
} }
@ -2294,15 +2288,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
} }
/* extension */ /* extension */
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 );
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );
/* /*
* total length 5 and mki value: only one profile(2 bytes) * total length 5 and mki value: only one profile(2 bytes)
* and length(2 bytes) and srtp_mki ) * and length(2 bytes) and srtp_mki )
*/ */
ext_len = 5 + mki_len; ext_len = 5 + mki_len;
buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 );
buf[3] = (unsigned char)( ext_len & 0xFF );
/* protection profile length: 2 */ /* protection profile length: 2 */
buf[4] = 0x00; buf[4] = 0x00;
@ -2311,8 +2303,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
{ {
buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 );
buf[7] = (unsigned char)( profile_value & 0xFF );
} }
else else
{ {
@ -2494,10 +2485,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
t = mbedtls_time( NULL ); t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 ); MBEDTLS_PUT_UINT32_BE( t, p, 0 );
*p++ = (unsigned char)( t >> 16 ); p += 4;
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
(long long) t ) ); (long long) t ) );
@ -2578,9 +2567,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) ); ssl->handshake->resume ? "a" : "no" ) );
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 ); MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); p += 2;
*p++ = (unsigned char)( ssl->session_negotiate->compression ); *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
@ -2648,9 +2637,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
if( ext_len > 0 ) if( ext_len > 0 )
{ {
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += 2 + ext_len;
p += ext_len;
} }
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
@ -2785,8 +2773,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
#endif #endif
} }
p[0] = (unsigned char)( sa_len >> 8 ); MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
p[1] = (unsigned char)( sa_len );
sa_len += 2; sa_len += 2;
p += sa_len; p += sa_len;
} }
@ -2826,8 +2813,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
break; break;
} }
*p++ = (unsigned char)( dn_size >> 8 ); MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 );
*p++ = (unsigned char)( dn_size ); p += 2;
memcpy( p, crt->subject_raw.p, dn_size ); memcpy( p, crt->subject_raw.p, dn_size );
p += dn_size; p += dn_size;
@ -2841,8 +2828,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len );
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
ret = mbedtls_ssl_write_handshake_msg( ssl ); ret = mbedtls_ssl_write_handshake_msg( ssl );
@ -3320,8 +3306,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
if( signature_len != 0 ) if( signature_len != 0 )
{ {
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len );
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
ssl->out_msg + ssl->out_msglen, ssl->out_msg + ssl->out_msglen,
@ -3478,8 +3464,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
if( *p++ != ( ( len >> 8 ) & 0xFF ) || if( *p++ != MBEDTLS_BYTE_1( len ) ||
*p++ != ( ( len ) & 0xFF ) ) *p++ != MBEDTLS_BYTE_0( len ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@ -4223,14 +4209,8 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
tlen = 0; tlen = 0;
} }
ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 );
ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 );
ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF;
ssl->out_msg[7] = ( lifetime ) & 0xFF;
ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF );
ssl->out_msglen = 10 + tlen; ssl->out_msglen = 10 + tlen;
/* /*
@ -4258,23 +4238,8 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
switch( ssl->state ) switch( ssl->state )
{ {
case MBEDTLS_SSL_HELLO_REQUEST: case MBEDTLS_SSL_HELLO_REQUEST:

View file

@ -245,8 +245,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
{ {
goto cleanup; goto cleanup;
} }
state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
state_len_bytes[1] = ( clear_len ) & 0xff;
/* Encrypt and authenticate */ /* Encrypt and authenticate */
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx, if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,

View file

@ -664,14 +664,14 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys * - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
*/ */
static int ssl_populate_transform( mbedtls_ssl_transform *transform, static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite, int ciphersuite,
const unsigned char master[48], const unsigned char master[48],
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac, int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf, ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64], const unsigned char randbytes[64],
int minor_ver, int minor_ver,
@ -713,6 +713,15 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
* generation separate. This should never happen. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* /*
* Get various info structures * Get various info structures
*/ */
@ -805,19 +814,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
* sequence number). * sequence number).
*/ */
transform->ivlen = 12; transform->ivlen = 12;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
transform->fixed_ivlen = 12; transform->fixed_ivlen = 12;
}
else else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ transform->fixed_ivlen = 4;
{
if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
}
/* Minimum length of encrypted record */ /* Minimum length of encrypted record */
explicit_ivlen = transform->ivlen - transform->fixed_ivlen; explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
@ -1327,22 +1327,22 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
/* Populate transform structure */ /* Populate transform structure */
ret = ssl_populate_transform( ssl->transform_negotiate, ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
ssl->session_negotiate->ciphersuite, ssl->session_negotiate->ciphersuite,
ssl->session_negotiate->master, ssl->session_negotiate->master,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session_negotiate->encrypt_then_mac, ssl->session_negotiate->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf, ssl->handshake->tls_prf,
ssl->handshake->randbytes, ssl->handshake->randbytes,
ssl->minor_ver, ssl->minor_ver,
ssl->conf->endpoint, ssl->conf->endpoint,
ssl ); ssl );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
return( ret ); return( ret );
} }
@ -1487,8 +1487,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( end - p < 2 ) if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( psk_len >> 8 ); MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
*(p++) = (unsigned char)( psk_len ); p += 2;
if( end < p || (size_t)( end - p ) < psk_len ) if( end < p || (size_t)( end - p ) < psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -1528,9 +1528,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret ); return( ret );
} }
*(p++) = (unsigned char)( len >> 8 ); MBEDTLS_PUT_UINT16_BE( len, p, 0 );
*(p++) = (unsigned char)( len ); p += 2 + len;
p += len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
} }
@ -1550,9 +1549,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
return( ret ); return( ret );
} }
*(p++) = (unsigned char)( zlen >> 8 ); MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
*(p++) = (unsigned char)( zlen ); p += 2 + zlen;
p += zlen;
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z ); MBEDTLS_DEBUG_ECDH_Z );
@ -1568,8 +1566,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( end - p < 2 ) if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( psk_len >> 8 ); MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
*(p++) = (unsigned char)( psk_len ); p += 2;
if( end < p || (size_t)( end - p ) < psk_len ) if( end < p || (size_t)( end - p ) < psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -1746,17 +1744,17 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
ssl->out_msg[i ] = (unsigned char)( n >> 16 ); ssl->out_msg[i ] = MBEDTLS_BYTE_2( n );
ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
ssl->out_msg[i + 2] = (unsigned char)( n ); ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
i += n; crt = crt->next; i += n; crt = crt->next;
} }
ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 );
ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 );
ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 );
ssl->out_msglen = i; ssl->out_msglen = i;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@ -3142,6 +3140,53 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
} }
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
{
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
return( 0 );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
static int ssl_conf_check(const mbedtls_ssl_context *ssl)
{
int ret;
ret = ssl_conf_version_check( ssl );
if( ret != 0 )
return( ret );
/* Space for further checks */
return( 0 );
}
/* /*
* Setup an SSL context * Setup an SSL context
*/ */
@ -3155,6 +3200,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
ssl->conf = conf; ssl->conf = conf;
if( ( ret = ssl_conf_check( ssl ) ) != 0 )
return( ret );
/* /*
* Prepare base structures * Prepare base structures
*/ */
@ -3230,9 +3278,9 @@ error:
* If partial is non-zero, keep data in the input buffer and client ID. * If partial is non-zero, keep data in the input buffer and client ID.
* (Use when a DTLS client reconnects from the same port.) * (Use when a DTLS client reconnects from the same port.)
*/ */
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
int partial )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len = ssl->in_buf_len; size_t in_buf_len = ssl->in_buf_len;
size_t out_buf_len = ssl->out_buf_len; size_t out_buf_len = ssl->out_buf_len;
@ -3241,16 +3289,65 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif #endif
#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \ #if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C)
!defined(MBEDTLS_SSL_SRV_C) partial = 0;
((void) partial);
#endif #endif
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
/* Cancel any possibly running timer */ /* Cancel any possibly running timer */
mbedtls_ssl_set_timer( ssl, 0 ); mbedtls_ssl_set_timer( ssl, 0 );
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Reset incoming message parsing */
ssl->in_offt = NULL;
ssl->nb_zero = 0;
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
ssl->in_hslen = 0;
ssl->keep_current_message = 0;
ssl->transform_in = NULL;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->next_record_offset = 0;
ssl->in_epoch = 0;
#endif
/* Keep current datagram if partial == 1 */
if( partial == 0 )
{
ssl->in_left = 0;
memset( ssl->in_buf, 0, in_buf_len );
}
/* Reset outgoing message writing */
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
memset( ssl->out_buf, 0, out_buf_len );
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
ssl->transform_out = NULL;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
mbedtls_ssl_dtls_replay_reset( ssl );
#endif
if( ssl->transform )
{
mbedtls_ssl_transform_free( ssl->transform );
mbedtls_free( ssl->transform );
ssl->transform = NULL;
}
}
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
ssl_session_reset_msg_layer( ssl, partial );
/* Reset renegotiation state */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
ssl->renego_records_seen = 0; ssl->renego_records_seen = 0;
@ -3261,53 +3358,8 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
#endif #endif
ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
ssl->in_offt = NULL; ssl->session_in = NULL;
mbedtls_ssl_reset_in_out_pointers( ssl );
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->next_record_offset = 0;
ssl->in_epoch = 0;
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
mbedtls_ssl_dtls_replay_reset( ssl );
#endif
ssl->in_hslen = 0;
ssl->nb_zero = 0;
ssl->keep_current_message = 0;
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
ssl->transform_in = NULL;
ssl->transform_out = NULL;
ssl->session_in = NULL;
ssl->session_out = NULL; ssl->session_out = NULL;
memset( ssl->out_buf, 0, out_buf_len );
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
if( partial == 0 )
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
{
ssl->in_left = 0;
memset( ssl->in_buf, 0, in_buf_len );
}
if( ssl->transform )
{
mbedtls_ssl_transform_free( ssl->transform );
mbedtls_free( ssl->transform );
ssl->transform = NULL;
}
if( ssl->session ) if( ssl->session )
{ {
mbedtls_ssl_session_free( ssl->session ); mbedtls_ssl_session_free( ssl->session );
@ -3883,6 +3935,15 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
{ {
conf->sig_hashes = hashes; conf->sig_hashes = hashes;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
/* Configure allowed signature algorithms for use in TLS 1.3 */
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs )
{
conf->tls13_sig_algs = sig_algs;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -4519,8 +4580,8 @@ static unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
}; };
/* /*
@ -4601,14 +4662,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
{ {
start = (uint64_t) session->start; start = (uint64_t) session->start;
*p++ = (unsigned char)( ( start >> 56 ) & 0xFF ); MBEDTLS_PUT_UINT64_BE( start, p, 0 );
*p++ = (unsigned char)( ( start >> 48 ) & 0xFF ); p += 8;
*p++ = (unsigned char)( ( start >> 40 ) & 0xFF );
*p++ = (unsigned char)( ( start >> 32 ) & 0xFF );
*p++ = (unsigned char)( ( start >> 24 ) & 0xFF );
*p++ = (unsigned char)( ( start >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( start >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( start ) & 0xFF );
} }
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
@ -4624,22 +4679,20 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
*p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF ); p += 2;
*p++ = (unsigned char)( session->compression & 0xFF ); *p++ = MBEDTLS_BYTE_0( session->compression );
*p++ = (unsigned char)( session->id_len & 0xFF ); *p++ = MBEDTLS_BYTE_0( session->id_len );
memcpy( p, session->id, 32 ); memcpy( p, session->id, 32 );
p += 32; p += 32;
memcpy( p, session->master, 48 ); memcpy( p, session->master, 48 );
p += 48; p += 48;
*p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
*p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); p += 4;
*p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session->verify_result ) & 0xFF );
} }
/* /*
@ -4656,9 +4709,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); *p++ = MBEDTLS_BYTE_2( cert_len );
*p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); *p++ = MBEDTLS_BYTE_1( cert_len );
*p++ = (unsigned char)( ( cert_len ) & 0xFF ); *p++ = MBEDTLS_BYTE_0( cert_len );
if( session->peer_cert != NULL ) if( session->peer_cert != NULL )
{ {
@ -4699,9 +4752,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); *p++ = MBEDTLS_BYTE_2( session->ticket_len );
*p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); *p++ = MBEDTLS_BYTE_1( session->ticket_len );
*p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); *p++ = MBEDTLS_BYTE_0( session->ticket_len );
if( session->ticket != NULL ) if( session->ticket != NULL )
{ {
@ -4709,10 +4762,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
p += session->ticket_len; p += session->ticket_len;
} }
*p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
*p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); p += 4;
*p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@ -4730,7 +4781,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
used += 1; used += 1;
if( used <= buf_len ) if( used <= buf_len )
*p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF ); *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
#endif #endif
return( used ); return( used );
@ -5076,20 +5127,68 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
/* /*
* Perform a single step of the SSL handshake * Perform a single step of the SSL handshake
*/ */
static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
return( ret );
}
int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ssl == NULL || ssl->conf == NULL ) if( ssl == NULL ||
ssl->conf == NULL ||
ssl->handshake == NULL ||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
ret = ssl_prepare_handshake_step( ssl );
if( ret != 0 )
return( ret );
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl ); {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_client_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ret = mbedtls_ssl_handshake_server_step( ssl ); {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_server_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif #endif
return( ret ); return( ret );
@ -5393,6 +5492,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ), handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
mbedtls_ssl_get_output_buflen( ssl ) ); mbedtls_ssl_get_output_buflen( ssl ) );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
mbedtls_free( handshake->transform_earlydata );
mbedtls_free( handshake->transform_handshake );
handshake->transform_earlydata = NULL;
handshake->transform_handshake = NULL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
} }
void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@ -5450,11 +5556,11 @@ static unsigned char ssl_serialized_context_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF, MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8 ) & 0xFF, MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0 ) & 0xFF, MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
}; };
/* /*
@ -5595,10 +5701,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 4 + session_len; used += 4 + session_len;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
*p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); p += 4;
*p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session_len ) & 0xFF );
ret = ssl_session_save( ssl->session, 1, ret = ssl_session_save( ssl->session, 1,
p, session_len, &session_len ); p, session_len, &session_len );
@ -5639,33 +5743,19 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 4; used += 4;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
*p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); p += 4;
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
} }
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
used += 16; used += 16;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF ); MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
*p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF ); p += 8;
*p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window_top >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window_top ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF ); MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
*p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF ); p += 8;
*p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->in_window ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
@ -5688,8 +5778,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 2; used += 2;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
*p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); p += 2;
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
@ -5853,14 +5943,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ret = ssl_populate_transform( ssl->transform, ret = ssl_tls12_populate_transform( ssl->transform,
ssl->session->ciphersuite, ssl->session->ciphersuite,
ssl->session->master, ssl->session->master,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session->encrypt_then_mac, ssl->session->encrypt_then_mac,
#endif #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ), ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */ p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
@ -6091,6 +6181,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
mbedtls_free( ssl->session_negotiate ); mbedtls_free( ssl->session_negotiate );
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
mbedtls_ssl_transform_free( ssl->transform_application );
mbedtls_free( ssl->transform_application );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
if( ssl->session ) if( ssl->session )
{ {
mbedtls_ssl_session_free( ssl->session ); mbedtls_ssl_session_free( ssl->session );
@ -6191,6 +6286,37 @@ static int ssl_preset_suiteb_hashes[] = {
MBEDTLS_MD_SHA384, MBEDTLS_MD_SHA384,
MBEDTLS_MD_NONE MBEDTLS_MD_NONE
}; };
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static uint16_t ssl_preset_default_sig_algs[] = {
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
MBEDTLS_TLS13_SIG_NONE
};
static uint16_t ssl_preset_suiteb_sig_algs[] = {
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
MBEDTLS_TLS13_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -6305,6 +6431,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
conf->sig_hashes = ssl_preset_suiteb_hashes; conf->sig_hashes = ssl_preset_suiteb_hashes;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -6339,7 +6468,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
conf->sig_hashes = ssl_preset_default_hashes; conf->sig_hashes = ssl_preset_default_hashes;
#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
conf->tls13_sig_algs = ssl_preset_default_sig_algs;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
conf->curve_list = ssl_preset_default_curves; conf->curve_list = ssl_preset_default_curves;

View file

@ -0,0 +1,38 @@
/*
* TLS 1.3 client-side functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#if defined(MBEDTLS_SSL_CLI_C)
#include "ssl_misc.h"
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
{
((void) ssl);
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

View file

@ -113,17 +113,17 @@ static void ssl_tls1_3_hkdf_encode_label(
#endif #endif
*p++ = 0; *p++ = 0;
*p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); *p++ = MBEDTLS_BYTE_0( desired_length );
/* Add label incl. prefix */ /* Add label incl. prefix */
*p++ = (unsigned char)( total_label_len & 0xFF ); *p++ = MBEDTLS_BYTE_0( total_label_len );
memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
p += sizeof(tls1_3_label_prefix); p += sizeof(tls1_3_label_prefix);
memcpy( p, label, llen ); memcpy( p, label, llen );
p += llen; p += llen;
/* Add context value */ /* Add context value */
*p++ = (unsigned char)( clen & 0xFF ); *p++ = MBEDTLS_BYTE_0( clen );
if( clen != 0 ) if( clen != 0 )
memcpy( p, ctx, clen ); memcpy( p, ctx, clen );
@ -699,4 +699,125 @@ exit:
return( ret ); return( ret );
} }
int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
int endpoint,
int ciphersuite,
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
{
int ret;
mbedtls_cipher_info_t const *cipher_info;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
unsigned char const *iv_enc;
unsigned char const *key_dec;
unsigned char const *iv_dec;
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
#endif
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
if( ciphersuite_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
ciphersuite ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/*
* Setup cipher contexts in target transform
*/
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
return( ret );
}
#if defined(MBEDTLS_SSL_SRV_C)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
{
key_enc = traffic_keys->server_write_key;
key_dec = traffic_keys->client_write_key;
iv_enc = traffic_keys->server_write_iv;
iv_dec = traffic_keys->client_write_iv;
}
else
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C)
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
{
key_enc = traffic_keys->client_write_key;
key_dec = traffic_keys->server_write_key;
iv_enc = traffic_keys->client_write_iv;
iv_dec = traffic_keys->server_write_iv;
}
else
#endif /* MBEDTLS_SSL_CLI_C */
{
/* should not happen */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
key_enc, cipher_info->key_bitlen,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec,
key_dec, cipher_info->key_bitlen,
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
return( ret );
}
/*
* Setup other fields in SSL transform
*/
if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
transform->taglen = 8;
else
transform->taglen = 16;
transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen;
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
/* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the
* type-extended and padded plaintext is therefore the padding
* granularity. */
transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

View file

@ -498,4 +498,37 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
unsigned char const *transcript, unsigned char const *transcript,
unsigned char *result ); unsigned char *result );
/**
* \bref Setup an SSL transform structure representing the
* record protection mechanism used by TLS 1.3
*
* \param transform The SSL transform structure to be created. This must have
* been initialized through mbedtls_ssl_transform_init() and
* not used in any other way prior to calling this function.
* In particular, this function does not clean up the
* transform structure prior to installing the new keys.
* \param endpoint Indicates whether the transform is for the client
* (value #MBEDTLS_SSL_IS_CLIENT) or the server
* (value #MBEDTLS_SSL_IS_SERVER).
* \param ciphersuite The numerical identifier for the ciphersuite to use.
* This must be one of the identifiers listed in
* ssl_ciphersuites.h.
* \param traffic_keys The key material to use. No reference is stored in
* the SSL transform being generated, and the caller
* should destroy the key material afterwards.
* \param ssl (Debug-only) The SSL context to use for debug output
* in case of failure. This parameter is only needed if
* #MBEDTLS_DEBUG_C is set, and is ignored otherwise.
*
* \return \c 0 on success. In this case, \p transform is ready to
* be used with mbedtls_ssl_transform_decrypt() and
* mbedtls_ssl_transform_encrypt().
* \return A negative error code on failure.
*/
int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
int endpoint,
int ciphersuite,
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */

View file

@ -0,0 +1,36 @@
/*
* TLS 1.3 server-side functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#if defined(MBEDTLS_SSL_SRV_C)
#include "ssl_misc.h"
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
{
((void) ssl);
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

View file

@ -251,8 +251,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
c = buf + 5; c = buf + 5;
ku[0] = (unsigned char)( key_usage ); MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 );
ku[1] = (unsigned char)( key_usage >> 8 );
ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 ); ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
if( ret < 0 ) if( ret < 0 )

View file

@ -88,6 +88,7 @@ int main( void )
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
#define DFL_CURVES NULL #define DFL_CURVES NULL
#define DFL_SIG_ALGS NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_HS_TO_MIN 0 #define DFL_HS_TO_MIN 0
#define DFL_HS_TO_MAX 0 #define DFL_HS_TO_MAX 0
@ -269,6 +270,15 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
#else
#define USAGE_SIG_ALGS ""
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \ #define USAGE_DTLS \
" dtls=%%d default: 0 (TLS)\n" \ " dtls=%%d default: 0 (TLS)\n" \
@ -393,15 +403,23 @@ int main( void )
USAGE_ETM \ USAGE_ETM \
USAGE_REPRODUCIBLE \ USAGE_REPRODUCIBLE \
USAGE_CURVES \ USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_DHMLEN \ USAGE_DHMLEN \
"\n" "\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define USAGE4 \ #define USAGE4 \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1_2)\n" \ " min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \ " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
"\n" \ "\n\n" \
" force_ciphersuite=<name> default: all enabled\n"\ " force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \ " query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \ " configuration macro is defined and 1\n" \
@ -410,9 +428,9 @@ int main( void )
USAGE_SERIALIZATION \ USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n" " acceptable ciphersuite names:\n"
#define ALPN_LIST_SIZE 10 #define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20 #define CURVE_LIST_SIZE 20
#define SIG_ALG_LIST_SIZE 5
/* /*
* global options * global options
@ -465,6 +483,7 @@ struct options
int reconnect_hard; /* unexpectedly reconnect from the same port */ int reconnect_hard; /* unexpectedly reconnect from the same port */
int tickets; /* enable / disable session tickets */ int tickets; /* enable / disable session tickets */
const char *curves; /* list of supported elliptic curves */ const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
const char *alpn_string; /* ALPN supported protocols */ const char *alpn_string; /* ALPN supported protocols */
int transport; /* TLS or DTLS? */ int transport; /* TLS or DTLS? */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
@ -624,6 +643,12 @@ int main( int argc, char *argv[] )
mbedtls_net_context server_fd; mbedtls_net_context server_fd;
io_ctx_t io_ctx; io_ctx_t io_ctx;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
unsigned char buf[MAX_REQUEST_SIZE + 1]; unsigned char buf[MAX_REQUEST_SIZE + 1];
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@ -826,6 +851,7 @@ int main( int argc, char *argv[] )
opt.tickets = DFL_TICKETS; opt.tickets = DFL_TICKETS;
opt.alpn_string = DFL_ALPN_STRING; opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES; opt.curves = DFL_CURVES;
opt.sig_algs = DFL_SIG_ALGS;
opt.transport = DFL_TRANSPORT; opt.transport = DFL_TRANSPORT;
opt.hs_to_min = DFL_HS_TO_MIN; opt.hs_to_min = DFL_HS_TO_MIN;
opt.hs_to_max = DFL_HS_TO_MAX; opt.hs_to_max = DFL_HS_TO_MAX;
@ -1056,6 +1082,12 @@ int main( int argc, char *argv[] )
} }
else if( strcmp( p, "curves" ) == 0 ) else if( strcmp( p, "curves" ) == 0 )
opt.curves = q; opt.curves = q;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
else if( strcmp( p, "etm" ) == 0 ) else if( strcmp( p, "etm" ) == 0 )
{ {
switch( atoi( q ) ) switch( atoi( q ) )
@ -1070,6 +1102,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 || if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -1078,6 +1114,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 || if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -1103,6 +1143,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -1428,6 +1475,60 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
{
p = (char *) opt.sig_algs;
i = 0;
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
{
q = p;
/* Terminate the current string */
while( *p != ',' && *p != '\0' )
p++;
if( *p == ',' )
*p++ = '\0';
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
}
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
}
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
}
else
{
mbedtls_printf( "unknown signature algorithm %s\n", q );
mbedtls_printf( "supported signature algorithms: " );
mbedtls_printf( "ecdsa_secp256r1_sha256 " );
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "\n" );
goto exit;
}
}
if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
{
mbedtls_printf( "signature algorithm list too long, maximum %d",
SIG_ALG_LIST_SIZE - 1 );
goto exit;
}
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
{ {
@ -1570,41 +1671,7 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/* /*
* 2. Start the connection * 2. Setup stuff
*/
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
mbedtls_printf( " . Connecting to %s/%s/%s...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr, opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( &server_fd );
else
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 3. Setup stuff
*/ */
mbedtls_printf( " . Setting up the SSL/TLS structure..." ); mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout ); fflush( stdout );
@ -1797,6 +1864,11 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 ) if( opt.psk_opaque != 0 )
@ -1956,6 +2028,40 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 3. Start the connection
*/
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
mbedtls_printf( " . Connecting to %s/%s/%s...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr, opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( &server_fd );
else
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* /*
* 4. Handshake * 4. Handshake
*/ */

View file

@ -119,6 +119,7 @@ int main( void )
#define DFL_SNI NULL #define DFL_SNI NULL
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
#define DFL_CURVES NULL #define DFL_CURVES NULL
#define DFL_SIG_ALGS NULL
#define DFL_DHM_FILE NULL #define DFL_DHM_FILE NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_COOKIES 1 #define DFL_COOKIES 1
@ -418,6 +419,15 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
#else
#define USAGE_SIG_ALGS ""
#endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
#define USAGE_SERIALIZATION \ #define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
@ -484,7 +494,15 @@ int main( void )
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_CURVES \ USAGE_CURVES \
USAGE_SIG_ALGS \
"\n" "\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define USAGE4 \ #define USAGE4 \
USAGE_SSL_ASYNC \ USAGE_SSL_ASYNC \
USAGE_SNI \ USAGE_SNI \
@ -492,8 +510,8 @@ int main( void )
" min_version=%%s default: (library default: tls1_2)\n" \ " min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \ " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
"\n" \ "\n\n" \
" force_ciphersuite=<name> default: all enabled\n" \ " force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \ " query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \ " configuration macro is defined and 1\n" \
@ -502,8 +520,9 @@ int main( void )
USAGE_SERIALIZATION \ USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n" " acceptable ciphersuite names:\n"
#define ALPN_LIST_SIZE 10 #define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20 #define CURVE_LIST_SIZE 20
#define SIG_ALG_LIST_SIZE 5
#define PUT_UINT64_BE(out_be,in_le,i) \ #define PUT_UINT64_BE(out_be,in_le,i) \
{ \ { \
@ -576,6 +595,7 @@ struct options
int cache_timeout; /* expiration delay of session cache entries */ int cache_timeout; /* expiration delay of session cache entries */
char *sni; /* string describing sni information */ char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */ const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
const char *alpn_string; /* ALPN supported protocols */ const char *alpn_string; /* ALPN supported protocols */
const char *dhm_file; /* the file with the DH parameters */ const char *dhm_file; /* the file with the DH parameters */
int extended_ms; /* allow negotiation of extended MS? */ int extended_ms; /* allow negotiation of extended MS? */
@ -1319,6 +1339,12 @@ int main( int argc, char *argv[] )
size_t context_buf_len = 0; size_t context_buf_len = 0;
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
int i; int i;
char *p, *q; char *p, *q;
const int *list; const int *list;
@ -1491,6 +1517,7 @@ int main( int argc, char *argv[] )
opt.sni = DFL_SNI; opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING; opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES; opt.curves = DFL_CURVES;
opt.sig_algs = DFL_SIG_ALGS;
opt.dhm_file = DFL_DHM_FILE; opt.dhm_file = DFL_DHM_FILE;
opt.transport = DFL_TRANSPORT; opt.transport = DFL_TRANSPORT;
opt.cookies = DFL_COOKIES; opt.cookies = DFL_COOKIES;
@ -1658,6 +1685,12 @@ int main( int argc, char *argv[] )
} }
else if( strcmp( p, "curves" ) == 0 ) else if( strcmp( p, "curves" ) == 0 )
opt.curves = q; opt.curves = q;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
else if( strcmp( p, "renegotiation" ) == 0 ) else if( strcmp( p, "renegotiation" ) == 0 )
{ {
opt.renegotiation = (atoi( q )) ? opt.renegotiation = (atoi( q )) ?
@ -1712,6 +1745,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 || if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -1720,6 +1757,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 || if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 ) strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -1745,6 +1786,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else else
goto usage; goto usage;
} }
@ -2150,6 +2198,60 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
{
p = (char *) opt.sig_algs;
i = 0;
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
{
q = p;
/* Terminate the current string */
while( *p != ',' && *p != '\0' )
p++;
if( *p == ',' )
*p++ = '\0';
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
}
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
}
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
}
else
{
mbedtls_printf( "unknown signature algorithm %s\n", q );
mbedtls_printf( "supported signature algorithms: " );
mbedtls_printf( "ecdsa_secp256r1_sha256 " );
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "\n" );
goto exit;
}
}
if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
{
mbedtls_printf( "signature algorithm list too long, maximum %d",
SIG_ALG_LIST_SIZE - 1 );
goto exit;
}
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
{ {
@ -2376,26 +2478,7 @@ int main( int argc, char *argv[] )
#endif /* SNI_OPTION */ #endif /* SNI_OPTION */
/* /*
* 2. Setup the listening TCP socket * 2. Setup stuff
*/
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 3. Setup stuff
*/ */
mbedtls_printf( " . Setting up the SSL/TLS structure..." ); mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout ); fflush( stdout );
@ -2747,6 +2830,11 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 ) if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
@ -2889,6 +2977,24 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 3. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
reset: reset:
#if !defined(_WIN32) #if !defined(_WIN32)
if( received_sigterm ) if( received_sigterm )

View file

@ -24,6 +24,8 @@
# [ -v | --verbose ] [ -h | --help ] # [ -v | --verbose ] [ -h | --help ]
# #
set -e
VERSION="" VERSION=""
SOVERSION="" SOVERSION=""
@ -79,6 +81,10 @@ then
exit 1 exit 1
fi fi
[ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt"
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp
mv tmp CMakeLists.txt
[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" [ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
mv tmp library/CMakeLists.txt mv tmp library/CMakeLists.txt
@ -116,10 +122,10 @@ then
mv tmp library/Makefile mv tmp library/Makefile
fi fi
[ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/version.h" [ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/build_info.h"
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION) read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )" VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
cat include/mbedtls/version.h | \ cat include/mbedtls/build_info.h | \
sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \ sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \ sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \ sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
@ -127,7 +133,7 @@ cat include/mbedtls/version.h | \
sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \ sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \ sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
> tmp > tmp
mv tmp include/mbedtls/version.h mv tmp include/mbedtls/build_info.h
[ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data" [ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data"
sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp

View file

@ -161,6 +161,7 @@ pre_initialize_variables () {
: ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin}
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make # if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then if [ -z "${MAKEFLAGS+set}" ]; then
@ -230,6 +231,9 @@ General options:
--arm-none-eabi-gcc-prefix=<string> --arm-none-eabi-gcc-prefix=<string>
Prefix for a cross-compiler for arm-none-eabi Prefix for a cross-compiler for arm-none-eabi
(default: "${ARM_NONE_EABI_GCC_PREFIX}") (default: "${ARM_NONE_EABI_GCC_PREFIX}")
--arm-linux-gnueabi-gcc-prefix=<string>
Prefix for a cross-compiler for arm-linux-gnueabi
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
--armcc Run ARM Compiler builds (on by default). --armcc Run ARM Compiler builds (on by default).
--except Exclude the COMPONENTs listed on the command line, --except Exclude the COMPONENTs listed on the command line,
instead of running only those. instead of running only those.
@ -387,6 +391,7 @@ pre_parse_command_line () {
case "$1" in case "$1" in
--append-outcome) append_outcome=1;; --append-outcome) append_outcome=1;;
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
--armcc) no_armcc=;; --armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
@ -2369,14 +2374,29 @@ component_build_arm_none_eabi_gcc () {
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
} }
component_build_arm_none_eabi_gcc_arm5vte () { component_build_arm_linux_gnueabi_gcc_arm5vte () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
scripts/config.py baremetal scripts/config.py baremetal
# Build for a target platform that's close to what Debian uses # Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
# It would be better to build with arm-linux-gnueabi-gcc but # Build everything including programs, see for example
# we don't have that on our CI at this time. # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1"
${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
}
component_build_arm_none_eabi_gcc_arm5vte () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
scripts/config.py baremetal
# This is an imperfect substitute for
# component_build_arm_linux_gnueabi_gcc_arm5vte
# in case the gcc-arm-linux-gnueabi toolchain is not available
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
@ -2437,11 +2457,22 @@ component_build_armcc () {
} }
component_test_tls13_experimental () { component_test_tls13_experimental () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
make test
}
component_test_tls13_experimental_with_padding () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
make test make test
} }

View file

@ -23,12 +23,13 @@ set -eu
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
cat <<EOF cat <<EOF
$0 [-u] $0 [-l | -u]
This script checks that all generated file are up-to-date. If some aren't, by This script checks that all generated file are up-to-date. If some aren't, by
default the scripts reports it and exits in error; with the -u option, it just default the scripts reports it and exits in error; with the -u option, it just
updates them instead. updates them instead.
-u Update the files rather than return an error for out-of-date files. -u Update the files rather than return an error for out-of-date files.
-l List generated files, but do not update them.
EOF EOF
exit exit
fi fi
@ -39,10 +40,13 @@ if [ -d library -a -d include -a -d tests ]; then :; else
fi fi
UPDATE= UPDATE=
if [ $# -ne 0 ] && [ "$1" = "-u" ]; then LIST=
shift while getopts lu OPTLET; do
UPDATE='y' case $OPTLET in
fi l) LIST=1;;
u) UPDATE=1;;
esac
done
# check SCRIPT FILENAME[...] # check SCRIPT FILENAME[...]
# check SCRIPT DIRECTORY # check SCRIPT DIRECTORY
@ -58,6 +62,11 @@ check()
SCRIPT=$1 SCRIPT=$1
shift shift
if [ -n "$LIST" ]; then
printf '%s\n' "$@"
return
fi
directory= directory=
if [ -d "$1" ]; then if [ -d "$1" ]; then
directory="$1" directory="$1"

View file

@ -77,6 +77,14 @@ else
O_LEGACY_CLI=false O_LEGACY_CLI=false
fi fi
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
O_NEXT_CLI=false
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
else else
@ -346,6 +354,57 @@ requires_openssl_legacy() {
fi fi
} }
requires_openssl_next() {
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
OPENSSL_NEXT_AVAILABLE="YES"
else
OPENSSL_NEXT_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if tls1_3 is not available
requires_openssl_tls1_3() {
requires_openssl_next
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
then
OPENSSL_TLS1_3_AVAILABLE="YES"
else
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if tls1_3 is not available
requires_gnutls_tls1_3() {
requires_gnutls_next
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
GNUTLS_TLS1_3_AVAILABLE="NO"
fi
if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
then
GNUTLS_TLS1_3_AVAILABLE="YES"
else
GNUTLS_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if IPv6 isn't available on this host # skip next test if IPv6 isn't available on this host
requires_ipv6() { requires_ipv6() {
if [ -z "${HAS_IPV6:-}" ]; then if [ -z "${HAS_IPV6:-}" ]; then
@ -693,6 +752,11 @@ find_in_both() {
fi fi
} }
SKIP_HANDSHAKE_CHECK="NO"
skip_handshake_stage_check() {
SKIP_HANDSHAKE_CHECK="YES"
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output # Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output # -c pattern pattern that must be present in client output
@ -855,21 +919,25 @@ run_test() {
# (useful to avoid tests with only negative assertions and non-zero # (useful to avoid tests with only negative assertions and non-zero
# expected client exit to incorrectly succeed in case of catastrophic # expected client exit to incorrectly succeed in case of catastrophic
# failure) # failure)
if is_polar "$SRV_CMD"; then if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ]
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; then
else if is_polar "$SRV_CMD"; then
fail "server or client failed to reach handshake stage" if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
return else
fail "server or client failed to reach handshake stage"
return
fi
fi fi
fi if is_polar "$CLI_CMD"; then
if is_polar "$CLI_CMD"; then if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; else
else fail "server or client failed to reach handshake stage"
fail "server or client failed to reach handshake stage" return
return fi
fi fi
fi fi
SKIP_HANDSHAKE_CHECK="NO"
# Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
# exit with status 0 when interrupted by a signal, and we don't really # exit with status 0 when interrupted by a signal, and we don't really
# care anyway), in case e.g. the server reports a memory leak. # care anyway), in case e.g. the server reports a memory leak.
@ -8478,6 +8546,47 @@ run_test "export keys functionality" \
-c "EAP-TLS IV is:" \ -c "EAP-TLS IV is:" \
-s "EAP-TLS IV is:" -s "EAP-TLS IV is:"
# openssl feature tests: check if tls1.3 exists.
requires_openssl_tls1_3
run_test "TLS1.3: Test openssl tls1_3 feature" \
"$O_NEXT_SRV -tls1_3 -msg" \
"$O_NEXT_CLI -tls1_3 -msg" \
0 \
-c "TLS 1.3" \
-s "TLS 1.3"
# gnutls feature tests: check if tls1.3 exists.
requires_gnutls_tls1_3
run_test "TLS1.3: Test gnutls tls1_3 feature" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
0 \
-s "Version: TLS1.3" \
-c "Version: TLS1.3"
# TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
skip_handshake_stage_check
run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
"$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \
"$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available" \
-s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
"$P_SRV min_version=tls1_3 max_version=tls1_3" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available"
# Test heap memory usage after handshake # Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C

View file

@ -60,10 +60,16 @@ void debug_print_msg_threshold( int threshold, int level, char * file,
memset( buffer.buf, 0, 2000 ); memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf; buffer.ptr = buffer.buf;
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_threshold( threshold ); mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line, mbedtls_debug_print_msg( &ssl, level, file, line,
"Text message, 2 == %d", 2 ); "Text message, 2 == %d", 2 );
@ -89,10 +95,15 @@ void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
memset( buffer.buf, 0, 2000 ); memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf; buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer); mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value); mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 ); TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
@ -116,11 +127,15 @@ void mbedtls_debug_print_buf( char * file, int line, char * text,
memset( buffer.buf, 0, 2000 ); memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf; buffer.ptr = buffer.buf;
mbedtls_ssl_config_defaults( &conf,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer); mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len ); mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 ); TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
@ -146,10 +161,15 @@ void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
memset( buffer.buf, 0, 2000 ); memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf; buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer); mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt); mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
@ -177,12 +197,17 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
memset( buffer.buf, 0, 2000 ); memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf; buffer.ptr = buffer.buf;
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val); mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 ); TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );

View file

@ -6021,6 +6021,62 @@ SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
# Vector from RFC 8448 # Vector from RFC 8448
ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
# - Server App IV: 1b13dd9f8d8f17091d34b349
# - Client App Key: 49134b95328f279f0183860589ac6707
# - Client App IV: bc4dd5f7b98acff85466261d
# - App data payload: 70696e67
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
# - Server App IV: 1b13dd9f8d8f17091d34b349
# - Client App Key: 49134b95328f279f0183860589ac6707
# - Client App IV: bc4dd5f7b98acff85466261d
# - App data payload: 706f6e67
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84
# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9
# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
# 30 31
# - Complete record: 17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe
# 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f
# 2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84
# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9
# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
# 30 31
# - Complete record: 17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad
# 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36
# e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448 # Vector from RFC 8448
ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"

View file

@ -3944,6 +3944,104 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_record_protection( int ciphersuite,
int endpoint,
int ctr,
int padding_used,
data_t *server_write_key,
data_t *server_write_iv,
data_t *client_write_key,
data_t *client_write_iv,
data_t *plaintext,
data_t *ciphertext )
{
mbedtls_ssl_key_set keys;
mbedtls_ssl_transform transform_send;
mbedtls_ssl_transform transform_recv;
mbedtls_record rec;
unsigned char *buf = NULL;
size_t buf_len;
int other_endpoint;
TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
endpoint == MBEDTLS_SSL_IS_SERVER );
if( endpoint == MBEDTLS_SSL_IS_SERVER )
other_endpoint = MBEDTLS_SSL_IS_CLIENT;
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
other_endpoint = MBEDTLS_SSL_IS_SERVER;
TEST_ASSERT( server_write_key->len == client_write_key->len );
TEST_ASSERT( server_write_iv->len == client_write_iv->len );
memcpy( keys.client_write_key,
client_write_key->x, client_write_key->len );
memcpy( keys.client_write_iv,
client_write_iv->x, client_write_iv->len );
memcpy( keys.server_write_key,
server_write_key->x, server_write_key->len );
memcpy( keys.server_write_iv,
server_write_iv->x, server_write_iv->len );
keys.key_len = server_write_key->len;
keys.iv_len = server_write_iv->len;
mbedtls_ssl_transform_init( &transform_recv );
mbedtls_ssl_transform_init( &transform_send );
TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
&transform_send, endpoint,
ciphersuite, &keys, NULL ) == 0 );
TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
&transform_recv, other_endpoint,
ciphersuite, &keys, NULL ) == 0 );
/* Make sure we have enough space in the buffer even if
* we use more padding than the KAT. */
buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
ASSERT_ALLOC( buf, buf_len );
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
/* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_TRANSPORT_STREAM,
rec.ver );
/* Copy plaintext into record structure */
rec.buf = buf;
rec.buf_len = buf_len;
rec.data_offset = 0;
TEST_ASSERT( plaintext->len <= ciphertext->len );
memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
rec.data_len = plaintext->len;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
memset( &rec.ctr[0], 0, 8 );
rec.ctr[7] = ctr;
TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
NULL, NULL ) == 0 );
if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
{
ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
ciphertext->x, ciphertext->len );
}
TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
plaintext->x, plaintext->len );
mbedtls_free( buf );
mbedtls_ssl_transform_free( &transform_send );
mbedtls_ssl_transform_free( &transform_recv );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_key_evolution( int hash_alg, void ssl_tls1_3_key_evolution( int hash_alg,
data_t *secret, data_t *secret,