Merge branch 'development' into ccm_chunked
Conflicts: library/ccm.c Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro. Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro used in development branch on the 'b' buffer, because the 'b' buffer is removed in current branch.
This commit is contained in:
commit
cbefb6ba4d
54 changed files with 2140 additions and 1261 deletions
|
@ -14,6 +14,8 @@ jobs:
|
||||||
- graphviz
|
- graphviz
|
||||||
- gcc-arm-none-eabi
|
- gcc-arm-none-eabi
|
||||||
- libnewlib-arm-none-eabi
|
- libnewlib-arm-none-eabi
|
||||||
|
- gcc-arm-linux-gnueabi
|
||||||
|
- libc6-dev-armel-cross
|
||||||
language: python # Needed to get pip for Python 3
|
language: python # Needed to get pip for Python 3
|
||||||
python: 3.5 # version from Ubuntu 16.04
|
python: 3.5 # version from Ubuntu 16.04
|
||||||
install:
|
install:
|
||||||
|
@ -22,7 +24,7 @@ jobs:
|
||||||
- tests/scripts/all.sh -k 'check_*'
|
- tests/scripts/all.sh -k 'check_*'
|
||||||
- tests/scripts/all.sh -k test_default_out_of_box
|
- tests/scripts/all.sh -k test_default_out_of_box
|
||||||
- tests/scripts/all.sh -k test_ref_configs
|
- tests/scripts/all.sh -k test_ref_configs
|
||||||
- tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
- tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
||||||
|
|
||||||
- name: full configuration
|
- name: full configuration
|
||||||
script:
|
script:
|
||||||
|
|
|
@ -330,7 +330,7 @@ install(
|
||||||
DESTINATION "cmake"
|
DESTINATION "cmake"
|
||||||
FILE "MbedTLSTargets.cmake")
|
FILE "MbedTLSTargets.cmake")
|
||||||
|
|
||||||
if(CMAKE_VERSION VERSION_GREATER 3.14)
|
if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
|
||||||
# Do not export the package by default
|
# Do not export the package by default
|
||||||
cmake_policy(SET CMP0090 NEW)
|
cmake_policy(SET CMP0090 NEW)
|
||||||
|
|
||||||
|
|
3
ChangeLog.d/tls_ext_cid-config.txt
Normal file
3
ChangeLog.d/tls_ext_cid-config.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
Features
|
||||||
|
* The identifier of the CID TLS extension can be configured by defining
|
||||||
|
MBEDTLS_TLS_EXT_CID at compile time.
|
|
@ -3194,6 +3194,17 @@
|
||||||
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||||
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||||
|
|
||||||
|
/** \def MBEDTLS_TLS_EXT_CID
|
||||||
|
*
|
||||||
|
* At the time of writing, the CID extension has not been assigned its
|
||||||
|
* final value. Set this configuration option to make Mbed TLS use a
|
||||||
|
* different value.
|
||||||
|
*
|
||||||
|
* A future minor revision of Mbed TLS may change the default value of
|
||||||
|
* this option to match evolving standards and usage.
|
||||||
|
*/
|
||||||
|
//#define MBEDTLS_TLS_EXT_CID 254
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Complete list of ciphersuites to use, in order of preference.
|
* Complete list of ciphersuites to use, in order of preference.
|
||||||
*
|
*
|
||||||
|
|
|
@ -337,6 +337,41 @@
|
||||||
#define MBEDTLS_SSL_SIG_RSA 1
|
#define MBEDTLS_SSL_SIG_RSA 1
|
||||||
#define MBEDTLS_SSL_SIG_ECDSA 3
|
#define MBEDTLS_SSL_SIG_ECDSA 3
|
||||||
|
|
||||||
|
/*
|
||||||
|
* TLS 1.3 signature algorithms
|
||||||
|
* RFC 8446, Section 4.2.2
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* RSASSA-PKCS1-v1_5 algorithms */
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601
|
||||||
|
|
||||||
|
/* ECDSA algorithms */
|
||||||
|
#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403
|
||||||
|
#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503
|
||||||
|
#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603
|
||||||
|
|
||||||
|
/* RSASSA-PSS algorithms with public key OID rsaEncryption */
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806
|
||||||
|
|
||||||
|
/* EdDSA algorithms */
|
||||||
|
#define MBEDTLS_TLS13_SIG_ED25519 0x0807
|
||||||
|
#define MBEDTLS_TLS13_SIG_ED448 0x0808
|
||||||
|
|
||||||
|
/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B
|
||||||
|
|
||||||
|
/* LEGACY ALGORITHMS */
|
||||||
|
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201
|
||||||
|
#define MBEDTLS_TLS13_SIG_ECDSA_SHA1 0x0203
|
||||||
|
|
||||||
|
#define MBEDTLS_TLS13_SIG_NONE 0x0
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Client Certificate Types
|
* Client Certificate Types
|
||||||
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
|
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
|
||||||
|
@ -425,8 +460,14 @@
|
||||||
|
|
||||||
/* The value of the CID extension is still TBD as of
|
/* The value of the CID extension is still TBD as of
|
||||||
* draft-ietf-tls-dtls-connection-id-05
|
* draft-ietf-tls-dtls-connection-id-05
|
||||||
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
|
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
|
||||||
|
*
|
||||||
|
* A future minor revision of Mbed TLS may change the default value of
|
||||||
|
* this option to match evolving standards and usage.
|
||||||
|
*/
|
||||||
|
#if !defined(MBEDTLS_TLS_EXT_CID)
|
||||||
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
|
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
||||||
|
|
||||||
|
@ -537,10 +578,11 @@ typedef int mbedtls_ssl_send_t( void *ctx,
|
||||||
* \param buf Buffer to write the received data to
|
* \param buf Buffer to write the received data to
|
||||||
* \param len Length of the receive buffer
|
* \param len Length of the receive buffer
|
||||||
*
|
*
|
||||||
* \return The callback must return the number of bytes received,
|
* \returns If data has been received, the positive number of bytes received.
|
||||||
* or a non-zero error code.
|
* \returns \c 0 if the connection has been closed.
|
||||||
* If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
|
* \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
|
||||||
* must be returned when the operation would block.
|
* must be returned when the operation would block.
|
||||||
|
* \returns Another negative error code on other kinds of failures.
|
||||||
*
|
*
|
||||||
* \note The callback may receive fewer bytes than the length of the
|
* \note The callback may receive fewer bytes than the length of the
|
||||||
* buffer. It must always return the number of bytes actually
|
* buffer. It must always return the number of bytes actually
|
||||||
|
@ -560,7 +602,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
|
||||||
* \param ctx Context for the receive callback (typically a file descriptor)
|
* \param ctx Context for the receive callback (typically a file descriptor)
|
||||||
* \param buf Buffer to write the received data to
|
* \param buf Buffer to write the received data to
|
||||||
* \param len Length of the receive buffer
|
* \param len Length of the receive buffer
|
||||||
* \param timeout Maximum nomber of millisecondes to wait for data
|
* \param timeout Maximum number of milliseconds to wait for data
|
||||||
* 0 means no timeout (potentially waiting forever)
|
* 0 means no timeout (potentially waiting forever)
|
||||||
*
|
*
|
||||||
* \return The callback must return the number of bytes received,
|
* \return The callback must return the number of bytes received,
|
||||||
|
@ -1147,6 +1189,10 @@ struct mbedtls_ssl_config
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
@ -1328,10 +1374,24 @@ struct mbedtls_ssl_context
|
||||||
/*
|
/*
|
||||||
* Record layer transformations
|
* Record layer transformations
|
||||||
*/
|
*/
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in)
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
|
* This is always a reference,
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
|
* never an owning pointer. */
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out)
|
||||||
|
* This is always a reference,
|
||||||
|
* never an owning pointer. */
|
||||||
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
|
||||||
|
* This pointer owns the transform
|
||||||
|
* it references. */
|
||||||
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
|
||||||
|
* This pointer owns the transform
|
||||||
|
* it references. */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
/*! The application data transform in TLS 1.3.
|
||||||
|
* This pointer owns the transform it references. */
|
||||||
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Timers
|
* Timers
|
||||||
|
@ -2991,6 +3051,20 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||||
const int *hashes );
|
const int *hashes );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
/**
|
||||||
|
* \brief Configure allowed signature algorithms for use in TLS 1.3
|
||||||
|
*
|
||||||
|
* \param conf The SSL configuration to use.
|
||||||
|
* \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
|
||||||
|
* terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
|
||||||
|
* available throughout the lifetime of the conf object. Supported
|
||||||
|
* values are available as \c MBEDTLS_TLS13_SIG_XXXX
|
||||||
|
*/
|
||||||
|
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||||
|
const uint16_t* sig_algs );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
|
|
@ -104,6 +104,8 @@ set(src_tls
|
||||||
ssl_ticket.c
|
ssl_ticket.c
|
||||||
ssl_tls.c
|
ssl_tls.c
|
||||||
ssl_tls13_keys.c
|
ssl_tls13_keys.c
|
||||||
|
ssl_tls13_server.c
|
||||||
|
ssl_tls13_client.c
|
||||||
)
|
)
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_GNUCC)
|
if(CMAKE_COMPILER_IS_GNUCC)
|
||||||
|
|
|
@ -167,6 +167,8 @@ OBJS_TLS= \
|
||||||
ssl_ticket.o \
|
ssl_ticket.o \
|
||||||
ssl_tls.o \
|
ssl_tls.o \
|
||||||
ssl_tls13_keys.o \
|
ssl_tls13_keys.o \
|
||||||
|
ssl_tls13_client.o \
|
||||||
|
ssl_tls13_server.o \
|
||||||
# This line is intentionally left blank
|
# This line is intentionally left blank
|
||||||
|
|
||||||
.SILENT:
|
.SILENT:
|
||||||
|
|
290
library/aes.c
290
library/aes.c
|
@ -57,29 +57,6 @@
|
||||||
#define AES_VALIDATE( cond ) \
|
#define AES_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_LE
|
|
||||||
#define GET_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_LE
|
|
||||||
#define PUT_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PADLOCK_C) && \
|
#if defined(MBEDTLS_PADLOCK_C) && \
|
||||||
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
|
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
|
||||||
static int aes_padlock_ace = -1;
|
static int aes_padlock_ace = -1;
|
||||||
|
@ -409,7 +386,7 @@ static void aes_gen_tables( void )
|
||||||
{
|
{
|
||||||
pow[i] = x;
|
pow[i] = x;
|
||||||
log[x] = i;
|
log[x] = i;
|
||||||
x = ( x ^ XTIME( x ) ) & 0xFF;
|
x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -418,7 +395,7 @@ static void aes_gen_tables( void )
|
||||||
for( i = 0, x = 1; i < 10; i++ )
|
for( i = 0, x = 1; i < 10; i++ )
|
||||||
{
|
{
|
||||||
RCON[i] = (uint32_t) x;
|
RCON[i] = (uint32_t) x;
|
||||||
x = XTIME( x ) & 0xFF;
|
x = MBEDTLS_BYTE_0( XTIME( x ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -431,10 +408,10 @@ static void aes_gen_tables( void )
|
||||||
{
|
{
|
||||||
x = pow[255 - log[i]];
|
x = pow[255 - log[i]];
|
||||||
|
|
||||||
y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||||
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
|
x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
|
||||||
x ^= y ^ 0x63;
|
x ^= y ^ 0x63;
|
||||||
|
|
||||||
FSb[i] = (unsigned char) x;
|
FSb[i] = (unsigned char) x;
|
||||||
|
@ -447,8 +424,8 @@ static void aes_gen_tables( void )
|
||||||
for( i = 0; i < 256; i++ )
|
for( i = 0; i < 256; i++ )
|
||||||
{
|
{
|
||||||
x = FSb[i];
|
x = FSb[i];
|
||||||
y = XTIME( x ) & 0xFF;
|
y = MBEDTLS_BYTE_0( XTIME( x ) );
|
||||||
z = ( y ^ x ) & 0xFF;
|
z = MBEDTLS_BYTE_0( y ^ x );
|
||||||
|
|
||||||
FT0[i] = ( (uint32_t) y ) ^
|
FT0[i] = ( (uint32_t) y ) ^
|
||||||
( (uint32_t) x << 8 ) ^
|
( (uint32_t) x << 8 ) ^
|
||||||
|
@ -590,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
|
|
||||||
for( i = 0; i < ( keybits >> 5 ); i++ )
|
for( i = 0; i < ( keybits >> 5 ); i++ )
|
||||||
{
|
{
|
||||||
GET_UINT32_LE( RK[i], key, i << 2 );
|
RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
switch( ctx->nr )
|
switch( ctx->nr )
|
||||||
|
@ -600,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
for( i = 0; i < 10; i++, RK += 4 )
|
for( i = 0; i < 10; i++, RK += 4 )
|
||||||
{
|
{
|
||||||
RK[4] = RK[0] ^ RCON[i] ^
|
RK[4] = RK[0] ^ RCON[i] ^
|
||||||
( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
|
||||||
|
|
||||||
RK[5] = RK[1] ^ RK[4];
|
RK[5] = RK[1] ^ RK[4];
|
||||||
RK[6] = RK[2] ^ RK[5];
|
RK[6] = RK[2] ^ RK[5];
|
||||||
|
@ -616,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
for( i = 0; i < 8; i++, RK += 6 )
|
for( i = 0; i < 8; i++, RK += 6 )
|
||||||
{
|
{
|
||||||
RK[6] = RK[0] ^ RCON[i] ^
|
RK[6] = RK[0] ^ RCON[i] ^
|
||||||
( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
|
||||||
|
|
||||||
RK[7] = RK[1] ^ RK[6];
|
RK[7] = RK[1] ^ RK[6];
|
||||||
RK[8] = RK[2] ^ RK[7];
|
RK[8] = RK[2] ^ RK[7];
|
||||||
|
@ -634,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
for( i = 0; i < 7; i++, RK += 8 )
|
for( i = 0; i < 7; i++, RK += 8 )
|
||||||
{
|
{
|
||||||
RK[8] = RK[0] ^ RCON[i] ^
|
RK[8] = RK[0] ^ RCON[i] ^
|
||||||
( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
|
||||||
|
|
||||||
RK[9] = RK[1] ^ RK[8];
|
RK[9] = RK[1] ^ RK[8];
|
||||||
RK[10] = RK[2] ^ RK[9];
|
RK[10] = RK[2] ^ RK[9];
|
||||||
RK[11] = RK[3] ^ RK[10];
|
RK[11] = RK[3] ^ RK[10];
|
||||||
|
|
||||||
RK[12] = RK[4] ^
|
RK[12] = RK[4] ^
|
||||||
( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
|
||||||
|
|
||||||
RK[13] = RK[5] ^ RK[12];
|
RK[13] = RK[5] ^ RK[12];
|
||||||
RK[14] = RK[6] ^ RK[13];
|
RK[14] = RK[6] ^ RK[13];
|
||||||
|
@ -713,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
{
|
{
|
||||||
for( j = 0; j < 4; j++, SK++ )
|
for( j = 0; j < 4; j++, SK++ )
|
||||||
{
|
{
|
||||||
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
|
*RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
|
||||||
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
|
AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
|
||||||
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
|
AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
|
||||||
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
|
AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -809,52 +786,52 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||||
|
|
||||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
(X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
|
(X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
|
||||||
AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
|
||||||
AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
|
||||||
AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
|
AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \
|
||||||
\
|
\
|
||||||
(X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
|
(X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
|
||||||
AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
|
||||||
AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
|
||||||
AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
|
AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \
|
||||||
\
|
\
|
||||||
(X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
|
(X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
|
||||||
AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
|
||||||
AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
|
||||||
AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
|
AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \
|
||||||
\
|
\
|
||||||
(X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
|
(X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
|
||||||
AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
|
||||||
AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
|
||||||
AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
|
AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
(X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
|
(X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \
|
||||||
AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \
|
||||||
AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \
|
||||||
AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
|
AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \
|
||||||
\
|
\
|
||||||
(X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
|
(X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \
|
||||||
AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \
|
||||||
AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \
|
||||||
AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
|
AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \
|
||||||
\
|
\
|
||||||
(X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
|
(X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \
|
||||||
AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \
|
||||||
AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \
|
||||||
AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
|
AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \
|
||||||
\
|
\
|
||||||
(X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
|
(X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \
|
||||||
AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \
|
||||||
AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \
|
||||||
AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
|
AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -873,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||||
uint32_t Y[4];
|
uint32_t Y[4];
|
||||||
} t;
|
} t;
|
||||||
|
|
||||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
|
||||||
|
|
||||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||||
{
|
{
|
||||||
|
@ -887,33 +864,33 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||||
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||||
|
|
||||||
t.X[0] = *RK++ ^ \
|
t.X[0] = *RK++ ^ \
|
||||||
( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
|
||||||
|
|
||||||
t.X[1] = *RK++ ^ \
|
t.X[1] = *RK++ ^ \
|
||||||
( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
|
||||||
|
|
||||||
t.X[2] = *RK++ ^ \
|
t.X[2] = *RK++ ^ \
|
||||||
( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
|
||||||
|
|
||||||
t.X[3] = *RK++ ^ \
|
t.X[3] = *RK++ ^ \
|
||||||
( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
|
||||||
( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
|
||||||
|
|
||||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
|
||||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
|
||||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
|
||||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
|
||||||
|
|
||||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||||
|
|
||||||
|
@ -937,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||||
uint32_t Y[4];
|
uint32_t Y[4];
|
||||||
} t;
|
} t;
|
||||||
|
|
||||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++;
|
||||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
|
||||||
|
|
||||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||||
{
|
{
|
||||||
|
@ -951,33 +928,33 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||||
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||||
|
|
||||||
t.X[0] = *RK++ ^ \
|
t.X[0] = *RK++ ^ \
|
||||||
( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
|
||||||
|
|
||||||
t.X[1] = *RK++ ^ \
|
t.X[1] = *RK++ ^ \
|
||||||
( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
|
||||||
|
|
||||||
t.X[2] = *RK++ ^ \
|
t.X[2] = *RK++ ^ \
|
||||||
( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
|
||||||
|
|
||||||
t.X[3] = *RK++ ^ \
|
t.X[3] = *RK++ ^ \
|
||||||
( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
|
||||||
( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
|
||||||
|
|
||||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 );
|
||||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 );
|
||||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 );
|
||||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
|
||||||
|
|
||||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||||
|
|
||||||
|
@ -1097,35 +1074,6 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||||
|
|
||||||
/* Endianess with 64 bits values */
|
|
||||||
#ifndef GET_UINT64_LE
|
|
||||||
#define GET_UINT64_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) ] ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT64_LE
|
|
||||||
#define PUT_UINT64_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
|
|
||||||
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
|
|
||||||
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
|
|
||||||
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
typedef unsigned char mbedtls_be128[16];
|
typedef unsigned char mbedtls_be128[16];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1141,14 +1089,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16],
|
||||||
{
|
{
|
||||||
uint64_t a, b, ra, rb;
|
uint64_t a, b, ra, rb;
|
||||||
|
|
||||||
GET_UINT64_LE( a, x, 0 );
|
a = MBEDTLS_GET_UINT64_LE( x, 0 );
|
||||||
GET_UINT64_LE( b, x, 8 );
|
b = MBEDTLS_GET_UINT64_LE( x, 8 );
|
||||||
|
|
||||||
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
|
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
|
||||||
rb = ( a >> 63 ) | ( b << 1 );
|
rb = ( a >> 63 ) | ( b << 1 );
|
||||||
|
|
||||||
PUT_UINT64_LE( ra, r, 0 );
|
MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
|
||||||
PUT_UINT64_LE( rb, r, 8 );
|
MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -55,29 +55,6 @@
|
||||||
#define ARIA_VALIDATE( cond ) \
|
#define ARIA_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_LE
|
|
||||||
#define GET_UINT32_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_LE
|
|
||||||
#define PUT_UINT32_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
|
* modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
|
||||||
*
|
*
|
||||||
|
@ -235,22 +212,22 @@ static inline void aria_sl( uint32_t *a, uint32_t *b,
|
||||||
const uint8_t sa[256], const uint8_t sb[256],
|
const uint8_t sa[256], const uint8_t sb[256],
|
||||||
const uint8_t sc[256], const uint8_t sd[256] )
|
const uint8_t sc[256], const uint8_t sd[256] )
|
||||||
{
|
{
|
||||||
*a = ( (uint32_t) sa[ *a & 0xFF] ) ^
|
*a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^
|
||||||
(((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^
|
(((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^
|
||||||
(((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^
|
(((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
|
||||||
(((uint32_t) sd[ *a >> 24 ]) << 24);
|
(((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
|
||||||
*b = ( (uint32_t) sa[ *b & 0xFF] ) ^
|
*b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^
|
||||||
(((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^
|
(((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^
|
||||||
(((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^
|
(((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
|
||||||
(((uint32_t) sd[ *b >> 24 ]) << 24);
|
(((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
|
||||||
*c = ( (uint32_t) sa[ *c & 0xFF] ) ^
|
*c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^
|
||||||
(((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^
|
(((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^
|
||||||
(((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^
|
(((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
|
||||||
(((uint32_t) sd[ *c >> 24 ]) << 24);
|
(((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
|
||||||
*d = ( (uint32_t) sa[ *d & 0xFF] ) ^
|
*d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^
|
||||||
(((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^
|
(((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^
|
||||||
(((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^
|
(((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
|
||||||
(((uint32_t) sd[ *d >> 24 ]) << 24);
|
(((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -408,7 +385,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
|
||||||
* Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
|
* Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
|
||||||
*
|
*
|
||||||
* We chose to store bytes into 32-bit words in little-endian format (see
|
* We chose to store bytes into 32-bit words in little-endian format (see
|
||||||
* GET/PUT_UINT32_LE) so we need to reverse bytes here.
|
* MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
|
||||||
|
* bytes here.
|
||||||
*/
|
*/
|
||||||
static void aria_rot128( uint32_t r[4], const uint32_t a[4],
|
static void aria_rot128( uint32_t r[4], const uint32_t a[4],
|
||||||
const uint32_t b[4], uint8_t n )
|
const uint32_t b[4], uint8_t n )
|
||||||
|
@ -456,21 +434,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/* Copy key to W0 (and potential remainder to W1) */
|
/* Copy key to W0 (and potential remainder to W1) */
|
||||||
GET_UINT32_LE( w[0][0], key, 0 );
|
w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 );
|
||||||
GET_UINT32_LE( w[0][1], key, 4 );
|
w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 );
|
||||||
GET_UINT32_LE( w[0][2], key, 8 );
|
w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 );
|
||||||
GET_UINT32_LE( w[0][3], key, 12 );
|
w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
|
||||||
|
|
||||||
memset( w[1], 0, 16 );
|
memset( w[1], 0, 16 );
|
||||||
if( keybits >= 192 )
|
if( keybits >= 192 )
|
||||||
{
|
{
|
||||||
GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key
|
w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key
|
||||||
GET_UINT32_LE( w[1][1], key, 20 );
|
w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||||
}
|
}
|
||||||
if( keybits == 256 )
|
if( keybits == 256 )
|
||||||
{
|
{
|
||||||
GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key
|
w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key
|
||||||
GET_UINT32_LE( w[1][3], key, 28 );
|
w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||||
}
|
}
|
||||||
|
|
||||||
i = ( keybits - 128 ) >> 6; // index: 0, 1, 2
|
i = ( keybits - 128 ) >> 6; // index: 0, 1, 2
|
||||||
|
@ -547,10 +525,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||||
ARIA_VALIDATE_RET( input != NULL );
|
ARIA_VALIDATE_RET( input != NULL );
|
||||||
ARIA_VALIDATE_RET( output != NULL );
|
ARIA_VALIDATE_RET( output != NULL );
|
||||||
|
|
||||||
GET_UINT32_LE( a, input, 0 );
|
a = MBEDTLS_GET_UINT32_LE( input, 0 );
|
||||||
GET_UINT32_LE( b, input, 4 );
|
b = MBEDTLS_GET_UINT32_LE( input, 4 );
|
||||||
GET_UINT32_LE( c, input, 8 );
|
c = MBEDTLS_GET_UINT32_LE( input, 8 );
|
||||||
GET_UINT32_LE( d, input, 12 );
|
d = MBEDTLS_GET_UINT32_LE( input, 12 );
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
while( 1 )
|
while( 1 )
|
||||||
|
@ -582,10 +560,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||||
c ^= ctx->rk[i][2];
|
c ^= ctx->rk[i][2];
|
||||||
d ^= ctx->rk[i][3];
|
d ^= ctx->rk[i][3];
|
||||||
|
|
||||||
PUT_UINT32_LE( a, output, 0 );
|
MBEDTLS_PUT_UINT32_LE( a, output, 0 );
|
||||||
PUT_UINT32_LE( b, output, 4 );
|
MBEDTLS_PUT_UINT32_LE( b, output, 4 );
|
||||||
PUT_UINT32_LE( c, output, 8 );
|
MBEDTLS_PUT_UINT32_LE( c, output, 8 );
|
||||||
PUT_UINT32_LE( d, output, 12 );
|
MBEDTLS_PUT_UINT32_LE( d, output, 12 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
||||||
if( *p - start < 3 )
|
if( *p - start < 3 )
|
||||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
*--(*p) = ( len ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||||
*--(*p) = 0x82;
|
*--(*p) = 0x82;
|
||||||
return( 3 );
|
return( 3 );
|
||||||
}
|
}
|
||||||
|
@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
||||||
if( *p - start < 4 )
|
if( *p - start < 4 )
|
||||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
*--(*p) = ( len ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_2( len );
|
||||||
*--(*p) = 0x83;
|
*--(*p) = 0x83;
|
||||||
return( 4 );
|
return( 4 );
|
||||||
}
|
}
|
||||||
|
@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
|
||||||
if( *p - start < 5 )
|
if( *p - start < 5 )
|
||||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
*--(*p) = ( len ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_0( len );
|
||||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_1( len );
|
||||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_2( len );
|
||||||
*--(*p) = ( len >> 24 ) & 0xFF;
|
*--(*p) = MBEDTLS_BYTE_3( len );
|
||||||
*--(*p) = 0x84;
|
*--(*p) = 0x84;
|
||||||
return( 5 );
|
return( 5 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -319,9 +319,9 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||||
if( ++n == 4 )
|
if( ++n == 4 )
|
||||||
{
|
{
|
||||||
n = 0;
|
n = 0;
|
||||||
if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
|
if( j > 0 ) *p++ = MBEDTLS_BYTE_2( x );
|
||||||
if( j > 1 ) *p++ = (unsigned char)( x >> 8 );
|
if( j > 1 ) *p++ = MBEDTLS_BYTE_1( x );
|
||||||
if( j > 2 ) *p++ = (unsigned char)( x );
|
if( j > 2 ) *p++ = MBEDTLS_BYTE_0( x );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -49,29 +49,6 @@
|
||||||
#define CAMELLIA_VALIDATE( cond ) \
|
#define CAMELLIA_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static const unsigned char SIGMA_CHARS[6][8] =
|
static const unsigned char SIGMA_CHARS[6][8] =
|
||||||
{
|
{
|
||||||
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
|
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
|
||||||
|
@ -301,14 +278,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
|
||||||
I0 = x[0] ^ k[0];
|
I0 = x[0] ^ k[0];
|
||||||
I1 = x[1] ^ k[1];
|
I1 = x[1] ^ k[1];
|
||||||
|
|
||||||
I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
|
I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
|
||||||
((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
|
((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
|
||||||
((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
|
((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) |
|
||||||
((uint32_t) SBOX4((I0 ) & 0xFF) );
|
((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) );
|
||||||
I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
|
I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
|
||||||
((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
|
((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
|
||||||
((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
|
((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) |
|
||||||
((uint32_t) SBOX1((I1 ) & 0xFF) );
|
((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) );
|
||||||
|
|
||||||
I0 ^= (I1 << 8) | (I1 >> 24);
|
I0 ^= (I1 << 8) | (I1 >> 24);
|
||||||
I1 ^= (I0 << 16) | (I0 >> 16);
|
I1 ^= (I0 << 16) | (I0 >> 16);
|
||||||
|
@ -376,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
||||||
* Prepare SIGMA values
|
* Prepare SIGMA values
|
||||||
*/
|
*/
|
||||||
for( i = 0; i < 6; i++ ) {
|
for( i = 0; i < 6; i++ ) {
|
||||||
GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
|
SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
|
||||||
GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
|
SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -388,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
||||||
|
|
||||||
/* Store KL, KR */
|
/* Store KL, KR */
|
||||||
for( i = 0; i < 8; i++ )
|
for( i = 0; i < 8; i++ )
|
||||||
GET_UINT32_BE( KC[i], t, i * 4 );
|
KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
|
||||||
|
|
||||||
/* Generate KA */
|
/* Generate KA */
|
||||||
for( i = 0; i < 4; ++i )
|
for( i = 0; i < 4; ++i )
|
||||||
|
@ -514,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
||||||
NR = ctx->nr;
|
NR = ctx->nr;
|
||||||
RK = ctx->rk;
|
RK = ctx->rk;
|
||||||
|
|
||||||
GET_UINT32_BE( X[0], input, 0 );
|
X[0] = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||||
GET_UINT32_BE( X[1], input, 4 );
|
X[1] = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||||
GET_UINT32_BE( X[2], input, 8 );
|
X[2] = MBEDTLS_GET_UINT32_BE( input, 8 );
|
||||||
GET_UINT32_BE( X[3], input, 12 );
|
X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
|
||||||
|
|
||||||
X[0] ^= *RK++;
|
X[0] ^= *RK++;
|
||||||
X[1] ^= *RK++;
|
X[1] ^= *RK++;
|
||||||
|
@ -552,10 +529,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
||||||
X[0] ^= *RK++;
|
X[0] ^= *RK++;
|
||||||
X[1] ^= *RK++;
|
X[1] ^= *RK++;
|
||||||
|
|
||||||
PUT_UINT32_BE( X[2], output, 0 );
|
MBEDTLS_PUT_UINT32_BE( X[2], output, 0 );
|
||||||
PUT_UINT32_BE( X[3], output, 4 );
|
MBEDTLS_PUT_UINT32_BE( X[3], output, 4 );
|
||||||
PUT_UINT32_BE( X[0], output, 8 );
|
MBEDTLS_PUT_UINT32_BE( X[0], output, 8 );
|
||||||
PUT_UINT32_BE( X[1], output, 12 );
|
MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -171,7 +171,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
|
||||||
ctx->y[0] |= ctx->q - 1;
|
ctx->y[0] |= ctx->q - 1;
|
||||||
|
|
||||||
for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
|
for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
|
||||||
ctx->y[15-i] = (unsigned char)( len_left & 0xFF );
|
ctx->y[15-i] = MBEDTLS_BYTE_0( len_left );
|
||||||
|
|
||||||
if( len_left > 0 )
|
if( len_left > 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -54,13 +54,6 @@
|
||||||
#define CHACHA20_VALIDATE( cond ) \
|
#define CHACHA20_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
#define BYTES_TO_U32_LE( data, offset ) \
|
|
||||||
( (uint32_t) (data)[offset] \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
|
|
||||||
)
|
|
||||||
|
|
||||||
#define ROTL32( value, amount ) \
|
#define ROTL32( value, amount ) \
|
||||||
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
|
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
|
||||||
|
|
||||||
|
@ -171,10 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16],
|
||||||
{
|
{
|
||||||
size_t offset = i * 4U;
|
size_t offset = i * 4U;
|
||||||
|
|
||||||
keystream[offset ] = (unsigned char)( working_state[i] );
|
MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
|
||||||
keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 );
|
|
||||||
keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
|
|
||||||
keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
|
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
|
||||||
|
@ -212,14 +202,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
||||||
ctx->state[3] = 0x6b206574;
|
ctx->state[3] = 0x6b206574;
|
||||||
|
|
||||||
/* Set key */
|
/* Set key */
|
||||||
ctx->state[4] = BYTES_TO_U32_LE( key, 0 );
|
ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 );
|
||||||
ctx->state[5] = BYTES_TO_U32_LE( key, 4 );
|
ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 );
|
||||||
ctx->state[6] = BYTES_TO_U32_LE( key, 8 );
|
ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 );
|
||||||
ctx->state[7] = BYTES_TO_U32_LE( key, 12 );
|
ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 );
|
||||||
ctx->state[8] = BYTES_TO_U32_LE( key, 16 );
|
ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 );
|
||||||
ctx->state[9] = BYTES_TO_U32_LE( key, 20 );
|
ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||||
ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
|
ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
|
||||||
ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
|
ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -235,9 +225,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
||||||
ctx->state[12] = counter;
|
ctx->state[12] = counter;
|
||||||
|
|
||||||
/* Nonce */
|
/* Nonce */
|
||||||
ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
|
ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
|
||||||
ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
|
ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
|
||||||
ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
|
ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
|
||||||
|
|
||||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||||
|
|
||||||
|
|
|
@ -263,22 +263,8 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
||||||
/* The lengths of the AAD and ciphertext are processed by
|
/* The lengths of the AAD and ciphertext are processed by
|
||||||
* Poly1305 as the final 128-bit block, encoded as little-endian integers.
|
* Poly1305 as the final 128-bit block, encoded as little-endian integers.
|
||||||
*/
|
*/
|
||||||
len_block[ 0] = (unsigned char)( ctx->aad_len );
|
MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
|
||||||
len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 );
|
MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
|
||||||
len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
|
|
||||||
len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
|
|
||||||
len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
|
|
||||||
len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
|
|
||||||
len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
|
|
||||||
len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
|
|
||||||
len_block[ 8] = (unsigned char)( ctx->ciphertext_len );
|
|
||||||
len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 );
|
|
||||||
len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
|
|
||||||
len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
|
|
||||||
len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
|
|
||||||
len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
|
|
||||||
len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
|
|
||||||
len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
|
|
||||||
|
|
||||||
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
|
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
|
252
library/common.h
252
library/common.h
|
@ -25,6 +25,8 @@
|
||||||
|
|
||||||
#include "mbedtls/build_info.h"
|
#include "mbedtls/build_info.h"
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
/** Helper to define a function as static except when building invasive tests.
|
/** Helper to define a function as static except when building invasive tests.
|
||||||
*
|
*
|
||||||
* If a function is only used inside its own source file and should be
|
* If a function is only used inside its own source file and should be
|
||||||
|
@ -66,4 +68,254 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||||
|
|
||||||
|
/** Byte Reading Macros
|
||||||
|
*
|
||||||
|
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
|
||||||
|
* byte from x, where byte 0 is the least significant byte.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
|
||||||
|
#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 32 bits integer corresponding to four bytes in
|
||||||
|
* big-endian order (MSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the four bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and most significant
|
||||||
|
* byte of the four bytes to build the 32 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT32_BE
|
||||||
|
#define MBEDTLS_GET_UINT32_BE( data , offset ) \
|
||||||
|
( \
|
||||||
|
( (uint32_t) ( data )[( offset ) ] << 24 ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 3] ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 32 bits unsigned integer in big-endian order.
|
||||||
|
*
|
||||||
|
* \param n 32 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 32
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the most significant
|
||||||
|
* byte of the 32 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT32_BE
|
||||||
|
#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \
|
||||||
|
( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 32 bits integer corresponding to four bytes in
|
||||||
|
* little-endian order (LSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the four bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and least significant
|
||||||
|
* byte of the four bytes to build the 32 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT32_LE
|
||||||
|
#define MBEDTLS_GET_UINT32_LE( data, offset ) \
|
||||||
|
( \
|
||||||
|
( (uint32_t) ( data )[( offset ) ] ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
|
||||||
|
| ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 32 bits unsigned integer in little-endian order.
|
||||||
|
*
|
||||||
|
* \param n 32 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 32
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the least significant
|
||||||
|
* byte of the 32 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT32_LE
|
||||||
|
#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
|
||||||
|
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 16 bits integer corresponding to two bytes in
|
||||||
|
* little-endian order (LSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the two bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and least significant
|
||||||
|
* byte of the two bytes to build the 16 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT16_LE
|
||||||
|
#define MBEDTLS_GET_UINT16_LE( data, offset ) \
|
||||||
|
( \
|
||||||
|
( (uint16_t) ( data )[( offset ) ] ) \
|
||||||
|
| ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 16 bits unsigned integer in little-endian order.
|
||||||
|
*
|
||||||
|
* \param n 16 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 16
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the least significant
|
||||||
|
* byte of the 16 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT16_LE
|
||||||
|
#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 16 bits integer corresponding to two bytes in
|
||||||
|
* big-endian order (MSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the two bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and most significant
|
||||||
|
* byte of the two bytes to build the 16 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT16_BE
|
||||||
|
#define MBEDTLS_GET_UINT16_BE( data, offset ) \
|
||||||
|
( \
|
||||||
|
( (uint16_t) ( data )[( offset ) ] << 8 ) \
|
||||||
|
| ( (uint16_t) ( data )[( offset ) + 1] ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 16 bits unsigned integer in big-endian order.
|
||||||
|
*
|
||||||
|
* \param n 16 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 16
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the most significant
|
||||||
|
* byte of the 16 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT16_BE
|
||||||
|
#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 64 bits integer corresponding to eight bytes in
|
||||||
|
* big-endian order (MSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the eight bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and most significant
|
||||||
|
* byte of the eight bytes to build the 64 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT64_BE
|
||||||
|
#define MBEDTLS_GET_UINT64_BE( data, offset ) \
|
||||||
|
( \
|
||||||
|
( (uint64_t) ( data )[( offset ) ] << 56 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 7] ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 64 bits unsigned integer in big-endian order.
|
||||||
|
*
|
||||||
|
* \param n 64 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 64
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the most significant
|
||||||
|
* byte of the 64 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT64_BE
|
||||||
|
#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \
|
||||||
|
( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \
|
||||||
|
( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \
|
||||||
|
( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \
|
||||||
|
( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \
|
||||||
|
( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the unsigned 64 bits integer corresponding to eight bytes in
|
||||||
|
* little-endian order (LSB first).
|
||||||
|
*
|
||||||
|
* \param data Base address of the memory to get the eight bytes from.
|
||||||
|
* \param offset Offset from \p base of the first and least significant
|
||||||
|
* byte of the eight bytes to build the 64 bits unsigned
|
||||||
|
* integer from.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_GET_UINT64_LE
|
||||||
|
#define MBEDTLS_GET_UINT64_LE( data, offset ) \
|
||||||
|
( \
|
||||||
|
( (uint64_t) ( data )[( offset ) + 7] << 56 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \
|
||||||
|
| ( (uint64_t) ( data )[( offset ) ] ) \
|
||||||
|
)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Put in memory a 64 bits unsigned integer in little-endian order.
|
||||||
|
*
|
||||||
|
* \param n 64 bits unsigned integer to put in memory.
|
||||||
|
* \param data Base address of the memory where to put the 64
|
||||||
|
* bits unsigned integer in.
|
||||||
|
* \param offset Offset from \p base where to put the least significant
|
||||||
|
* byte of the 64 bits unsigned integer \p n.
|
||||||
|
*/
|
||||||
|
#ifndef MBEDTLS_PUT_UINT64_LE
|
||||||
|
#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \
|
||||||
|
{ \
|
||||||
|
( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
|
||||||
|
( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
|
||||||
|
( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
|
||||||
|
( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
|
||||||
|
( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \
|
||||||
|
( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \
|
||||||
|
( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \
|
||||||
|
( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* MBEDTLS_LIBRARY_COMMON_H */
|
#endif /* MBEDTLS_LIBRARY_COMMON_H */
|
||||||
|
|
|
@ -152,11 +152,8 @@ static int block_cipher_df( unsigned char *output,
|
||||||
* (Total is padded to a multiple of 16-bytes with zeroes)
|
* (Total is padded to a multiple of 16-bytes with zeroes)
|
||||||
*/
|
*/
|
||||||
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||||
*p++ = ( data_len >> 24 ) & 0xff;
|
MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
|
||||||
*p++ = ( data_len >> 16 ) & 0xff;
|
p += 4 + 3;
|
||||||
*p++ = ( data_len >> 8 ) & 0xff;
|
|
||||||
*p++ = ( data_len ) & 0xff;
|
|
||||||
p += 3;
|
|
||||||
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
|
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
|
||||||
memcpy( p, data, data_len );
|
memcpy( p, data, data_len );
|
||||||
p[data_len] = 0x80;
|
p[data_len] = 0x80;
|
||||||
|
|
|
@ -43,29 +43,6 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DES_ALT)
|
#if !defined(MBEDTLS_DES_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Expanded DES S-boxes
|
* Expanded DES S-boxes
|
||||||
*/
|
*/
|
||||||
|
@ -423,8 +400,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
|
||||||
int i;
|
int i;
|
||||||
uint32_t X, Y, T;
|
uint32_t X, Y, T;
|
||||||
|
|
||||||
GET_UINT32_BE( X, key, 0 );
|
X = MBEDTLS_GET_UINT32_BE( key, 0 );
|
||||||
GET_UINT32_BE( Y, key, 4 );
|
Y = MBEDTLS_GET_UINT32_BE( key, 4 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Permuted Choice 1
|
* Permuted Choice 1
|
||||||
|
@ -633,8 +610,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||||
|
|
||||||
SK = ctx->sk;
|
SK = ctx->sk;
|
||||||
|
|
||||||
GET_UINT32_BE( X, input, 0 );
|
X = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||||
GET_UINT32_BE( Y, input, 4 );
|
Y = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||||
|
|
||||||
DES_IP( X, Y );
|
DES_IP( X, Y );
|
||||||
|
|
||||||
|
@ -646,8 +623,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||||
|
|
||||||
DES_FP( Y, X );
|
DES_FP( Y, X );
|
||||||
|
|
||||||
PUT_UINT32_BE( Y, output, 0 );
|
MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
|
||||||
PUT_UINT32_BE( X, output, 4 );
|
MBEDTLS_PUT_UINT32_BE( X, output, 4 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -720,8 +697,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
||||||
|
|
||||||
SK = ctx->sk;
|
SK = ctx->sk;
|
||||||
|
|
||||||
GET_UINT32_BE( X, input, 0 );
|
X = MBEDTLS_GET_UINT32_BE( input, 0 );
|
||||||
GET_UINT32_BE( Y, input, 4 );
|
Y = MBEDTLS_GET_UINT32_BE( input, 4 );
|
||||||
|
|
||||||
DES_IP( X, Y );
|
DES_IP( X, Y );
|
||||||
|
|
||||||
|
@ -745,8 +722,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
||||||
|
|
||||||
DES_FP( Y, X );
|
DES_FP( Y, X );
|
||||||
|
|
||||||
PUT_UINT32_BE( Y, output, 0 );
|
MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
|
||||||
PUT_UINT32_BE( X, output, 4 );
|
MBEDTLS_PUT_UINT32_BE( X, output, 4 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -270,8 +270,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
|
||||||
p + 2, \
|
p + 2, \
|
||||||
( n ) ) ); \
|
( n ) ) ); \
|
||||||
*p++ = (unsigned char)( ( n ) >> 8 ); \
|
*p++ = MBEDTLS_BYTE_1( n ); \
|
||||||
*p++ = (unsigned char)( ( n ) ); \
|
*p++ = MBEDTLS_BYTE_0( n ); \
|
||||||
p += ( n ); \
|
p += ( n ); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
|
|
|
@ -180,10 +180,7 @@ static int ecjpake_write_len_point( unsigned char **p,
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
(*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
|
||||||
(*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
|
|
||||||
(*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF );
|
|
||||||
(*p)[3] = (unsigned char)( ( len ) & 0xFF );
|
|
||||||
|
|
||||||
*p += 4 + len;
|
*p += 4 + len;
|
||||||
|
|
||||||
|
@ -223,10 +220,8 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
|
||||||
if( end - p < 4 )
|
if( end - p < 4 )
|
||||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );
|
p += 4;
|
||||||
*p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( id_len ) & 0xFF );
|
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < id_len )
|
if( end < p || (size_t)( end - p ) < id_len )
|
||||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||||
|
@ -366,7 +361,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
*(*p)++ = (unsigned char)( len & 0xFF );
|
*(*p)++ = MBEDTLS_BYTE_0( len );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
|
||||||
*p += len;
|
*p += len;
|
||||||
|
|
||||||
|
|
|
@ -1012,8 +1012,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
||||||
/*
|
/*
|
||||||
* Next two bytes are the namedcurve value
|
* Next two bytes are the namedcurve value
|
||||||
*/
|
*/
|
||||||
buf[0] = curve_info->tls_id >> 8;
|
MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
|
||||||
buf[1] = curve_info->tls_id & 0xFF;
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,29 +58,6 @@
|
||||||
#define GCM_VALIDATE( cond ) \
|
#define GCM_VALIDATE( cond ) \
|
||||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize a context
|
* Initialize a context
|
||||||
*/
|
*/
|
||||||
|
@ -111,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
/* pack h as two 64-bits ints, big-endian */
|
/* pack h as two 64-bits ints, big-endian */
|
||||||
GET_UINT32_BE( hi, h, 0 );
|
hi = MBEDTLS_GET_UINT32_BE( h, 0 );
|
||||||
GET_UINT32_BE( lo, h, 4 );
|
lo = MBEDTLS_GET_UINT32_BE( h, 4 );
|
||||||
vh = (uint64_t) hi << 32 | lo;
|
vh = (uint64_t) hi << 32 | lo;
|
||||||
|
|
||||||
GET_UINT32_BE( hi, h, 8 );
|
hi = MBEDTLS_GET_UINT32_BE( h, 8 );
|
||||||
GET_UINT32_BE( lo, h, 12 );
|
lo = MBEDTLS_GET_UINT32_BE( h, 12 );
|
||||||
vl = (uint64_t) hi << 32 | lo;
|
vl = (uint64_t) hi << 32 | lo;
|
||||||
|
|
||||||
/* 8 = 1000 corresponds to 1 in GF(2^128) */
|
/* 8 = 1000 corresponds to 1 in GF(2^128) */
|
||||||
|
@ -223,10 +200,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
|
||||||
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
|
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
|
||||||
unsigned char h[16];
|
unsigned char h[16];
|
||||||
|
|
||||||
PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
|
MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
|
||||||
PUT_UINT32_BE( ctx->HH[8], h, 4 );
|
MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 );
|
||||||
PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
|
MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
|
||||||
PUT_UINT32_BE( ctx->HL[8], h, 12 );
|
MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 );
|
||||||
|
|
||||||
mbedtls_aesni_gcm_mult( output, x, h );
|
mbedtls_aesni_gcm_mult( output, x, h );
|
||||||
return;
|
return;
|
||||||
|
@ -262,10 +239,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
|
||||||
zl ^= ctx->HL[hi];
|
zl ^= ctx->HL[hi];
|
||||||
}
|
}
|
||||||
|
|
||||||
PUT_UINT32_BE( zh >> 32, output, 0 );
|
MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
|
||||||
PUT_UINT32_BE( zh, output, 4 );
|
MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
|
||||||
PUT_UINT32_BE( zl >> 32, output, 8 );
|
MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
|
||||||
PUT_UINT32_BE( zl, output, 12 );
|
MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||||
|
@ -301,7 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
memset( work_buf, 0x00, 16 );
|
memset( work_buf, 0x00, 16 );
|
||||||
PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
|
MBEDTLS_PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
|
||||||
|
|
||||||
p = iv;
|
p = iv;
|
||||||
while( iv_len > 0 )
|
while( iv_len > 0 )
|
||||||
|
@ -569,10 +546,10 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||||
{
|
{
|
||||||
memset( work_buf, 0x00, 16 );
|
memset( work_buf, 0x00, 16 );
|
||||||
|
|
||||||
PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
|
MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 );
|
||||||
PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
|
MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 );
|
||||||
PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
|
MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 );
|
||||||
PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
|
MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 );
|
||||||
|
|
||||||
for( i = 0; i < 16; i++ )
|
for( i = 0; i < 16; i++ )
|
||||||
ctx->buf[i] ^= work_buf[i];
|
ctx->buf[i] ^= work_buf[i];
|
||||||
|
|
|
@ -43,29 +43,6 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_MD5_ALT)
|
#if !defined(MBEDTLS_MD5_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_LE
|
|
||||||
#define GET_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_LE
|
|
||||||
#define PUT_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void mbedtls_md5_init( mbedtls_md5_context *ctx )
|
void mbedtls_md5_init( mbedtls_md5_context *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof( mbedtls_md5_context ) );
|
memset( ctx, 0, sizeof( mbedtls_md5_context ) );
|
||||||
|
@ -110,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||||
uint32_t X[16], A, B, C, D;
|
uint32_t X[16], A, B, C, D;
|
||||||
} local;
|
} local;
|
||||||
|
|
||||||
GET_UINT32_LE( local.X[ 0], data, 0 );
|
local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
|
||||||
GET_UINT32_LE( local.X[ 1], data, 4 );
|
local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
|
||||||
GET_UINT32_LE( local.X[ 2], data, 8 );
|
local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
|
||||||
GET_UINT32_LE( local.X[ 3], data, 12 );
|
local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
|
||||||
GET_UINT32_LE( local.X[ 4], data, 16 );
|
local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
|
||||||
GET_UINT32_LE( local.X[ 5], data, 20 );
|
local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
|
||||||
GET_UINT32_LE( local.X[ 6], data, 24 );
|
local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
|
||||||
GET_UINT32_LE( local.X[ 7], data, 28 );
|
local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
|
||||||
GET_UINT32_LE( local.X[ 8], data, 32 );
|
local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
|
||||||
GET_UINT32_LE( local.X[ 9], data, 36 );
|
local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
|
||||||
GET_UINT32_LE( local.X[10], data, 40 );
|
local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
|
||||||
GET_UINT32_LE( local.X[11], data, 44 );
|
local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
|
||||||
GET_UINT32_LE( local.X[12], data, 48 );
|
local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
|
||||||
GET_UINT32_LE( local.X[13], data, 52 );
|
local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
|
||||||
GET_UINT32_LE( local.X[14], data, 56 );
|
local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
|
||||||
GET_UINT32_LE( local.X[15], data, 60 );
|
local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
|
||||||
|
|
||||||
#define S(x,n) \
|
#define S(x,n) \
|
||||||
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
|
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
|
||||||
|
@ -330,8 +307,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||||
| ( ctx->total[1] << 3 );
|
| ( ctx->total[1] << 3 );
|
||||||
low = ( ctx->total[0] << 3 );
|
low = ( ctx->total[0] << 3 );
|
||||||
|
|
||||||
PUT_UINT32_LE( low, ctx->buffer, 56 );
|
MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 );
|
||||||
PUT_UINT32_LE( high, ctx->buffer, 60 );
|
MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
|
||||||
|
|
||||||
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
|
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -339,10 +316,10 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Output final state
|
* Output final state
|
||||||
*/
|
*/
|
||||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,26 +77,6 @@ static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
|
||||||
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
/*! The 32-bit default integrity check value (ICV) for KWP mode. */
|
||||||
static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
|
static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
|
||||||
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
do { \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
} while( 0 )
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
do { \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
} while( 0 )
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize context
|
* Initialize context
|
||||||
*/
|
*/
|
||||||
|
@ -243,7 +223,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
|
memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
|
||||||
PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
|
MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
|
||||||
KW_SEMIBLOCK_LENGTH / 2 );
|
KW_SEMIBLOCK_LENGTH / 2 );
|
||||||
|
|
||||||
memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
|
memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
|
||||||
|
@ -474,7 +454,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
|
||||||
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
|
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
|
Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Plen is the length of the plaintext, when the input is valid.
|
* Plen is the length of the plaintext, when the input is valid.
|
||||||
|
|
|
@ -285,8 +285,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||||
for( i = v; i > 0; i-- )
|
for( i = v; i > 0; i-- )
|
||||||
{
|
{
|
||||||
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
||||||
c = (unsigned char) (j >> 8);
|
c = MBEDTLS_BYTE_1( j );
|
||||||
salt_block[i - 1] = j & 0xFF;
|
salt_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||||
}
|
}
|
||||||
|
|
||||||
// pwd_block += B
|
// pwd_block += B
|
||||||
|
@ -294,8 +294,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||||
for( i = v; i > 0; i-- )
|
for( i = v; i > 0; i-- )
|
||||||
{
|
{
|
||||||
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
||||||
c = (unsigned char) (j >> 8);
|
c = MBEDTLS_BYTE_1( j );
|
||||||
pwd_block[i - 1] = j & 0xFF;
|
pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,13 +52,6 @@
|
||||||
|
|
||||||
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
|
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
|
||||||
|
|
||||||
#define BYTES_TO_U32_LE( data, offset ) \
|
|
||||||
( (uint32_t) (data)[offset] \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
|
|
||||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
|
|
||||||
)
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
|
* Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
|
||||||
* However we provided an alternative for platforms without such a multiplier.
|
* However we provided an alternative for platforms without such a multiplier.
|
||||||
|
@ -129,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
|
||||||
for( i = 0U; i < nblocks; i++ )
|
for( i = 0U; i < nblocks; i++ )
|
||||||
{
|
{
|
||||||
/* The input block is treated as a 128-bit little-endian integer */
|
/* The input block is treated as a 128-bit little-endian integer */
|
||||||
d0 = BYTES_TO_U32_LE( input, offset + 0 );
|
d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 );
|
||||||
d1 = BYTES_TO_U32_LE( input, offset + 4 );
|
d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 );
|
||||||
d2 = BYTES_TO_U32_LE( input, offset + 8 );
|
d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 );
|
||||||
d3 = BYTES_TO_U32_LE( input, offset + 12 );
|
d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
|
||||||
|
|
||||||
/* Compute: acc += (padded) block as a 130-bit integer */
|
/* Compute: acc += (padded) block as a 130-bit integer */
|
||||||
d0 += (uint64_t) acc0;
|
d0 += (uint64_t) acc0;
|
||||||
|
@ -257,22 +250,10 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
|
||||||
acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
|
acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
|
||||||
|
|
||||||
/* Compute MAC (128 least significant bits of the accumulator) */
|
/* Compute MAC (128 least significant bits of the accumulator) */
|
||||||
mac[ 0] = (unsigned char)( acc0 );
|
MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 );
|
||||||
mac[ 1] = (unsigned char)( acc0 >> 8 );
|
MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 );
|
||||||
mac[ 2] = (unsigned char)( acc0 >> 16 );
|
MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 );
|
||||||
mac[ 3] = (unsigned char)( acc0 >> 24 );
|
MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
|
||||||
mac[ 4] = (unsigned char)( acc1 );
|
|
||||||
mac[ 5] = (unsigned char)( acc1 >> 8 );
|
|
||||||
mac[ 6] = (unsigned char)( acc1 >> 16 );
|
|
||||||
mac[ 7] = (unsigned char)( acc1 >> 24 );
|
|
||||||
mac[ 8] = (unsigned char)( acc2 );
|
|
||||||
mac[ 9] = (unsigned char)( acc2 >> 8 );
|
|
||||||
mac[10] = (unsigned char)( acc2 >> 16 );
|
|
||||||
mac[11] = (unsigned char)( acc2 >> 24 );
|
|
||||||
mac[12] = (unsigned char)( acc3 );
|
|
||||||
mac[13] = (unsigned char)( acc3 >> 8 );
|
|
||||||
mac[14] = (unsigned char)( acc3 >> 16 );
|
|
||||||
mac[15] = (unsigned char)( acc3 >> 24 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
|
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
|
||||||
|
@ -297,15 +278,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||||
POLY1305_VALIDATE_RET( key != NULL );
|
POLY1305_VALIDATE_RET( key != NULL );
|
||||||
|
|
||||||
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
|
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
|
||||||
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU;
|
ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU;
|
||||||
ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU;
|
ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU;
|
||||||
ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU;
|
ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU;
|
||||||
ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
|
ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
|
||||||
|
|
||||||
ctx->s[0] = BYTES_TO_U32_LE( key, 16 );
|
ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
|
||||||
ctx->s[1] = BYTES_TO_U32_LE( key, 20 );
|
ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
|
||||||
ctx->s[2] = BYTES_TO_U32_LE( key, 24 );
|
ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
|
||||||
ctx->s[3] = BYTES_TO_U32_LE( key, 28 );
|
ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
|
||||||
|
|
||||||
/* Initial accumulator state */
|
/* Initial accumulator state */
|
||||||
ctx->acc[0] = 0U;
|
ctx->acc[0] = 0U;
|
||||||
|
|
|
@ -4506,8 +4506,8 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
|
||||||
* uint16 with the value N, and the PSK itself.
|
* uint16 with the value N, and the PSK itself.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
*cur++ = ( data_length >> 8 ) & 0xff;
|
*cur++ = MBEDTLS_BYTE_1( data_length );
|
||||||
*cur++ = ( data_length >> 0 ) & 0xff;
|
*cur++ = MBEDTLS_BYTE_0( data_length );
|
||||||
memset( cur, 0, data_length );
|
memset( cur, 0, data_length );
|
||||||
cur += data_length;
|
cur += data_length;
|
||||||
*cur++ = pms[0];
|
*cur++ = pms[0];
|
||||||
|
|
|
@ -230,48 +230,6 @@ static psa_status_t psa_crypto_storage_get_data_length(
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_LE
|
|
||||||
#define GET_UINT32_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_LE
|
|
||||||
#define PUT_UINT32_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* 16-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT16_LE
|
|
||||||
#define GET_UINT16_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint16_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint16_t) (b)[(i) + 1] << 8 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT16_LE
|
|
||||||
#define PUT_UINT16_LE( n, b, i ) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Persistent key storage magic header.
|
* Persistent key storage magic header.
|
||||||
*/
|
*/
|
||||||
|
@ -298,14 +256,14 @@ void psa_format_key_data_for_storage( const uint8_t *data,
|
||||||
(psa_persistent_key_storage_format *) storage_data;
|
(psa_persistent_key_storage_format *) storage_data;
|
||||||
|
|
||||||
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
|
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
|
||||||
PUT_UINT32_LE( 0, storage_format->version, 0 );
|
MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
|
||||||
PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
|
MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
|
||||||
PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
|
MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
|
||||||
PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
|
MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
|
||||||
PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
|
MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
|
||||||
PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
|
MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
|
||||||
PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
|
MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
|
||||||
PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
|
MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
|
||||||
memcpy( storage_format->key_data, data, data_length );
|
memcpy( storage_format->key_data, data, data_length );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -335,11 +293,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
GET_UINT32_LE( version, storage_format->version, 0 );
|
version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
|
||||||
if( version != 0 )
|
if( version != 0 )
|
||||||
return( PSA_ERROR_DATA_INVALID );
|
return( PSA_ERROR_DATA_INVALID );
|
||||||
|
|
||||||
GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 );
|
*key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
|
||||||
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
|
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
|
||||||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
||||||
return( PSA_ERROR_DATA_INVALID );
|
return( PSA_ERROR_DATA_INVALID );
|
||||||
|
@ -356,12 +314,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
||||||
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
||||||
}
|
}
|
||||||
|
|
||||||
GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
|
attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
|
||||||
GET_UINT16_LE( attr->type, storage_format->type, 0 );
|
attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
|
||||||
GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
|
attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
|
||||||
GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
|
attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
|
||||||
GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
|
attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
|
||||||
GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
|
attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
|
@ -191,14 +191,8 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
|
||||||
size_t n;
|
size_t n;
|
||||||
|
|
||||||
memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
|
memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
|
||||||
header.size[0] = data_length & 0xff;
|
MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
|
||||||
header.size[1] = ( data_length >> 8 ) & 0xff;
|
MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
|
||||||
header.size[2] = ( data_length >> 16 ) & 0xff;
|
|
||||||
header.size[3] = ( data_length >> 24 ) & 0xff;
|
|
||||||
header.flags[0] = create_flags & 0xff;
|
|
||||||
header.flags[1] = ( create_flags >> 8 ) & 0xff;
|
|
||||||
header.flags[2] = ( create_flags >> 16 ) & 0xff;
|
|
||||||
header.flags[3] = ( create_flags >> 24 ) & 0xff;
|
|
||||||
|
|
||||||
psa_its_fill_filename( uid, filename );
|
psa_its_fill_filename( uid, filename );
|
||||||
stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
|
stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
|
||||||
|
|
|
@ -44,29 +44,6 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (little endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_LE
|
|
||||||
#define GET_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_LE
|
|
||||||
#define PUT_UINT32_LE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
|
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
|
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
|
||||||
|
@ -115,22 +92,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
||||||
} local;
|
} local;
|
||||||
|
|
||||||
GET_UINT32_LE( local.X[ 0], data, 0 );
|
local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 );
|
||||||
GET_UINT32_LE( local.X[ 1], data, 4 );
|
local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 );
|
||||||
GET_UINT32_LE( local.X[ 2], data, 8 );
|
local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 );
|
||||||
GET_UINT32_LE( local.X[ 3], data, 12 );
|
local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
|
||||||
GET_UINT32_LE( local.X[ 4], data, 16 );
|
local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
|
||||||
GET_UINT32_LE( local.X[ 5], data, 20 );
|
local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
|
||||||
GET_UINT32_LE( local.X[ 6], data, 24 );
|
local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
|
||||||
GET_UINT32_LE( local.X[ 7], data, 28 );
|
local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
|
||||||
GET_UINT32_LE( local.X[ 8], data, 32 );
|
local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
|
||||||
GET_UINT32_LE( local.X[ 9], data, 36 );
|
local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
|
||||||
GET_UINT32_LE( local.X[10], data, 40 );
|
local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
|
||||||
GET_UINT32_LE( local.X[11], data, 44 );
|
local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
|
||||||
GET_UINT32_LE( local.X[12], data, 48 );
|
local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
|
||||||
GET_UINT32_LE( local.X[13], data, 52 );
|
local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
|
||||||
GET_UINT32_LE( local.X[14], data, 56 );
|
local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
|
||||||
GET_UINT32_LE( local.X[15], data, 60 );
|
local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
|
||||||
|
|
||||||
local.A = local.Ap = ctx->state[0];
|
local.A = local.Ap = ctx->state[0];
|
||||||
local.B = local.Bp = ctx->state[1];
|
local.B = local.Bp = ctx->state[1];
|
||||||
|
@ -377,8 +354,8 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
|
||||||
| ( ctx->total[1] << 3 );
|
| ( ctx->total[1] << 3 );
|
||||||
low = ( ctx->total[0] << 3 );
|
low = ( ctx->total[0] << 3 );
|
||||||
|
|
||||||
PUT_UINT32_LE( low, msglen, 0 );
|
MBEDTLS_PUT_UINT32_LE( low, msglen, 0 );
|
||||||
PUT_UINT32_LE( high, msglen, 4 );
|
MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
|
||||||
|
|
||||||
last = ctx->total[0] & 0x3F;
|
last = ctx->total[0] & 0x3F;
|
||||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||||
|
@ -391,11 +368,11 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||||
PUT_UINT32_LE( ctx->state[4], output, 16 );
|
MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,29 +48,6 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SHA1_ALT)
|
#if !defined(MBEDTLS_SHA1_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
|
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
|
||||||
{
|
{
|
||||||
SHA1_VALIDATE( ctx != NULL );
|
SHA1_VALIDATE( ctx != NULL );
|
||||||
|
@ -126,22 +103,22 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
SHA1_VALIDATE_RET( ctx != NULL );
|
SHA1_VALIDATE_RET( ctx != NULL );
|
||||||
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
|
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||||
|
|
||||||
GET_UINT32_BE( local.W[ 0], data, 0 );
|
local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
|
||||||
GET_UINT32_BE( local.W[ 1], data, 4 );
|
local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
|
||||||
GET_UINT32_BE( local.W[ 2], data, 8 );
|
local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
|
||||||
GET_UINT32_BE( local.W[ 3], data, 12 );
|
local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
|
||||||
GET_UINT32_BE( local.W[ 4], data, 16 );
|
local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
|
||||||
GET_UINT32_BE( local.W[ 5], data, 20 );
|
local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
|
||||||
GET_UINT32_BE( local.W[ 6], data, 24 );
|
local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
|
||||||
GET_UINT32_BE( local.W[ 7], data, 28 );
|
local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
|
||||||
GET_UINT32_BE( local.W[ 8], data, 32 );
|
local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
|
||||||
GET_UINT32_BE( local.W[ 9], data, 36 );
|
local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
|
||||||
GET_UINT32_BE( local.W[10], data, 40 );
|
local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
|
||||||
GET_UINT32_BE( local.W[11], data, 44 );
|
local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
|
||||||
GET_UINT32_BE( local.W[12], data, 48 );
|
local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
|
||||||
GET_UINT32_BE( local.W[13], data, 52 );
|
local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
|
||||||
GET_UINT32_BE( local.W[14], data, 56 );
|
local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
|
||||||
GET_UINT32_BE( local.W[15], data, 60 );
|
local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
|
||||||
|
|
||||||
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
||||||
|
|
||||||
|
@ -385,8 +362,8 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||||
| ( ctx->total[1] << 3 );
|
| ( ctx->total[1] << 3 );
|
||||||
low = ( ctx->total[0] << 3 );
|
low = ( ctx->total[0] << 3 );
|
||||||
|
|
||||||
PUT_UINT32_BE( high, ctx->buffer, 56 );
|
MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
|
||||||
PUT_UINT32_BE( low, ctx->buffer, 60 );
|
MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
|
||||||
|
|
||||||
if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
|
if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -394,11 +371,11 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Output final state
|
* Output final state
|
||||||
*/
|
*/
|
||||||
PUT_UINT32_BE( ctx->state[0], output, 0 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
|
||||||
PUT_UINT32_BE( ctx->state[1], output, 4 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
|
||||||
PUT_UINT32_BE( ctx->state[2], output, 8 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
|
||||||
PUT_UINT32_BE( ctx->state[3], output, 12 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
|
||||||
PUT_UINT32_BE( ctx->state[4], output, 16 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,29 +50,6 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SHA256_ALT)
|
#if !defined(MBEDTLS_SHA256_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 32-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT32_BE
|
|
||||||
#define GET_UINT32_BE(n,b,i) \
|
|
||||||
do { \
|
|
||||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
||||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
||||||
} while( 0 )
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef PUT_UINT32_BE
|
|
||||||
#define PUT_UINT32_BE(n,b,i) \
|
|
||||||
do { \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
||||||
} while( 0 )
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
|
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
|
||||||
{
|
{
|
||||||
SHA256_VALIDATE( ctx != NULL );
|
SHA256_VALIDATE( ctx != NULL );
|
||||||
|
@ -213,7 +190,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||||
for( i = 0; i < 64; i++ )
|
for( i = 0; i < 64; i++ )
|
||||||
{
|
{
|
||||||
if( i < 16 )
|
if( i < 16 )
|
||||||
GET_UINT32_BE( local.W[i], data, 4 * i );
|
local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
|
||||||
else
|
else
|
||||||
R( i );
|
R( i );
|
||||||
|
|
||||||
|
@ -228,7 +205,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_SHA256_SMALLER */
|
#else /* MBEDTLS_SHA256_SMALLER */
|
||||||
for( i = 0; i < 16; i++ )
|
for( i = 0; i < 16; i++ )
|
||||||
GET_UINT32_BE( local.W[i], data, 4 * i );
|
local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
|
||||||
|
|
||||||
for( i = 0; i < 16; i += 8 )
|
for( i = 0; i < 16; i += 8 )
|
||||||
{
|
{
|
||||||
|
@ -378,8 +355,8 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||||
| ( ctx->total[1] << 3 );
|
| ( ctx->total[1] << 3 );
|
||||||
low = ( ctx->total[0] << 3 );
|
low = ( ctx->total[0] << 3 );
|
||||||
|
|
||||||
PUT_UINT32_BE( high, ctx->buffer, 56 );
|
MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
|
||||||
PUT_UINT32_BE( low, ctx->buffer, 60 );
|
MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 );
|
||||||
|
|
||||||
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
|
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -387,18 +364,18 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Output final state
|
* Output final state
|
||||||
*/
|
*/
|
||||||
PUT_UINT32_BE( ctx->state[0], output, 0 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 );
|
||||||
PUT_UINT32_BE( ctx->state[1], output, 4 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 );
|
||||||
PUT_UINT32_BE( ctx->state[2], output, 8 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 );
|
||||||
PUT_UINT32_BE( ctx->state[3], output, 12 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
|
||||||
PUT_UINT32_BE( ctx->state[4], output, 16 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
|
||||||
PUT_UINT32_BE( ctx->state[5], output, 20 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
|
||||||
PUT_UINT32_BE( ctx->state[6], output, 24 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA224_C)
|
#if defined(MBEDTLS_SHA224_C)
|
||||||
if( ctx->is224 == 0 )
|
if( ctx->is224 == 0 )
|
||||||
#endif
|
#endif
|
||||||
PUT_UINT32_BE( ctx->state[7], output, 28 );
|
MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,44 +56,13 @@
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SHA512_ALT)
|
#if !defined(MBEDTLS_SHA512_ALT)
|
||||||
|
|
||||||
/*
|
|
||||||
* 64-bit integer manipulation macros (big endian)
|
|
||||||
*/
|
|
||||||
#ifndef GET_UINT64_BE
|
|
||||||
#define GET_UINT64_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(n) = ( (uint64_t) (b)[(i) ] << 56 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 1] << 48 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 2] << 40 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 3] << 32 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 4] << 24 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 5] << 16 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 6] << 8 ) \
|
|
||||||
| ( (uint64_t) (b)[(i) + 7] ); \
|
|
||||||
}
|
|
||||||
#endif /* GET_UINT64_BE */
|
|
||||||
|
|
||||||
#ifndef PUT_UINT64_BE
|
|
||||||
#define PUT_UINT64_BE(n,b,i) \
|
|
||||||
{ \
|
|
||||||
(b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
|
|
||||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
|
|
||||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
|
|
||||||
(b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
|
|
||||||
(b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
|
|
||||||
(b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
|
|
||||||
(b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
|
|
||||||
(b)[(i) + 7] = (unsigned char) ( (n) ); \
|
|
||||||
}
|
|
||||||
#endif /* PUT_UINT64_BE */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA512_SMALLER)
|
#if defined(MBEDTLS_SHA512_SMALLER)
|
||||||
static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
|
static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
|
||||||
{
|
{
|
||||||
PUT_UINT64_BE(n, b, i);
|
MBEDTLS_PUT_UINT64_BE(n, b, i);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
#define sha512_put_uint64_be PUT_UINT64_BE
|
#define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE
|
||||||
#endif /* MBEDTLS_SHA512_SMALLER */
|
#endif /* MBEDTLS_SHA512_SMALLER */
|
||||||
|
|
||||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
|
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
|
||||||
|
@ -261,7 +230,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||||
{
|
{
|
||||||
if( i < 16 )
|
if( i < 16 )
|
||||||
{
|
{
|
||||||
GET_UINT64_BE( local.W[i], data, i << 3 );
|
local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -281,7 +250,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||||
#else /* MBEDTLS_SHA512_SMALLER */
|
#else /* MBEDTLS_SHA512_SMALLER */
|
||||||
for( i = 0; i < 16; i++ )
|
for( i = 0; i < 16; i++ )
|
||||||
{
|
{
|
||||||
GET_UINT64_BE( local.W[i], data, i << 3 );
|
local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
|
||||||
}
|
}
|
||||||
|
|
||||||
for( ; i < 80; i++ )
|
for( ; i < 80; i++ )
|
||||||
|
|
|
@ -136,18 +136,19 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
||||||
* } ServerNameList;
|
* } ServerNameList;
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
|
||||||
*p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
|
||||||
*p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
|
||||||
*p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( hostname_len ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
|
||||||
|
p += 2;
|
||||||
|
|
||||||
memcpy( p, ssl->hostname, hostname_len );
|
memcpy( p, ssl->hostname, hostname_len );
|
||||||
|
|
||||||
|
@ -181,14 +182,12 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
||||||
/*
|
/*
|
||||||
* Secure renegotiation
|
* Secure renegotiation
|
||||||
*/
|
*/
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 )
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
|
||||||
& 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO )
|
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
|
*p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
|
||||||
*p++ = ssl->verify_data_len & 0xFF;
|
*p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
|
||||||
|
|
||||||
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
|
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
|
||||||
|
|
||||||
|
@ -283,14 +282,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
* SignatureAndHashAlgorithm
|
* SignatureAndHashAlgorithm
|
||||||
* supported_signature_algorithms<2..2^16-2>;
|
* supported_signature_algorithms<2..2^16-2>;
|
||||||
*/
|
*/
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*olen = 6 + sig_alg_len;
|
*olen = 6 + sig_alg_len;
|
||||||
|
|
||||||
|
@ -354,20 +353,18 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||||
grp_id++ )
|
grp_id++ )
|
||||||
{
|
{
|
||||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
|
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
|
||||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
|
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 )
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
|
||||||
& 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES )
|
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*olen = 6 + elliptic_curve_len;
|
*olen = 6 + elliptic_curve_len;
|
||||||
|
|
||||||
|
@ -388,10 +385,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||||
( "client hello, adding supported_point_formats extension" ) );
|
( "client hello, adding supported_point_formats extension" ) );
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 )
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
|
||||||
& 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS )
|
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 2;
|
*p++ = 2;
|
||||||
|
@ -427,8 +422,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We may need to send ClientHello multiple times for Hello verification.
|
* We may need to send ClientHello multiple times for Hello verification.
|
||||||
|
@ -470,8 +465,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||||
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
|
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*olen = kkpp_len + 4;
|
*olen = kkpp_len + 4;
|
||||||
|
|
||||||
|
@ -510,11 +505,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
|
||||||
|
|
||||||
/* Add extension ID + size */
|
/* Add extension ID + size */
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
|
p += 2;
|
||||||
ext_len = (size_t) ssl->own_cid_len + 1;
|
ext_len = (size_t) ssl->own_cid_len + 1;
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (uint8_t) ssl->own_cid_len;
|
*p++ = (uint8_t) ssl->own_cid_len;
|
||||||
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||||
|
@ -543,10 +538,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 )
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
|
||||||
& 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH )
|
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 1;
|
*p++ = 1;
|
||||||
|
@ -577,8 +570,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
|
@ -607,10 +600,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 )
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
|
||||||
& 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET )
|
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
|
@ -641,11 +632,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
/* The addition is safe here since the ticket length is 16 bit. */
|
/* The addition is safe here since the ticket length is 16 bit. */
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
|
||||||
*p++ = (unsigned char)( ( tlen ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*olen = 4;
|
*olen = 4;
|
||||||
|
|
||||||
|
@ -685,8 +676,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* opaque ProtocolName<1..2^8-1>;
|
* opaque ProtocolName<1..2^8-1>;
|
||||||
|
@ -713,12 +704,10 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||||
*olen = p - buf;
|
*olen = p - buf;
|
||||||
|
|
||||||
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
|
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
|
||||||
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
|
||||||
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
|
|
||||||
|
|
||||||
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
|
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
|
||||||
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
|
||||||
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -770,12 +759,11 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
|
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ext_len & 0xFF );
|
|
||||||
|
|
||||||
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
|
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
|
||||||
/* micro-optimization:
|
/* micro-optimization:
|
||||||
|
@ -786,8 +774,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||||
* >> 8 ) & 0xFF );
|
* >> 8 ) & 0xFF );
|
||||||
*/
|
*/
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
*p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
|
*p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
|
||||||
& 0xFF );
|
|
||||||
|
|
||||||
for( protection_profiles_index=0;
|
for( protection_profiles_index=0;
|
||||||
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
|
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
|
||||||
|
@ -799,8 +786,8 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
||||||
profile_value ) );
|
profile_value ) );
|
||||||
*p++ = ( ( profile_value >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
|
||||||
*p++ = ( profile_value & 0xFF );
|
p += 2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -868,10 +855,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
t = mbedtls_time( NULL );
|
t = mbedtls_time( NULL );
|
||||||
*p++ = (unsigned char)( t >> 24 );
|
MBEDTLS_PUT_UINT32_BE( t, p, 0 );
|
||||||
*p++ = (unsigned char)( t >> 16 );
|
p += 4;
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
|
||||||
*p++ = (unsigned char)( t );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
(long long) t ) );
|
(long long) t ) );
|
||||||
|
@ -1154,8 +1139,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||||
|
|
||||||
n++;
|
n++;
|
||||||
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
|
MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
|
||||||
*p++ = (unsigned char)( ciphersuites[i] );
|
p += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
|
@ -1170,8 +1155,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
|
||||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
|
p += 2;
|
||||||
n++;
|
n++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1334,9 +1319,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* No need to check for space here, because the extension
|
/* No need to check for space here, because the extension
|
||||||
* writing functions already took care of that. */
|
* writing functions already took care of that. */
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
p += 2 + ext_len;
|
||||||
p += ext_len;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
|
@ -2756,8 +2740,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( len_bytes == 2 )
|
if( len_bytes == 2 )
|
||||||
{
|
{
|
||||||
ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
|
MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
|
||||||
ssl->out_msg[offset+1] = (unsigned char)( *olen );
|
|
||||||
*olen += 2;
|
*olen += 2;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -3514,8 +3497,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
|
content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
|
||||||
|
|
||||||
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
|
||||||
ssl->out_msg[5] = (unsigned char)( content_len );
|
|
||||||
header_len = 6;
|
header_len = 6;
|
||||||
|
|
||||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
|
@ -3730,8 +3712,8 @@ ecdh_calc_secret:
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
|
||||||
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
|
||||||
|
|
||||||
memcpy( ssl->out_msg + header_len,
|
memcpy( ssl->out_msg + header_len,
|
||||||
ssl->conf->psk_identity,
|
ssl->conf->psk_identity,
|
||||||
|
@ -3782,8 +3764,8 @@ ecdh_calc_secret:
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
|
||||||
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
|
||||||
|
|
||||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
|
(int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
|
||||||
|
@ -4065,8 +4047,7 @@ sign:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
|
MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
|
||||||
ssl->out_msg[5 + offset] = (unsigned char)( n );
|
|
||||||
|
|
||||||
ssl->out_msglen = 6 + n + offset;
|
ssl->out_msglen = 6 + n + offset;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
|
@ -4210,23 +4191,8 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
|
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
|
||||||
return( ret );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
|
||||||
{
|
|
||||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
|
||||||
|
|
||||||
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
|
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
|
||||||
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
|
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
|
|
@ -165,10 +165,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
|
||||||
t = ctx->serial++;
|
t = ctx->serial++;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
(*p)[0] = (unsigned char)( t >> 24 );
|
MBEDTLS_PUT_UINT32_BE(t, *p, 0);
|
||||||
(*p)[1] = (unsigned char)( t >> 16 );
|
|
||||||
(*p)[2] = (unsigned char)( t >> 8 );
|
|
||||||
(*p)[3] = (unsigned char)( t );
|
|
||||||
*p += 4;
|
*p += 4;
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
|
|
|
@ -562,6 +562,13 @@ struct mbedtls_ssl_handshake_params
|
||||||
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
/*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
|
||||||
|
* Those pointers own the transforms they reference. */
|
||||||
|
mbedtls_ssl_transform *transform_handshake;
|
||||||
|
mbedtls_ssl_transform *transform_earlydata;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Checksum contexts
|
* Checksum contexts
|
||||||
*/
|
*/
|
||||||
|
@ -740,7 +747,8 @@ struct mbedtls_ssl_transform
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
/* We need the Hello random bytes in order to re-derive keys from the
|
/* We need the Hello random bytes in order to re-derive keys from the
|
||||||
* Master Secret and other session info, see ssl_populate_transform() */
|
* Master Secret and other session info,
|
||||||
|
* see ssl_tls12_populate_transform() */
|
||||||
unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
|
unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
|
||||||
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||||
};
|
};
|
||||||
|
@ -881,6 +889,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||||
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
|
||||||
|
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
|
||||||
|
#endif
|
||||||
|
|
||||||
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
@ -971,7 +983,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||||
unsigned update_hs_digest );
|
unsigned update_hs_digest );
|
||||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||||
|
|
||||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||||
|
int update_checksum );
|
||||||
|
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
|
||||||
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
||||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
@ -1259,4 +1277,50 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
|
||||||
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
|
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ssl utils functions for checking configuration.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
|
||||||
|
{
|
||||||
|
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
|
||||||
|
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||||
|
{
|
||||||
|
return( 1 );
|
||||||
|
}
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
|
||||||
|
{
|
||||||
|
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||||
|
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
|
{
|
||||||
|
return( 1 );
|
||||||
|
}
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
|
||||||
|
{
|
||||||
|
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||||
|
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||||
|
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||||
|
{
|
||||||
|
return( 1 );
|
||||||
|
}
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
|
||||||
|
|
||||||
#endif /* ssl_misc.h */
|
#endif /* ssl_misc.h */
|
||||||
|
|
|
@ -384,7 +384,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
|
||||||
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
size_t *add_data_len,
|
size_t *add_data_len,
|
||||||
mbedtls_record *rec,
|
mbedtls_record *rec,
|
||||||
unsigned minor_ver )
|
unsigned minor_ver,
|
||||||
|
size_t taglen )
|
||||||
{
|
{
|
||||||
/* Quoting RFC 5246 (TLS 1.2):
|
/* Quoting RFC 5246 (TLS 1.2):
|
||||||
*
|
*
|
||||||
|
@ -403,15 +404,37 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
*
|
*
|
||||||
* For TLS 1.3, the record sequence number is dropped from the AAD
|
* For TLS 1.3, the record sequence number is dropped from the AAD
|
||||||
* and encoded within the nonce of the AEAD operation instead.
|
* and encoded within the nonce of the AEAD operation instead.
|
||||||
|
* Moreover, the additional data involves the length of the TLS
|
||||||
|
* ciphertext, not the TLS plaintext as in earlier versions.
|
||||||
|
* Quoting RFC 8446 (TLS 1.3):
|
||||||
|
*
|
||||||
|
* additional_data = TLSCiphertext.opaque_type ||
|
||||||
|
* TLSCiphertext.legacy_record_version ||
|
||||||
|
* TLSCiphertext.length
|
||||||
|
*
|
||||||
|
* We pass the tag length to this function in order to compute the
|
||||||
|
* ciphertext length from the inner plaintext length rec->data_len via
|
||||||
|
*
|
||||||
|
* TLSCiphertext.length = TLSInnerPlaintext.length + taglen.
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
unsigned char *cur = add_data;
|
unsigned char *cur = add_data;
|
||||||
|
size_t ad_len_field = rec->data_len;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
|
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||||
|
{
|
||||||
|
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
|
||||||
|
* which differs from the length of the TLSInnerPlaintext
|
||||||
|
* by the length of the authentication tag. */
|
||||||
|
ad_len_field += taglen;
|
||||||
|
}
|
||||||
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
{
|
{
|
||||||
((void) minor_ver);
|
((void) minor_ver);
|
||||||
|
((void) taglen);
|
||||||
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
|
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
|
||||||
cur += sizeof( rec->ctr );
|
cur += sizeof( rec->ctr );
|
||||||
}
|
}
|
||||||
|
@ -431,15 +454,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
*cur = rec->cid_len;
|
*cur = rec->cid_len;
|
||||||
cur++;
|
cur++;
|
||||||
|
|
||||||
cur[0] = ( rec->data_len >> 8 ) & 0xFF;
|
MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
|
||||||
cur[1] = ( rec->data_len >> 0 ) & 0xFF;
|
|
||||||
cur += 2;
|
cur += 2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
{
|
{
|
||||||
cur[0] = ( rec->data_len >> 8 ) & 0xFF;
|
MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
|
||||||
cur[1] = ( rec->data_len >> 0 ) & 0xFF;
|
|
||||||
cur += 2;
|
cur += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -646,7 +667,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||||
|
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
|
|
||||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||||
add_data_len );
|
add_data_len );
|
||||||
|
@ -743,7 +765,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
* This depends on the TLS version.
|
* This depends on the TLS version.
|
||||||
*/
|
*/
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
|
||||||
iv, transform->ivlen );
|
iv, transform->ivlen );
|
||||||
|
@ -897,7 +920,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len,
|
ssl_extract_add_data_from_record( add_data, &add_data_len,
|
||||||
rec, transform->minor_ver );
|
rec, transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||||
|
@ -1304,7 +1328,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
* This depends on the TLS version.
|
* This depends on the TLS version.
|
||||||
*/
|
*/
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||||
add_data, add_data_len );
|
add_data, add_data_len );
|
||||||
|
|
||||||
|
@ -1414,7 +1439,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
* Further, we still know that data_len > minlen */
|
* Further, we still know that data_len > minlen */
|
||||||
rec->data_len -= transform->maclen;
|
rec->data_len -= transform->maclen;
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
|
|
||||||
/* Calculate expected MAC. */
|
/* Calculate expected MAC. */
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||||
|
@ -1606,7 +1632,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
*/
|
*/
|
||||||
rec->data_len -= transform->maclen;
|
rec->data_len -= transform->maclen;
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver,
|
||||||
|
transform->taglen );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/*
|
/*
|
||||||
|
@ -2226,13 +2253,13 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
||||||
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
|
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
|
||||||
memcpy( ssl->out_msg, cur->p, 6 );
|
memcpy( ssl->out_msg, cur->p, 6 );
|
||||||
|
|
||||||
ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
|
ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off );
|
||||||
ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff );
|
ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off );
|
||||||
ssl->out_msg[8] = ( ( frag_off ) & 0xff );
|
ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off );
|
||||||
|
|
||||||
ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
|
ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len );
|
||||||
ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff );
|
ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len );
|
||||||
ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff );
|
ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
|
||||||
|
|
||||||
|
@ -2360,7 +2387,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
||||||
* (including handshake headers but excluding record headers)
|
* (including handshake headers but excluding record headers)
|
||||||
* - ssl->out_msg: the record contents (handshake headers + content)
|
* - ssl->out_msg: the record contents (handshake headers + content)
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||||
|
int update_checksum )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
const size_t hs_len = ssl->out_msglen - 4;
|
const size_t hs_len = ssl->out_msglen - 4;
|
||||||
|
@ -2421,9 +2449,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
|
ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len );
|
||||||
ssl->out_msg[2] = (unsigned char)( hs_len >> 8 );
|
ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len );
|
||||||
ssl->out_msg[3] = (unsigned char)( hs_len );
|
ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* DTLS has additional fields in the Handshake layer,
|
* DTLS has additional fields in the Handshake layer,
|
||||||
|
@ -2451,8 +2479,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
/* Write message_seq and update it, except for HelloRequest */
|
/* Write message_seq and update it, except for HelloRequest */
|
||||||
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||||
{
|
{
|
||||||
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
|
MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 );
|
||||||
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
|
|
||||||
++( ssl->handshake->out_msg_seq );
|
++( ssl->handshake->out_msg_seq );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -2469,7 +2496,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
/* Update running hashes of handshake messages seen */
|
/* Update running hashes of handshake messages seen */
|
||||||
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
|
||||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2536,8 +2563,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
ssl->conf->transport, ssl->out_hdr + 1 );
|
ssl->conf->transport, ssl->out_hdr + 1 );
|
||||||
|
|
||||||
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
|
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
|
||||||
ssl->out_len[0] = (unsigned char)( len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
|
||||||
ssl->out_len[1] = (unsigned char)( len );
|
|
||||||
|
|
||||||
if( ssl->transform_out != NULL )
|
if( ssl->transform_out != NULL )
|
||||||
{
|
{
|
||||||
|
@ -2577,8 +2603,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
memcpy( ssl->out_cid, rec.cid, rec.cid_len );
|
memcpy( ssl->out_cid, rec.cid, rec.cid_len );
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
ssl->out_msglen = len = rec.data_len;
|
ssl->out_msglen = len = rec.data_len;
|
||||||
ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 );
|
||||||
ssl->out_len[1] = (unsigned char)( rec.data_len );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
||||||
|
@ -3150,12 +3175,11 @@ static int ssl_check_dtls_clihlo_cookie(
|
||||||
/* Go back and fill length fields */
|
/* Go back and fill length fields */
|
||||||
obuf[27] = (unsigned char)( *olen - 28 );
|
obuf[27] = (unsigned char)( *olen - 28 );
|
||||||
|
|
||||||
obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
|
obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 );
|
||||||
obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 );
|
obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
|
||||||
obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) );
|
obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
|
||||||
|
|
||||||
obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 );
|
MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 );
|
||||||
obuf[12] = (unsigned char)( ( *olen - 13 ) );
|
|
||||||
|
|
||||||
return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
|
return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
|
||||||
}
|
}
|
||||||
|
@ -4535,8 +4559,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_hdr[0] = rec.type;
|
ssl->in_hdr[0] = rec.type;
|
||||||
ssl->in_msg = rec.buf + rec.data_offset;
|
ssl->in_msg = rec.buf + rec.data_offset;
|
||||||
ssl->in_msglen = rec.data_len;
|
ssl->in_msglen = rec.data_len;
|
||||||
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 );
|
||||||
ssl->in_len[1] = (unsigned char)( rec.data_len );
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -1848,8 +1848,7 @@ read_record_header:
|
||||||
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
||||||
for( i = 0; ciphersuites[i] != 0; i++ )
|
for( i = 0; ciphersuites[i] != 0; i++ )
|
||||||
{
|
{
|
||||||
if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
|
if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
|
||||||
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
|
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
got_common_suite = 1;
|
got_common_suite = 1;
|
||||||
|
@ -1865,8 +1864,7 @@ read_record_header:
|
||||||
for( i = 0; ciphersuites[i] != 0; i++ )
|
for( i = 0; ciphersuites[i] != 0; i++ )
|
||||||
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
||||||
{
|
{
|
||||||
if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
|
if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
|
||||||
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
|
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
got_common_suite = 1;
|
got_common_suite = 1;
|
||||||
|
@ -1970,12 +1968,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
* opaque cid<0..2^8-1>;
|
* opaque cid<0..2^8-1>;
|
||||||
* } ConnectionId;
|
* } ConnectionId;
|
||||||
*/
|
*/
|
||||||
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
|
|
||||||
ext_len = (size_t) ssl->own_cid_len + 1;
|
ext_len = (size_t) ssl->own_cid_len + 1;
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (uint8_t) ssl->own_cid_len;
|
*p++ = (uint8_t) ssl->own_cid_len;
|
||||||
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||||
|
@ -2016,8 +2013,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
|
@ -2042,8 +2039,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
|
||||||
"extension" ) );
|
"extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
|
@ -2067,8 +2064,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
|
@ -2091,8 +2088,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||||
|
@ -2132,8 +2129,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 1;
|
*p++ = 1;
|
||||||
|
@ -2162,8 +2159,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 2;
|
*p++ = 2;
|
||||||
|
@ -2200,8 +2197,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||||
p + 2, end - p - 2, &kkpp_len,
|
p + 2, end - p - 2, &kkpp_len,
|
||||||
|
@ -2212,8 +2209,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*olen = kkpp_len + 4;
|
*olen = kkpp_len + 4;
|
||||||
}
|
}
|
||||||
|
@ -2238,18 +2235,15 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||||
* 6 . 6 protocol name length
|
* 6 . 6 protocol name length
|
||||||
* 7 . 7+n protocol name
|
* 7 . 7+n protocol name
|
||||||
*/
|
*/
|
||||||
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0);
|
||||||
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
|
|
||||||
|
|
||||||
*olen = 7 + strlen( ssl->alpn_chosen );
|
*olen = 7 + strlen( ssl->alpn_chosen );
|
||||||
|
|
||||||
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
|
||||||
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
|
|
||||||
|
|
||||||
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
|
||||||
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
|
|
||||||
|
|
||||||
buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF );
|
buf[6] = MBEDTLS_BYTE_0( *olen - 7 );
|
||||||
|
|
||||||
memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
|
memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
|
||||||
}
|
}
|
||||||
|
@ -2294,15 +2288,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* extension */
|
/* extension */
|
||||||
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 );
|
||||||
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );
|
|
||||||
/*
|
/*
|
||||||
* total length 5 and mki value: only one profile(2 bytes)
|
* total length 5 and mki value: only one profile(2 bytes)
|
||||||
* and length(2 bytes) and srtp_mki )
|
* and length(2 bytes) and srtp_mki )
|
||||||
*/
|
*/
|
||||||
ext_len = 5 + mki_len;
|
ext_len = 5 + mki_len;
|
||||||
buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 );
|
||||||
buf[3] = (unsigned char)( ext_len & 0xFF );
|
|
||||||
|
|
||||||
/* protection profile length: 2 */
|
/* protection profile length: 2 */
|
||||||
buf[4] = 0x00;
|
buf[4] = 0x00;
|
||||||
|
@ -2311,8 +2303,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||||
ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
|
ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
|
||||||
if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
|
if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
|
||||||
{
|
{
|
||||||
buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 );
|
||||||
buf[7] = (unsigned char)( profile_value & 0xFF );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2494,10 +2485,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
t = mbedtls_time( NULL );
|
t = mbedtls_time( NULL );
|
||||||
*p++ = (unsigned char)( t >> 24 );
|
MBEDTLS_PUT_UINT32_BE( t, p, 0 );
|
||||||
*p++ = (unsigned char)( t >> 16 );
|
p += 4;
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
|
||||||
*p++ = (unsigned char)( t );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
(long long) t ) );
|
(long long) t ) );
|
||||||
|
@ -2578,9 +2567,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
|
MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
|
||||||
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
|
p += 2;
|
||||||
*p++ = (unsigned char)( ssl->session_negotiate->compression );
|
*p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
||||||
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
||||||
|
@ -2648,9 +2637,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
p += 2 + ext_len;
|
||||||
p += ext_len;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
|
@ -2785,8 +2773,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
p[0] = (unsigned char)( sa_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
|
||||||
p[1] = (unsigned char)( sa_len );
|
|
||||||
sa_len += 2;
|
sa_len += 2;
|
||||||
p += sa_len;
|
p += sa_len;
|
||||||
}
|
}
|
||||||
|
@ -2826,8 +2813,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( dn_size >> 8 );
|
MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 );
|
||||||
*p++ = (unsigned char)( dn_size );
|
p += 2;
|
||||||
memcpy( p, crt->subject_raw.p, dn_size );
|
memcpy( p, crt->subject_raw.p, dn_size );
|
||||||
p += dn_size;
|
p += dn_size;
|
||||||
|
|
||||||
|
@ -2841,8 +2828,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
|
||||||
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
|
MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len );
|
||||||
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
|
|
||||||
|
|
||||||
ret = mbedtls_ssl_write_handshake_msg( ssl );
|
ret = mbedtls_ssl_write_handshake_msg( ssl );
|
||||||
|
|
||||||
|
@ -3320,8 +3306,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||||
if( signature_len != 0 )
|
if( signature_len != 0 )
|
||||||
{
|
{
|
||||||
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 );
|
ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len );
|
||||||
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len );
|
ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
|
MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
|
||||||
ssl->out_msg + ssl->out_msglen,
|
ssl->out_msg + ssl->out_msglen,
|
||||||
|
@ -3478,8 +3464,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
}
|
}
|
||||||
if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
|
if( *p++ != MBEDTLS_BYTE_1( len ) ||
|
||||||
*p++ != ( ( len ) & 0xFF ) )
|
*p++ != MBEDTLS_BYTE_0( len ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
@ -4223,14 +4209,8 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||||
tlen = 0;
|
tlen = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
|
MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 );
|
||||||
ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
|
MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 );
|
||||||
ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF;
|
|
||||||
ssl->out_msg[7] = ( lifetime ) & 0xFF;
|
|
||||||
|
|
||||||
ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
|
|
||||||
ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF );
|
|
||||||
|
|
||||||
ssl->out_msglen = 10 + tlen;
|
ssl->out_msglen = 10 + tlen;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -4258,23 +4238,8 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
|
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
|
||||||
return( ret );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
|
||||||
{
|
|
||||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
|
||||||
|
|
||||||
switch( ssl->state )
|
switch( ssl->state )
|
||||||
{
|
{
|
||||||
case MBEDTLS_SSL_HELLO_REQUEST:
|
case MBEDTLS_SSL_HELLO_REQUEST:
|
||||||
|
|
|
@ -245,8 +245,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
|
||||||
{
|
{
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
|
MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
|
||||||
state_len_bytes[1] = ( clear_len ) & 0xff;
|
|
||||||
|
|
||||||
/* Encrypt and authenticate */
|
/* Encrypt and authenticate */
|
||||||
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
|
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
|
||||||
|
|
|
@ -664,14 +664,14 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
|
||||||
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
||||||
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
||||||
*/
|
*/
|
||||||
static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
int ciphersuite,
|
int ciphersuite,
|
||||||
const unsigned char master[48],
|
const unsigned char master[48],
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
int encrypt_then_mac,
|
int encrypt_then_mac,
|
||||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
|
||||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||||
ssl_tls_prf_t tls_prf,
|
ssl_tls_prf_t tls_prf,
|
||||||
const unsigned char randbytes[64],
|
const unsigned char randbytes[64],
|
||||||
int minor_ver,
|
int minor_ver,
|
||||||
|
@ -713,6 +713,15 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
|
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||||
|
{
|
||||||
|
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
|
||||||
|
* generation separate. This should never happen. */
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get various info structures
|
* Get various info structures
|
||||||
*/
|
*/
|
||||||
|
@ -805,19 +814,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
* sequence number).
|
* sequence number).
|
||||||
*/
|
*/
|
||||||
transform->ivlen = 12;
|
transform->ivlen = 12;
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
|
||||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
|
||||||
{
|
|
||||||
transform->fixed_ivlen = 12;
|
transform->fixed_ivlen = 12;
|
||||||
}
|
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
transform->fixed_ivlen = 4;
|
||||||
{
|
|
||||||
if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
|
|
||||||
transform->fixed_ivlen = 12;
|
|
||||||
else
|
|
||||||
transform->fixed_ivlen = 4;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Minimum length of encrypted record */
|
/* Minimum length of encrypted record */
|
||||||
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
|
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
|
||||||
|
@ -1327,22 +1327,22 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Populate transform structure */
|
/* Populate transform structure */
|
||||||
ret = ssl_populate_transform( ssl->transform_negotiate,
|
ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
|
||||||
ssl->session_negotiate->ciphersuite,
|
ssl->session_negotiate->ciphersuite,
|
||||||
ssl->session_negotiate->master,
|
ssl->session_negotiate->master,
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
ssl->session_negotiate->encrypt_then_mac,
|
ssl->session_negotiate->encrypt_then_mac,
|
||||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
|
||||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||||
ssl->handshake->tls_prf,
|
ssl->handshake->tls_prf,
|
||||||
ssl->handshake->randbytes,
|
ssl->handshake->randbytes,
|
||||||
ssl->minor_ver,
|
ssl->minor_ver,
|
||||||
ssl->conf->endpoint,
|
ssl->conf->endpoint,
|
||||||
ssl );
|
ssl );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1487,8 +1487,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
||||||
if( end - p < 2 )
|
if( end - p < 2 )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
|
||||||
*(p++) = (unsigned char)( psk_len );
|
p += 2;
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < psk_len )
|
if( end < p || (size_t)( end - p ) < psk_len )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -1528,9 +1528,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
*(p++) = (unsigned char)( len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( len, p, 0 );
|
||||||
*(p++) = (unsigned char)( len );
|
p += 2 + len;
|
||||||
p += len;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
||||||
}
|
}
|
||||||
|
@ -1550,9 +1549,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
*(p++) = (unsigned char)( zlen >> 8 );
|
MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
|
||||||
*(p++) = (unsigned char)( zlen );
|
p += 2 + zlen;
|
||||||
p += zlen;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||||
MBEDTLS_DEBUG_ECDH_Z );
|
MBEDTLS_DEBUG_ECDH_Z );
|
||||||
|
@ -1568,8 +1566,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
||||||
if( end - p < 2 )
|
if( end - p < 2 )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
|
||||||
*(p++) = (unsigned char)( psk_len );
|
p += 2;
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < psk_len )
|
if( end < p || (size_t)( end - p ) < psk_len )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -1746,17 +1744,17 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[i ] = (unsigned char)( n >> 16 );
|
ssl->out_msg[i ] = MBEDTLS_BYTE_2( n );
|
||||||
ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
|
||||||
ssl->out_msg[i + 2] = (unsigned char)( n );
|
ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
|
||||||
|
|
||||||
i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
|
i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
|
||||||
i += n; crt = crt->next;
|
i += n; crt = crt->next;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
|
ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 );
|
||||||
ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
|
ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 );
|
||||||
ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
|
ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 );
|
||||||
|
|
||||||
ssl->out_msglen = i;
|
ssl->out_msglen = i;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
|
@ -3142,6 +3140,53 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
|
||||||
memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
|
memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||||
|
{
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ssl_conf_check(const mbedtls_ssl_context *ssl)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
ret = ssl_conf_version_check( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
/* Space for further checks */
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Setup an SSL context
|
* Setup an SSL context
|
||||||
*/
|
*/
|
||||||
|
@ -3155,6 +3200,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
ssl->conf = conf;
|
ssl->conf = conf;
|
||||||
|
|
||||||
|
if( ( ret = ssl_conf_check( ssl ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare base structures
|
* Prepare base structures
|
||||||
*/
|
*/
|
||||||
|
@ -3230,9 +3278,9 @@ error:
|
||||||
* If partial is non-zero, keep data in the input buffer and client ID.
|
* If partial is non-zero, keep data in the input buffer and client ID.
|
||||||
* (Use when a DTLS client reconnects from the same port.)
|
* (Use when a DTLS client reconnects from the same port.)
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
|
||||||
|
int partial )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||||
size_t in_buf_len = ssl->in_buf_len;
|
size_t in_buf_len = ssl->in_buf_len;
|
||||||
size_t out_buf_len = ssl->out_buf_len;
|
size_t out_buf_len = ssl->out_buf_len;
|
||||||
|
@ -3241,16 +3289,65 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
||||||
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \
|
#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C)
|
||||||
!defined(MBEDTLS_SSL_SRV_C)
|
partial = 0;
|
||||||
((void) partial);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
|
||||||
|
|
||||||
/* Cancel any possibly running timer */
|
/* Cancel any possibly running timer */
|
||||||
mbedtls_ssl_set_timer( ssl, 0 );
|
mbedtls_ssl_set_timer( ssl, 0 );
|
||||||
|
|
||||||
|
mbedtls_ssl_reset_in_out_pointers( ssl );
|
||||||
|
|
||||||
|
/* Reset incoming message parsing */
|
||||||
|
ssl->in_offt = NULL;
|
||||||
|
ssl->nb_zero = 0;
|
||||||
|
ssl->in_msgtype = 0;
|
||||||
|
ssl->in_msglen = 0;
|
||||||
|
ssl->in_hslen = 0;
|
||||||
|
ssl->keep_current_message = 0;
|
||||||
|
ssl->transform_in = NULL;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
ssl->next_record_offset = 0;
|
||||||
|
ssl->in_epoch = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Keep current datagram if partial == 1 */
|
||||||
|
if( partial == 0 )
|
||||||
|
{
|
||||||
|
ssl->in_left = 0;
|
||||||
|
memset( ssl->in_buf, 0, in_buf_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Reset outgoing message writing */
|
||||||
|
ssl->out_msgtype = 0;
|
||||||
|
ssl->out_msglen = 0;
|
||||||
|
ssl->out_left = 0;
|
||||||
|
memset( ssl->out_buf, 0, out_buf_len );
|
||||||
|
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
|
||||||
|
ssl->transform_out = NULL;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
|
mbedtls_ssl_dtls_replay_reset( ssl );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if( ssl->transform )
|
||||||
|
{
|
||||||
|
mbedtls_ssl_transform_free( ssl->transform );
|
||||||
|
mbedtls_free( ssl->transform );
|
||||||
|
ssl->transform = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
||||||
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
|
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
||||||
|
|
||||||
|
ssl_session_reset_msg_layer( ssl, partial );
|
||||||
|
|
||||||
|
/* Reset renegotiation state */
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
|
ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
|
||||||
ssl->renego_records_seen = 0;
|
ssl->renego_records_seen = 0;
|
||||||
|
@ -3261,53 +3358,8 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
||||||
#endif
|
#endif
|
||||||
ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
|
ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
|
||||||
|
|
||||||
ssl->in_offt = NULL;
|
ssl->session_in = NULL;
|
||||||
mbedtls_ssl_reset_in_out_pointers( ssl );
|
|
||||||
|
|
||||||
ssl->in_msgtype = 0;
|
|
||||||
ssl->in_msglen = 0;
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
ssl->next_record_offset = 0;
|
|
||||||
ssl->in_epoch = 0;
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
|
||||||
mbedtls_ssl_dtls_replay_reset( ssl );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
ssl->in_hslen = 0;
|
|
||||||
ssl->nb_zero = 0;
|
|
||||||
|
|
||||||
ssl->keep_current_message = 0;
|
|
||||||
|
|
||||||
ssl->out_msgtype = 0;
|
|
||||||
ssl->out_msglen = 0;
|
|
||||||
ssl->out_left = 0;
|
|
||||||
|
|
||||||
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
|
|
||||||
|
|
||||||
ssl->transform_in = NULL;
|
|
||||||
ssl->transform_out = NULL;
|
|
||||||
|
|
||||||
ssl->session_in = NULL;
|
|
||||||
ssl->session_out = NULL;
|
ssl->session_out = NULL;
|
||||||
|
|
||||||
memset( ssl->out_buf, 0, out_buf_len );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
if( partial == 0 )
|
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
|
|
||||||
{
|
|
||||||
ssl->in_left = 0;
|
|
||||||
memset( ssl->in_buf, 0, in_buf_len );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ssl->transform )
|
|
||||||
{
|
|
||||||
mbedtls_ssl_transform_free( ssl->transform );
|
|
||||||
mbedtls_free( ssl->transform );
|
|
||||||
ssl->transform = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ssl->session )
|
if( ssl->session )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_session_free( ssl->session );
|
mbedtls_ssl_session_free( ssl->session );
|
||||||
|
@ -3883,6 +3935,15 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||||
{
|
{
|
||||||
conf->sig_hashes = hashes;
|
conf->sig_hashes = hashes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
/* Configure allowed signature algorithms for use in TLS 1.3 */
|
||||||
|
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||||
|
const uint16_t* sig_algs )
|
||||||
|
{
|
||||||
|
conf->tls13_sig_algs = sig_algs;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
@ -4519,8 +4580,8 @@ static unsigned char ssl_serialized_session_header[] = {
|
||||||
MBEDTLS_VERSION_MAJOR,
|
MBEDTLS_VERSION_MAJOR,
|
||||||
MBEDTLS_VERSION_MINOR,
|
MBEDTLS_VERSION_MINOR,
|
||||||
MBEDTLS_VERSION_PATCH,
|
MBEDTLS_VERSION_PATCH,
|
||||||
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
|
MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
|
||||||
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
|
MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -4601,14 +4662,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
{
|
{
|
||||||
start = (uint64_t) session->start;
|
start = (uint64_t) session->start;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( start >> 56 ) & 0xFF );
|
MBEDTLS_PUT_UINT64_BE( start, p, 0 );
|
||||||
*p++ = (unsigned char)( ( start >> 48 ) & 0xFF );
|
p += 8;
|
||||||
*p++ = (unsigned char)( ( start >> 40 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( start >> 32 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( start >> 24 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( start >> 16 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( start >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( start ) & 0xFF );
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_HAVE_TIME */
|
#endif /* MBEDTLS_HAVE_TIME */
|
||||||
|
|
||||||
|
@ -4624,22 +4679,20 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
|
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
|
||||||
*p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF );
|
p += 2;
|
||||||
|
|
||||||
*p++ = (unsigned char)( session->compression & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( session->compression );
|
||||||
|
|
||||||
*p++ = (unsigned char)( session->id_len & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( session->id_len );
|
||||||
memcpy( p, session->id, 32 );
|
memcpy( p, session->id, 32 );
|
||||||
p += 32;
|
p += 32;
|
||||||
|
|
||||||
memcpy( p, session->master, 48 );
|
memcpy( p, session->master, 48 );
|
||||||
p += 48;
|
p += 48;
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
|
||||||
*p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF );
|
p += 4;
|
||||||
*p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( session->verify_result ) & 0xFF );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -4656,9 +4709,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
|
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_2( cert_len );
|
||||||
*p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_1( cert_len );
|
||||||
*p++ = (unsigned char)( ( cert_len ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( cert_len );
|
||||||
|
|
||||||
if( session->peer_cert != NULL )
|
if( session->peer_cert != NULL )
|
||||||
{
|
{
|
||||||
|
@ -4699,9 +4752,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
|
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_2( session->ticket_len );
|
||||||
*p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_1( session->ticket_len );
|
||||||
*p++ = (unsigned char)( ( session->ticket_len ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( session->ticket_len );
|
||||||
|
|
||||||
if( session->ticket != NULL )
|
if( session->ticket != NULL )
|
||||||
{
|
{
|
||||||
|
@ -4709,10 +4762,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
p += session->ticket_len;
|
p += session->ticket_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
|
||||||
*p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF );
|
p += 4;
|
||||||
*p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF );
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
@ -4730,7 +4781,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
|
||||||
used += 1;
|
used += 1;
|
||||||
|
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
*p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return( used );
|
return( used );
|
||||||
|
@ -5076,20 +5127,68 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
|
||||||
/*
|
/*
|
||||||
* Perform a single step of the SSL handshake
|
* Perform a single step of the SSL handshake
|
||||||
*/
|
*/
|
||||||
|
static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
|
{
|
||||||
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
if( ssl == NULL || ssl->conf == NULL )
|
if( ssl == NULL ||
|
||||||
|
ssl->conf == NULL ||
|
||||||
|
ssl->handshake == NULL ||
|
||||||
|
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = ssl_prepare_handshake_step( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
ret = mbedtls_ssl_handshake_client_step( ssl );
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||||
|
ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
|
||||||
|
ret = mbedtls_ssl_handshake_client_step( ssl );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
ret = mbedtls_ssl_handshake_server_step( ssl );
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||||
|
ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
|
||||||
|
ret = mbedtls_ssl_handshake_server_step( ssl );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -5393,6 +5492,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
|
handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
|
||||||
mbedtls_ssl_get_output_buflen( ssl ) );
|
mbedtls_ssl_get_output_buflen( ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
mbedtls_free( handshake->transform_earlydata );
|
||||||
|
mbedtls_free( handshake->transform_handshake );
|
||||||
|
handshake->transform_earlydata = NULL;
|
||||||
|
handshake->transform_handshake = NULL;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
||||||
|
@ -5450,11 +5556,11 @@ static unsigned char ssl_serialized_context_header[] = {
|
||||||
MBEDTLS_VERSION_MAJOR,
|
MBEDTLS_VERSION_MAJOR,
|
||||||
MBEDTLS_VERSION_MINOR,
|
MBEDTLS_VERSION_MINOR,
|
||||||
MBEDTLS_VERSION_PATCH,
|
MBEDTLS_VERSION_PATCH,
|
||||||
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
|
MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
|
||||||
( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
|
MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
|
||||||
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF,
|
MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
|
||||||
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8 ) & 0xFF,
|
MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
|
||||||
( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0 ) & 0xFF,
|
MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -5595,10 +5701,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
||||||
used += 4 + session_len;
|
used += 4 + session_len;
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
|
||||||
*p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF );
|
p += 4;
|
||||||
*p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( session_len ) & 0xFF );
|
|
||||||
|
|
||||||
ret = ssl_session_save( ssl->session, 1,
|
ret = ssl_session_save( ssl->session, 1,
|
||||||
p, session_len, &session_len );
|
p, session_len, &session_len );
|
||||||
|
@ -5639,33 +5743,19 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
||||||
used += 4;
|
used += 4;
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF );
|
MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF );
|
p += 4;
|
||||||
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
used += 16;
|
used += 16;
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF );
|
MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF );
|
p += 8;
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window_top ) & 0xFF );
|
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF );
|
MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF );
|
p += 8;
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window >> 8 ) & 0xFF );
|
|
||||||
*p++ = (unsigned char)( ( ssl->in_window ) & 0xFF );
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||||
|
|
||||||
|
@ -5688,8 +5778,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
||||||
used += 2;
|
used += 2;
|
||||||
if( used <= buf_len )
|
if( used <= buf_len )
|
||||||
{
|
{
|
||||||
*p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF );
|
MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
|
||||||
*p++ = (unsigned char)( ( ssl->mtu ) & 0xFF );
|
p += 2;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
@ -5853,14 +5943,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||||
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
|
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
ret = ssl_populate_transform( ssl->transform,
|
ret = ssl_tls12_populate_transform( ssl->transform,
|
||||||
ssl->session->ciphersuite,
|
ssl->session->ciphersuite,
|
||||||
ssl->session->master,
|
ssl->session->master,
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
ssl->session->encrypt_then_mac,
|
ssl->session->encrypt_then_mac,
|
||||||
#endif
|
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
|
||||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||||
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
|
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
|
||||||
p, /* currently pointing to randbytes */
|
p, /* currently pointing to randbytes */
|
||||||
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
|
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
|
||||||
|
@ -6091,6 +6181,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_free( ssl->session_negotiate );
|
mbedtls_free( ssl->session_negotiate );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
mbedtls_ssl_transform_free( ssl->transform_application );
|
||||||
|
mbedtls_free( ssl->transform_application );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
if( ssl->session )
|
if( ssl->session )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_session_free( ssl->session );
|
mbedtls_ssl_session_free( ssl->session );
|
||||||
|
@ -6191,6 +6286,37 @@ static int ssl_preset_suiteb_hashes[] = {
|
||||||
MBEDTLS_MD_SHA384,
|
MBEDTLS_MD_SHA384,
|
||||||
MBEDTLS_MD_NONE
|
MBEDTLS_MD_NONE
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
static uint16_t ssl_preset_default_sig_algs[] = {
|
||||||
|
/* ECDSA algorithms */
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
|
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
|
||||||
|
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||||
|
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||||
|
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
|
||||||
|
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
|
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||||
|
MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
|
||||||
|
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||||
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
MBEDTLS_TLS13_SIG_NONE
|
||||||
|
};
|
||||||
|
|
||||||
|
static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||||
|
/* ECDSA algorithms */
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
|
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
|
||||||
|
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||||
|
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||||
|
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
|
||||||
|
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
MBEDTLS_TLS13_SIG_NONE
|
||||||
|
};
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
@ -6305,6 +6431,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
@ -6339,7 +6468,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
conf->sig_hashes = ssl_preset_default_hashes;
|
conf->sig_hashes = ssl_preset_default_hashes;
|
||||||
#endif
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
conf->tls13_sig_algs = ssl_preset_default_sig_algs;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
conf->curve_list = ssl_preset_default_curves;
|
conf->curve_list = ssl_preset_default_curves;
|
||||||
|
|
38
library/ssl_tls13_client.c
Normal file
38
library/ssl_tls13_client.c
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
/*
|
||||||
|
* TLS 1.3 client-side functions
|
||||||
|
*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*
|
||||||
|
* This file is part of mbed TLS ( https://tls.mbed.org )
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
|
||||||
|
#include "ssl_misc.h"
|
||||||
|
|
||||||
|
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
((void) ssl);
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
|
@ -113,17 +113,17 @@ static void ssl_tls1_3_hkdf_encode_label(
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
*p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( desired_length );
|
||||||
|
|
||||||
/* Add label incl. prefix */
|
/* Add label incl. prefix */
|
||||||
*p++ = (unsigned char)( total_label_len & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( total_label_len );
|
||||||
memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
|
memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
|
||||||
p += sizeof(tls1_3_label_prefix);
|
p += sizeof(tls1_3_label_prefix);
|
||||||
memcpy( p, label, llen );
|
memcpy( p, label, llen );
|
||||||
p += llen;
|
p += llen;
|
||||||
|
|
||||||
/* Add context value */
|
/* Add context value */
|
||||||
*p++ = (unsigned char)( clen & 0xFF );
|
*p++ = MBEDTLS_BYTE_0( clen );
|
||||||
if( clen != 0 )
|
if( clen != 0 )
|
||||||
memcpy( p, ctx, clen );
|
memcpy( p, ctx, clen );
|
||||||
|
|
||||||
|
@ -699,4 +699,125 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
|
int endpoint,
|
||||||
|
int ciphersuite,
|
||||||
|
mbedtls_ssl_key_set const *traffic_keys,
|
||||||
|
mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
mbedtls_cipher_info_t const *cipher_info;
|
||||||
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||||
|
unsigned char const *key_enc;
|
||||||
|
unsigned char const *iv_enc;
|
||||||
|
unsigned char const *key_dec;
|
||||||
|
unsigned char const *iv_dec;
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEBUG_C)
|
||||||
|
ssl = NULL; /* make sure we don't use it except for those cases */
|
||||||
|
(void) ssl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
|
||||||
|
if( ciphersuite_info == NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
|
||||||
|
ciphersuite ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
||||||
|
if( cipher_info == NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
|
||||||
|
ciphersuite_info->cipher ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Setup cipher contexts in target transform
|
||||||
|
*/
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
|
||||||
|
cipher_info ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
|
||||||
|
cipher_info ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
if( endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
|
{
|
||||||
|
key_enc = traffic_keys->server_write_key;
|
||||||
|
key_dec = traffic_keys->client_write_key;
|
||||||
|
iv_enc = traffic_keys->server_write_iv;
|
||||||
|
iv_dec = traffic_keys->client_write_iv;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
|
{
|
||||||
|
key_enc = traffic_keys->client_write_key;
|
||||||
|
key_dec = traffic_keys->server_write_key;
|
||||||
|
iv_enc = traffic_keys->client_write_iv;
|
||||||
|
iv_dec = traffic_keys->server_write_iv;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
{
|
||||||
|
/* should not happen */
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
|
||||||
|
memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
|
||||||
|
key_enc, cipher_info->key_bitlen,
|
||||||
|
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec,
|
||||||
|
key_dec, cipher_info->key_bitlen,
|
||||||
|
MBEDTLS_DECRYPT ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Setup other fields in SSL transform
|
||||||
|
*/
|
||||||
|
|
||||||
|
if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
|
||||||
|
transform->taglen = 8;
|
||||||
|
else
|
||||||
|
transform->taglen = 16;
|
||||||
|
|
||||||
|
transform->ivlen = traffic_keys->iv_len;
|
||||||
|
transform->maclen = 0;
|
||||||
|
transform->fixed_ivlen = transform->ivlen;
|
||||||
|
transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
|
||||||
|
/* We add the true record content type (1 Byte) to the plaintext and
|
||||||
|
* then pad to the configured granularity. The mimimum length of the
|
||||||
|
* type-extended and padded plaintext is therefore the padding
|
||||||
|
* granularity. */
|
||||||
|
transform->minlen =
|
||||||
|
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
|
@ -498,4 +498,37 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
|
||||||
unsigned char const *transcript,
|
unsigned char const *transcript,
|
||||||
unsigned char *result );
|
unsigned char *result );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \bref Setup an SSL transform structure representing the
|
||||||
|
* record protection mechanism used by TLS 1.3
|
||||||
|
*
|
||||||
|
* \param transform The SSL transform structure to be created. This must have
|
||||||
|
* been initialized through mbedtls_ssl_transform_init() and
|
||||||
|
* not used in any other way prior to calling this function.
|
||||||
|
* In particular, this function does not clean up the
|
||||||
|
* transform structure prior to installing the new keys.
|
||||||
|
* \param endpoint Indicates whether the transform is for the client
|
||||||
|
* (value #MBEDTLS_SSL_IS_CLIENT) or the server
|
||||||
|
* (value #MBEDTLS_SSL_IS_SERVER).
|
||||||
|
* \param ciphersuite The numerical identifier for the ciphersuite to use.
|
||||||
|
* This must be one of the identifiers listed in
|
||||||
|
* ssl_ciphersuites.h.
|
||||||
|
* \param traffic_keys The key material to use. No reference is stored in
|
||||||
|
* the SSL transform being generated, and the caller
|
||||||
|
* should destroy the key material afterwards.
|
||||||
|
* \param ssl (Debug-only) The SSL context to use for debug output
|
||||||
|
* in case of failure. This parameter is only needed if
|
||||||
|
* #MBEDTLS_DEBUG_C is set, and is ignored otherwise.
|
||||||
|
*
|
||||||
|
* \return \c 0 on success. In this case, \p transform is ready to
|
||||||
|
* be used with mbedtls_ssl_transform_decrypt() and
|
||||||
|
* mbedtls_ssl_transform_encrypt().
|
||||||
|
* \return A negative error code on failure.
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
|
int endpoint,
|
||||||
|
int ciphersuite,
|
||||||
|
mbedtls_ssl_key_set const *traffic_keys,
|
||||||
|
mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
|
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
|
||||||
|
|
36
library/ssl_tls13_server.c
Normal file
36
library/ssl_tls13_server.c
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
/*
|
||||||
|
* TLS 1.3 server-side functions
|
||||||
|
*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
|
||||||
|
#include "ssl_misc.h"
|
||||||
|
|
||||||
|
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
((void) ssl);
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
|
@ -251,8 +251,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
|
||||||
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
c = buf + 5;
|
c = buf + 5;
|
||||||
ku[0] = (unsigned char)( key_usage );
|
MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 );
|
||||||
ku[1] = (unsigned char)( key_usage >> 8 );
|
|
||||||
ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
|
ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
|
||||||
|
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
|
|
|
@ -88,6 +88,7 @@ int main( void )
|
||||||
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
|
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
|
||||||
#define DFL_ALPN_STRING NULL
|
#define DFL_ALPN_STRING NULL
|
||||||
#define DFL_CURVES NULL
|
#define DFL_CURVES NULL
|
||||||
|
#define DFL_SIG_ALGS NULL
|
||||||
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
||||||
#define DFL_HS_TO_MIN 0
|
#define DFL_HS_TO_MIN 0
|
||||||
#define DFL_HS_TO_MAX 0
|
#define DFL_HS_TO_MAX 0
|
||||||
|
@ -269,6 +270,15 @@ int main( void )
|
||||||
#define USAGE_CURVES ""
|
#define USAGE_CURVES ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
#define USAGE_SIG_ALGS \
|
||||||
|
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||||
|
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
||||||
|
#else
|
||||||
|
#define USAGE_SIG_ALGS ""
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
#define USAGE_DTLS \
|
#define USAGE_DTLS \
|
||||||
" dtls=%%d default: 0 (TLS)\n" \
|
" dtls=%%d default: 0 (TLS)\n" \
|
||||||
|
@ -393,15 +403,23 @@ int main( void )
|
||||||
USAGE_ETM \
|
USAGE_ETM \
|
||||||
USAGE_REPRODUCIBLE \
|
USAGE_REPRODUCIBLE \
|
||||||
USAGE_CURVES \
|
USAGE_CURVES \
|
||||||
|
USAGE_SIG_ALGS \
|
||||||
USAGE_DHMLEN \
|
USAGE_DHMLEN \
|
||||||
"\n"
|
"\n"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
|
||||||
|
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
#define TLS1_3_VERSION_OPTIONS ""
|
||||||
|
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
#define USAGE4 \
|
#define USAGE4 \
|
||||||
" allow_sha1=%%d default: 0\n" \
|
" allow_sha1=%%d default: 0\n" \
|
||||||
" min_version=%%s default: (library default: tls1_2)\n" \
|
" min_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
" options: tls1_2, dtls1_2\n" \
|
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
|
||||||
"\n" \
|
"\n\n" \
|
||||||
" force_ciphersuite=<name> default: all enabled\n"\
|
" force_ciphersuite=<name> default: all enabled\n"\
|
||||||
" query_config=<name> return 0 if the specified\n" \
|
" query_config=<name> return 0 if the specified\n" \
|
||||||
" configuration macro is defined and 1\n" \
|
" configuration macro is defined and 1\n" \
|
||||||
|
@ -410,9 +428,9 @@ int main( void )
|
||||||
USAGE_SERIALIZATION \
|
USAGE_SERIALIZATION \
|
||||||
" acceptable ciphersuite names:\n"
|
" acceptable ciphersuite names:\n"
|
||||||
|
|
||||||
#define ALPN_LIST_SIZE 10
|
#define ALPN_LIST_SIZE 10
|
||||||
#define CURVE_LIST_SIZE 20
|
#define CURVE_LIST_SIZE 20
|
||||||
|
#define SIG_ALG_LIST_SIZE 5
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* global options
|
* global options
|
||||||
|
@ -465,6 +483,7 @@ struct options
|
||||||
int reconnect_hard; /* unexpectedly reconnect from the same port */
|
int reconnect_hard; /* unexpectedly reconnect from the same port */
|
||||||
int tickets; /* enable / disable session tickets */
|
int tickets; /* enable / disable session tickets */
|
||||||
const char *curves; /* list of supported elliptic curves */
|
const char *curves; /* list of supported elliptic curves */
|
||||||
|
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
|
||||||
const char *alpn_string; /* ALPN supported protocols */
|
const char *alpn_string; /* ALPN supported protocols */
|
||||||
int transport; /* TLS or DTLS? */
|
int transport; /* TLS or DTLS? */
|
||||||
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
||||||
|
@ -624,6 +643,12 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_net_context server_fd;
|
mbedtls_net_context server_fd;
|
||||||
io_ctx_t io_ctx;
|
io_ctx_t io_ctx;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
|
@ -826,6 +851,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.tickets = DFL_TICKETS;
|
opt.tickets = DFL_TICKETS;
|
||||||
opt.alpn_string = DFL_ALPN_STRING;
|
opt.alpn_string = DFL_ALPN_STRING;
|
||||||
opt.curves = DFL_CURVES;
|
opt.curves = DFL_CURVES;
|
||||||
|
opt.sig_algs = DFL_SIG_ALGS;
|
||||||
opt.transport = DFL_TRANSPORT;
|
opt.transport = DFL_TRANSPORT;
|
||||||
opt.hs_to_min = DFL_HS_TO_MIN;
|
opt.hs_to_min = DFL_HS_TO_MIN;
|
||||||
opt.hs_to_max = DFL_HS_TO_MAX;
|
opt.hs_to_max = DFL_HS_TO_MAX;
|
||||||
|
@ -1056,6 +1082,12 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "curves" ) == 0 )
|
else if( strcmp( p, "curves" ) == 0 )
|
||||||
opt.curves = q;
|
opt.curves = q;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||||
|
opt.sig_algs = q;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
else if( strcmp( p, "etm" ) == 0 )
|
else if( strcmp( p, "etm" ) == 0 )
|
||||||
{
|
{
|
||||||
switch( atoi( q ) )
|
switch( atoi( q ) )
|
||||||
|
@ -1070,6 +1102,10 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||||
strcmp( q, "dtls1_2" ) == 0 )
|
strcmp( q, "dtls1_2" ) == 0 )
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -1078,6 +1114,10 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||||
strcmp( q, "dtls1_2" ) == 0 )
|
strcmp( q, "dtls1_2" ) == 0 )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -1103,6 +1143,13 @@ int main( int argc, char *argv[] )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -1428,6 +1475,60 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
if( opt.sig_algs != NULL )
|
||||||
|
{
|
||||||
|
p = (char *) opt.sig_algs;
|
||||||
|
i = 0;
|
||||||
|
|
||||||
|
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
|
||||||
|
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
|
||||||
|
{
|
||||||
|
q = p;
|
||||||
|
|
||||||
|
/* Terminate the current string */
|
||||||
|
while( *p != ',' && *p != '\0' )
|
||||||
|
p++;
|
||||||
|
if( *p == ',' )
|
||||||
|
*p++ = '\0';
|
||||||
|
|
||||||
|
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
|
||||||
|
}
|
||||||
|
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
|
||||||
|
}
|
||||||
|
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
mbedtls_printf( "unknown signature algorithm %s\n", q );
|
||||||
|
mbedtls_printf( "supported signature algorithms: " );
|
||||||
|
mbedtls_printf( "ecdsa_secp256r1_sha256 " );
|
||||||
|
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
|
||||||
|
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
|
||||||
|
mbedtls_printf( "\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "signature algorithm list too long, maximum %d",
|
||||||
|
SIG_ALG_LIST_SIZE - 1 );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
if( opt.alpn_string != NULL )
|
if( opt.alpn_string != NULL )
|
||||||
{
|
{
|
||||||
|
@ -1570,41 +1671,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2. Start the connection
|
* 2. Setup stuff
|
||||||
*/
|
|
||||||
if( opt.server_addr == NULL)
|
|
||||||
opt.server_addr = opt.server_name;
|
|
||||||
|
|
||||||
mbedtls_printf( " . Connecting to %s/%s/%s...",
|
|
||||||
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
|
|
||||||
opt.server_addr, opt.server_port );
|
|
||||||
fflush( stdout );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_net_connect( &server_fd,
|
|
||||||
opt.server_addr, opt.server_port,
|
|
||||||
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
|
|
||||||
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
|
|
||||||
(unsigned int) -ret );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( opt.nbio > 0 )
|
|
||||||
ret = mbedtls_net_set_nonblock( &server_fd );
|
|
||||||
else
|
|
||||||
ret = mbedtls_net_set_block( &server_fd );
|
|
||||||
if( ret != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
|
|
||||||
(unsigned int) -ret );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* 3. Setup stuff
|
|
||||||
*/
|
*/
|
||||||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
@ -1797,6 +1864,11 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( opt.sig_algs != NULL )
|
||||||
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
|
@ -1956,6 +2028,40 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 3. Start the connection
|
||||||
|
*/
|
||||||
|
if( opt.server_addr == NULL)
|
||||||
|
opt.server_addr = opt.server_name;
|
||||||
|
|
||||||
|
mbedtls_printf( " . Connecting to %s/%s/%s...",
|
||||||
|
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
|
||||||
|
opt.server_addr, opt.server_port );
|
||||||
|
fflush( stdout );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_net_connect( &server_fd,
|
||||||
|
opt.server_addr, opt.server_port,
|
||||||
|
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
|
||||||
|
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
|
||||||
|
(unsigned int) -ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( opt.nbio > 0 )
|
||||||
|
ret = mbedtls_net_set_nonblock( &server_fd );
|
||||||
|
else
|
||||||
|
ret = mbedtls_net_set_block( &server_fd );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
|
||||||
|
(unsigned int) -ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 4. Handshake
|
* 4. Handshake
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -119,6 +119,7 @@ int main( void )
|
||||||
#define DFL_SNI NULL
|
#define DFL_SNI NULL
|
||||||
#define DFL_ALPN_STRING NULL
|
#define DFL_ALPN_STRING NULL
|
||||||
#define DFL_CURVES NULL
|
#define DFL_CURVES NULL
|
||||||
|
#define DFL_SIG_ALGS NULL
|
||||||
#define DFL_DHM_FILE NULL
|
#define DFL_DHM_FILE NULL
|
||||||
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
||||||
#define DFL_COOKIES 1
|
#define DFL_COOKIES 1
|
||||||
|
@ -418,6 +419,15 @@ int main( void )
|
||||||
#define USAGE_CURVES ""
|
#define USAGE_CURVES ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
#define USAGE_SIG_ALGS \
|
||||||
|
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||||
|
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
||||||
|
#else
|
||||||
|
#define USAGE_SIG_ALGS ""
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
#define USAGE_SERIALIZATION \
|
#define USAGE_SERIALIZATION \
|
||||||
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
||||||
|
@ -484,7 +494,15 @@ int main( void )
|
||||||
USAGE_EMS \
|
USAGE_EMS \
|
||||||
USAGE_ETM \
|
USAGE_ETM \
|
||||||
USAGE_CURVES \
|
USAGE_CURVES \
|
||||||
|
USAGE_SIG_ALGS \
|
||||||
"\n"
|
"\n"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
|
||||||
|
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
#define TLS1_3_VERSION_OPTIONS ""
|
||||||
|
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
#define USAGE4 \
|
#define USAGE4 \
|
||||||
USAGE_SSL_ASYNC \
|
USAGE_SSL_ASYNC \
|
||||||
USAGE_SNI \
|
USAGE_SNI \
|
||||||
|
@ -492,8 +510,8 @@ int main( void )
|
||||||
" min_version=%%s default: (library default: tls1_2)\n" \
|
" min_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
" options: tls1_2, dtls1_2\n" \
|
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
|
||||||
"\n" \
|
"\n\n" \
|
||||||
" force_ciphersuite=<name> default: all enabled\n" \
|
" force_ciphersuite=<name> default: all enabled\n" \
|
||||||
" query_config=<name> return 0 if the specified\n" \
|
" query_config=<name> return 0 if the specified\n" \
|
||||||
" configuration macro is defined and 1\n" \
|
" configuration macro is defined and 1\n" \
|
||||||
|
@ -502,8 +520,9 @@ int main( void )
|
||||||
USAGE_SERIALIZATION \
|
USAGE_SERIALIZATION \
|
||||||
" acceptable ciphersuite names:\n"
|
" acceptable ciphersuite names:\n"
|
||||||
|
|
||||||
#define ALPN_LIST_SIZE 10
|
#define ALPN_LIST_SIZE 10
|
||||||
#define CURVE_LIST_SIZE 20
|
#define CURVE_LIST_SIZE 20
|
||||||
|
#define SIG_ALG_LIST_SIZE 5
|
||||||
|
|
||||||
#define PUT_UINT64_BE(out_be,in_le,i) \
|
#define PUT_UINT64_BE(out_be,in_le,i) \
|
||||||
{ \
|
{ \
|
||||||
|
@ -576,6 +595,7 @@ struct options
|
||||||
int cache_timeout; /* expiration delay of session cache entries */
|
int cache_timeout; /* expiration delay of session cache entries */
|
||||||
char *sni; /* string describing sni information */
|
char *sni; /* string describing sni information */
|
||||||
const char *curves; /* list of supported elliptic curves */
|
const char *curves; /* list of supported elliptic curves */
|
||||||
|
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
|
||||||
const char *alpn_string; /* ALPN supported protocols */
|
const char *alpn_string; /* ALPN supported protocols */
|
||||||
const char *dhm_file; /* the file with the DH parameters */
|
const char *dhm_file; /* the file with the DH parameters */
|
||||||
int extended_ms; /* allow negotiation of extended MS? */
|
int extended_ms; /* allow negotiation of extended MS? */
|
||||||
|
@ -1319,6 +1339,12 @@ int main( int argc, char *argv[] )
|
||||||
size_t context_buf_len = 0;
|
size_t context_buf_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
const int *list;
|
const int *list;
|
||||||
|
@ -1491,6 +1517,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.sni = DFL_SNI;
|
opt.sni = DFL_SNI;
|
||||||
opt.alpn_string = DFL_ALPN_STRING;
|
opt.alpn_string = DFL_ALPN_STRING;
|
||||||
opt.curves = DFL_CURVES;
|
opt.curves = DFL_CURVES;
|
||||||
|
opt.sig_algs = DFL_SIG_ALGS;
|
||||||
opt.dhm_file = DFL_DHM_FILE;
|
opt.dhm_file = DFL_DHM_FILE;
|
||||||
opt.transport = DFL_TRANSPORT;
|
opt.transport = DFL_TRANSPORT;
|
||||||
opt.cookies = DFL_COOKIES;
|
opt.cookies = DFL_COOKIES;
|
||||||
|
@ -1658,6 +1685,12 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "curves" ) == 0 )
|
else if( strcmp( p, "curves" ) == 0 )
|
||||||
opt.curves = q;
|
opt.curves = q;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||||
|
opt.sig_algs = q;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
else if( strcmp( p, "renegotiation" ) == 0 )
|
else if( strcmp( p, "renegotiation" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.renegotiation = (atoi( q )) ?
|
opt.renegotiation = (atoi( q )) ?
|
||||||
|
@ -1712,6 +1745,10 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||||
strcmp( q, "dtls1_2" ) == 0 )
|
strcmp( q, "dtls1_2" ) == 0 )
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -1720,6 +1757,10 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||||
strcmp( q, "dtls1_2" ) == 0 )
|
strcmp( q, "dtls1_2" ) == 0 )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -1745,6 +1786,13 @@ int main( int argc, char *argv[] )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
else if( strcmp( q, "tls1_3" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
@ -2150,6 +2198,60 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
if( opt.sig_algs != NULL )
|
||||||
|
{
|
||||||
|
p = (char *) opt.sig_algs;
|
||||||
|
i = 0;
|
||||||
|
|
||||||
|
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
|
||||||
|
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
|
||||||
|
{
|
||||||
|
q = p;
|
||||||
|
|
||||||
|
/* Terminate the current string */
|
||||||
|
while( *p != ',' && *p != '\0' )
|
||||||
|
p++;
|
||||||
|
if( *p == ',' )
|
||||||
|
*p++ = '\0';
|
||||||
|
|
||||||
|
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
|
||||||
|
}
|
||||||
|
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
|
||||||
|
}
|
||||||
|
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
|
||||||
|
{
|
||||||
|
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
mbedtls_printf( "unknown signature algorithm %s\n", q );
|
||||||
|
mbedtls_printf( "supported signature algorithms: " );
|
||||||
|
mbedtls_printf( "ecdsa_secp256r1_sha256 " );
|
||||||
|
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
|
||||||
|
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
|
||||||
|
mbedtls_printf( "\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "signature algorithm list too long, maximum %d",
|
||||||
|
SIG_ALG_LIST_SIZE - 1 );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||||
|
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
if( opt.alpn_string != NULL )
|
if( opt.alpn_string != NULL )
|
||||||
{
|
{
|
||||||
|
@ -2376,26 +2478,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif /* SNI_OPTION */
|
#endif /* SNI_OPTION */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2. Setup the listening TCP socket
|
* 2. Setup stuff
|
||||||
*/
|
|
||||||
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
|
|
||||||
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
|
|
||||||
opt.server_addr ? opt.server_addr : "*",
|
|
||||||
opt.server_port );
|
|
||||||
fflush( stdout );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
|
|
||||||
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
|
|
||||||
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* 3. Setup stuff
|
|
||||||
*/
|
*/
|
||||||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
@ -2747,6 +2830,11 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||||
|
if( opt.sig_algs != NULL )
|
||||||
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
|
|
||||||
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
||||||
|
@ -2889,6 +2977,24 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 3. Setup the listening TCP socket
|
||||||
|
*/
|
||||||
|
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
|
||||||
|
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
|
||||||
|
opt.server_addr ? opt.server_addr : "*",
|
||||||
|
opt.server_port );
|
||||||
|
fflush( stdout );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
|
||||||
|
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
|
||||||
|
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
reset:
|
reset:
|
||||||
#if !defined(_WIN32)
|
#if !defined(_WIN32)
|
||||||
if( received_sigterm )
|
if( received_sigterm )
|
||||||
|
|
|
@ -24,6 +24,8 @@
|
||||||
# [ -v | --verbose ] [ -h | --help ]
|
# [ -v | --verbose ] [ -h | --help ]
|
||||||
#
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
VERSION=""
|
VERSION=""
|
||||||
SOVERSION=""
|
SOVERSION=""
|
||||||
|
|
||||||
|
@ -79,6 +81,10 @@ then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
[ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt"
|
||||||
|
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp
|
||||||
|
mv tmp CMakeLists.txt
|
||||||
|
|
||||||
[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
|
[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
|
||||||
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
|
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
|
||||||
mv tmp library/CMakeLists.txt
|
mv tmp library/CMakeLists.txt
|
||||||
|
@ -116,10 +122,10 @@ then
|
||||||
mv tmp library/Makefile
|
mv tmp library/Makefile
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/version.h"
|
[ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/build_info.h"
|
||||||
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
|
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
|
||||||
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
|
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
|
||||||
cat include/mbedtls/version.h | \
|
cat include/mbedtls/build_info.h | \
|
||||||
sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
|
sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
|
||||||
sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
|
sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
|
||||||
sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
|
sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
|
||||||
|
@ -127,7 +133,7 @@ cat include/mbedtls/version.h | \
|
||||||
sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
|
sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
|
||||||
sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
|
sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
|
||||||
> tmp
|
> tmp
|
||||||
mv tmp include/mbedtls/version.h
|
mv tmp include/mbedtls/build_info.h
|
||||||
|
|
||||||
[ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data"
|
[ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data"
|
||||||
sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
|
sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
|
||||||
|
|
|
@ -161,6 +161,7 @@ pre_initialize_variables () {
|
||||||
: ${ARMC5_BIN_DIR:=/usr/bin}
|
: ${ARMC5_BIN_DIR:=/usr/bin}
|
||||||
: ${ARMC6_BIN_DIR:=/usr/bin}
|
: ${ARMC6_BIN_DIR:=/usr/bin}
|
||||||
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
|
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
|
||||||
|
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
|
||||||
|
|
||||||
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
|
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
|
||||||
if [ -z "${MAKEFLAGS+set}" ]; then
|
if [ -z "${MAKEFLAGS+set}" ]; then
|
||||||
|
@ -230,6 +231,9 @@ General options:
|
||||||
--arm-none-eabi-gcc-prefix=<string>
|
--arm-none-eabi-gcc-prefix=<string>
|
||||||
Prefix for a cross-compiler for arm-none-eabi
|
Prefix for a cross-compiler for arm-none-eabi
|
||||||
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
|
(default: "${ARM_NONE_EABI_GCC_PREFIX}")
|
||||||
|
--arm-linux-gnueabi-gcc-prefix=<string>
|
||||||
|
Prefix for a cross-compiler for arm-linux-gnueabi
|
||||||
|
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
|
||||||
--armcc Run ARM Compiler builds (on by default).
|
--armcc Run ARM Compiler builds (on by default).
|
||||||
--except Exclude the COMPONENTs listed on the command line,
|
--except Exclude the COMPONENTs listed on the command line,
|
||||||
instead of running only those.
|
instead of running only those.
|
||||||
|
@ -387,6 +391,7 @@ pre_parse_command_line () {
|
||||||
case "$1" in
|
case "$1" in
|
||||||
--append-outcome) append_outcome=1;;
|
--append-outcome) append_outcome=1;;
|
||||||
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
|
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
|
||||||
|
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
|
||||||
--armcc) no_armcc=;;
|
--armcc) no_armcc=;;
|
||||||
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
|
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
|
||||||
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
|
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
|
||||||
|
@ -2369,14 +2374,29 @@ component_build_arm_none_eabi_gcc () {
|
||||||
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
|
${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
|
||||||
}
|
}
|
||||||
|
|
||||||
component_build_arm_none_eabi_gcc_arm5vte () {
|
component_build_arm_linux_gnueabi_gcc_arm5vte () {
|
||||||
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
|
msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
|
||||||
scripts/config.py baremetal
|
scripts/config.py baremetal
|
||||||
# Build for a target platform that's close to what Debian uses
|
# Build for a target platform that's close to what Debian uses
|
||||||
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
||||||
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
|
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
|
||||||
# It would be better to build with arm-linux-gnueabi-gcc but
|
# Build everything including programs, see for example
|
||||||
# we don't have that on our CI at this time.
|
# https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720
|
||||||
|
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
|
||||||
|
|
||||||
|
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1"
|
||||||
|
${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
|
||||||
|
}
|
||||||
|
support_build_arm_linux_gnueabi_gcc_arm5vte () {
|
||||||
|
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
component_build_arm_none_eabi_gcc_arm5vte () {
|
||||||
|
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
|
||||||
|
scripts/config.py baremetal
|
||||||
|
# This is an imperfect substitute for
|
||||||
|
# component_build_arm_linux_gnueabi_gcc_arm5vte
|
||||||
|
# in case the gcc-arm-linux-gnueabi toolchain is not available
|
||||||
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
||||||
|
|
||||||
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
|
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
|
||||||
|
@ -2437,11 +2457,22 @@ component_build_armcc () {
|
||||||
}
|
}
|
||||||
|
|
||||||
component_test_tls13_experimental () {
|
component_test_tls13_experimental () {
|
||||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled"
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||||
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
||||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||||
make
|
make
|
||||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled"
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_tls13_experimental_with_padding () {
|
||||||
|
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
|
||||||
|
scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
||||||
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||||
|
make
|
||||||
|
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
|
||||||
make test
|
make test
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,12 +23,13 @@ set -eu
|
||||||
|
|
||||||
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
|
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
$0 [-u]
|
$0 [-l | -u]
|
||||||
This script checks that all generated file are up-to-date. If some aren't, by
|
This script checks that all generated file are up-to-date. If some aren't, by
|
||||||
default the scripts reports it and exits in error; with the -u option, it just
|
default the scripts reports it and exits in error; with the -u option, it just
|
||||||
updates them instead.
|
updates them instead.
|
||||||
|
|
||||||
-u Update the files rather than return an error for out-of-date files.
|
-u Update the files rather than return an error for out-of-date files.
|
||||||
|
-l List generated files, but do not update them.
|
||||||
EOF
|
EOF
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
@ -39,10 +40,13 @@ if [ -d library -a -d include -a -d tests ]; then :; else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
UPDATE=
|
UPDATE=
|
||||||
if [ $# -ne 0 ] && [ "$1" = "-u" ]; then
|
LIST=
|
||||||
shift
|
while getopts lu OPTLET; do
|
||||||
UPDATE='y'
|
case $OPTLET in
|
||||||
fi
|
l) LIST=1;;
|
||||||
|
u) UPDATE=1;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
# check SCRIPT FILENAME[...]
|
# check SCRIPT FILENAME[...]
|
||||||
# check SCRIPT DIRECTORY
|
# check SCRIPT DIRECTORY
|
||||||
|
@ -58,6 +62,11 @@ check()
|
||||||
SCRIPT=$1
|
SCRIPT=$1
|
||||||
shift
|
shift
|
||||||
|
|
||||||
|
if [ -n "$LIST" ]; then
|
||||||
|
printf '%s\n' "$@"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
directory=
|
directory=
|
||||||
if [ -d "$1" ]; then
|
if [ -d "$1" ]; then
|
||||||
directory="$1"
|
directory="$1"
|
||||||
|
|
131
tests/ssl-opt.sh
131
tests/ssl-opt.sh
|
@ -77,6 +77,14 @@ else
|
||||||
O_LEGACY_CLI=false
|
O_LEGACY_CLI=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||||
|
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
|
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
|
||||||
|
else
|
||||||
|
O_NEXT_SRV=false
|
||||||
|
O_NEXT_CLI=false
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||||
else
|
else
|
||||||
|
@ -346,6 +354,57 @@ requires_openssl_legacy() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requires_openssl_next() {
|
||||||
|
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
|
||||||
|
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
|
||||||
|
OPENSSL_NEXT_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_NEXT_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip next test if tls1_3 is not available
|
||||||
|
requires_openssl_tls1_3() {
|
||||||
|
requires_openssl_next
|
||||||
|
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
|
||||||
|
if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
|
||||||
|
then
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip next test if tls1_3 is not available
|
||||||
|
requires_gnutls_tls1_3() {
|
||||||
|
requires_gnutls_next
|
||||||
|
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
|
||||||
|
if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
|
||||||
|
then
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if IPv6 isn't available on this host
|
# skip next test if IPv6 isn't available on this host
|
||||||
requires_ipv6() {
|
requires_ipv6() {
|
||||||
if [ -z "${HAS_IPV6:-}" ]; then
|
if [ -z "${HAS_IPV6:-}" ]; then
|
||||||
|
@ -693,6 +752,11 @@ find_in_both() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SKIP_HANDSHAKE_CHECK="NO"
|
||||||
|
skip_handshake_stage_check() {
|
||||||
|
SKIP_HANDSHAKE_CHECK="YES"
|
||||||
|
}
|
||||||
|
|
||||||
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
|
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
|
||||||
# Options: -s pattern pattern that must be present in server output
|
# Options: -s pattern pattern that must be present in server output
|
||||||
# -c pattern pattern that must be present in client output
|
# -c pattern pattern that must be present in client output
|
||||||
|
@ -855,21 +919,25 @@ run_test() {
|
||||||
# (useful to avoid tests with only negative assertions and non-zero
|
# (useful to avoid tests with only negative assertions and non-zero
|
||||||
# expected client exit to incorrectly succeed in case of catastrophic
|
# expected client exit to incorrectly succeed in case of catastrophic
|
||||||
# failure)
|
# failure)
|
||||||
if is_polar "$SRV_CMD"; then
|
if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ]
|
||||||
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
|
then
|
||||||
else
|
if is_polar "$SRV_CMD"; then
|
||||||
fail "server or client failed to reach handshake stage"
|
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
|
||||||
return
|
else
|
||||||
|
fail "server or client failed to reach handshake stage"
|
||||||
|
return
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
if is_polar "$CLI_CMD"; then
|
||||||
if is_polar "$CLI_CMD"; then
|
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
|
||||||
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
|
else
|
||||||
else
|
fail "server or client failed to reach handshake stage"
|
||||||
fail "server or client failed to reach handshake stage"
|
return
|
||||||
return
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
SKIP_HANDSHAKE_CHECK="NO"
|
||||||
# Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
|
# Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
|
||||||
# exit with status 0 when interrupted by a signal, and we don't really
|
# exit with status 0 when interrupted by a signal, and we don't really
|
||||||
# care anyway), in case e.g. the server reports a memory leak.
|
# care anyway), in case e.g. the server reports a memory leak.
|
||||||
|
@ -8478,6 +8546,47 @@ run_test "export keys functionality" \
|
||||||
-c "EAP-TLS IV is:" \
|
-c "EAP-TLS IV is:" \
|
||||||
-s "EAP-TLS IV is:"
|
-s "EAP-TLS IV is:"
|
||||||
|
|
||||||
|
# openssl feature tests: check if tls1.3 exists.
|
||||||
|
requires_openssl_tls1_3
|
||||||
|
run_test "TLS1.3: Test openssl tls1_3 feature" \
|
||||||
|
"$O_NEXT_SRV -tls1_3 -msg" \
|
||||||
|
"$O_NEXT_CLI -tls1_3 -msg" \
|
||||||
|
0 \
|
||||||
|
-c "TLS 1.3" \
|
||||||
|
-s "TLS 1.3"
|
||||||
|
|
||||||
|
# gnutls feature tests: check if tls1.3 exists.
|
||||||
|
requires_gnutls_tls1_3
|
||||||
|
run_test "TLS1.3: Test gnutls tls1_3 feature" \
|
||||||
|
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
|
||||||
|
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
|
||||||
|
0 \
|
||||||
|
-s "Version: TLS1.3" \
|
||||||
|
-c "Version: TLS1.3"
|
||||||
|
|
||||||
|
# TLS1.3 test cases
|
||||||
|
# TODO: remove or rewrite this test case if #4832 is resolved.
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
skip_handshake_stage_check
|
||||||
|
run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
|
||||||
|
"$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \
|
||||||
|
"$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \
|
||||||
|
1 \
|
||||||
|
-s "SSL - The requested feature is not available" \
|
||||||
|
-c "SSL - The requested feature is not available" \
|
||||||
|
-s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
|
||||||
|
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
|
||||||
|
"$P_SRV min_version=tls1_3 max_version=tls1_3" \
|
||||||
|
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
|
||||||
|
1 \
|
||||||
|
-s "SSL - The requested feature is not available" \
|
||||||
|
-c "SSL - The requested feature is not available"
|
||||||
|
|
||||||
# Test heap memory usage after handshake
|
# Test heap memory usage after handshake
|
||||||
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
||||||
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
|
|
|
@ -60,10 +60,16 @@ void debug_print_msg_threshold( int threshold, int level, char * file,
|
||||||
memset( buffer.buf, 0, 2000 );
|
memset( buffer.buf, 0, 2000 );
|
||||||
buffer.ptr = buffer.buf;
|
buffer.ptr = buffer.buf;
|
||||||
|
|
||||||
|
mbedtls_ssl_config_defaults( &conf,
|
||||||
|
MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
|
|
||||||
|
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||||
|
|
||||||
mbedtls_debug_set_threshold( threshold );
|
mbedtls_debug_set_threshold( threshold );
|
||||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
|
||||||
|
|
||||||
mbedtls_debug_print_msg( &ssl, level, file, line,
|
mbedtls_debug_print_msg( &ssl, level, file, line,
|
||||||
"Text message, 2 == %d", 2 );
|
"Text message, 2 == %d", 2 );
|
||||||
|
@ -89,10 +95,15 @@ void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
|
||||||
memset( buffer.buf, 0, 2000 );
|
memset( buffer.buf, 0, 2000 );
|
||||||
buffer.ptr = buffer.buf;
|
buffer.ptr = buffer.buf;
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
mbedtls_ssl_config_defaults( &conf,
|
||||||
|
MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
|
|
||||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||||
|
|
||||||
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
|
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
|
||||||
|
|
||||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||||
|
@ -116,11 +127,15 @@ void mbedtls_debug_print_buf( char * file, int line, char * text,
|
||||||
memset( buffer.buf, 0, 2000 );
|
memset( buffer.buf, 0, 2000 );
|
||||||
buffer.ptr = buffer.buf;
|
buffer.ptr = buffer.buf;
|
||||||
|
|
||||||
|
mbedtls_ssl_config_defaults( &conf,
|
||||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
|
|
||||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||||
|
|
||||||
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
|
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
|
||||||
|
|
||||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||||
|
@ -146,10 +161,15 @@ void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
|
||||||
memset( buffer.buf, 0, 2000 );
|
memset( buffer.buf, 0, 2000 );
|
||||||
buffer.ptr = buffer.buf;
|
buffer.ptr = buffer.buf;
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
mbedtls_ssl_config_defaults( &conf,
|
||||||
|
MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
|
|
||||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||||
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
|
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
|
||||||
|
|
||||||
|
@ -177,12 +197,17 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
|
||||||
memset( buffer.buf, 0, 2000 );
|
memset( buffer.buf, 0, 2000 );
|
||||||
buffer.ptr = buffer.buf;
|
buffer.ptr = buffer.buf;
|
||||||
|
|
||||||
|
mbedtls_ssl_config_defaults( &conf,
|
||||||
|
MBEDTLS_SSL_IS_CLIENT,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
MBEDTLS_SSL_PRESET_DEFAULT );
|
||||||
|
|
||||||
|
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
|
TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
|
||||||
|
|
||||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
|
||||||
|
|
||||||
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
|
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
|
||||||
|
|
||||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||||
|
|
|
@ -6021,6 +6021,62 @@ SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
|
||||||
# Vector from RFC 8448
|
# Vector from RFC 8448
|
||||||
ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
|
ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
|
||||||
|
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
|
||||||
|
# - Server App IV: 1b13dd9f8d8f17091d34b349
|
||||||
|
# - Client App Key: 49134b95328f279f0183860589ac6707
|
||||||
|
# - Client App IV: bc4dd5f7b98acff85466261d
|
||||||
|
# - App data payload: 70696e67
|
||||||
|
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
|
||||||
|
# - Padding used: No (== granularity 1)
|
||||||
|
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
|
||||||
|
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
|
||||||
|
# - Server App IV: 1b13dd9f8d8f17091d34b349
|
||||||
|
# - Client App Key: 49134b95328f279f0183860589ac6707
|
||||||
|
# - Client App IV: bc4dd5f7b98acff85466261d
|
||||||
|
# - App data payload: 706f6e67
|
||||||
|
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
|
||||||
|
# - Padding used: No (== granularity 1)
|
||||||
|
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
|
||||||
|
# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
|
||||||
|
# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
|
||||||
|
# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84
|
||||||
|
# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
|
||||||
|
# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9
|
||||||
|
# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
|
||||||
|
# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
|
||||||
|
# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
|
||||||
|
# 30 31
|
||||||
|
# - Complete record: 17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe
|
||||||
|
# 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f
|
||||||
|
# 2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b
|
||||||
|
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
|
||||||
|
# 3a ee bb 21 69 49 15 e4
|
||||||
|
# - Padding used: No (== granularity 1)
|
||||||
|
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
|
||||||
|
# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
|
||||||
|
# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56
|
||||||
|
# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84
|
||||||
|
# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51
|
||||||
|
# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9
|
||||||
|
# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
|
||||||
|
# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
|
||||||
|
# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
|
||||||
|
# 30 31
|
||||||
|
# - Complete record: 17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad
|
||||||
|
# 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36
|
||||||
|
# e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8
|
||||||
|
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
|
||||||
|
# 0d d0 32 e1 67 c2 95 5d
|
||||||
|
# - Padding used: No (== granularity 1)
|
||||||
|
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
|
||||||
|
|
||||||
SSL TLS 1.3 Key schedule: Application secrets derivation helper
|
SSL TLS 1.3 Key schedule: Application secrets derivation helper
|
||||||
# Vector from RFC 8448
|
# Vector from RFC 8448
|
||||||
ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
|
ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
|
||||||
|
|
|
@ -3944,6 +3944,104 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
void ssl_tls1_3_record_protection( int ciphersuite,
|
||||||
|
int endpoint,
|
||||||
|
int ctr,
|
||||||
|
int padding_used,
|
||||||
|
data_t *server_write_key,
|
||||||
|
data_t *server_write_iv,
|
||||||
|
data_t *client_write_key,
|
||||||
|
data_t *client_write_iv,
|
||||||
|
data_t *plaintext,
|
||||||
|
data_t *ciphertext )
|
||||||
|
{
|
||||||
|
mbedtls_ssl_key_set keys;
|
||||||
|
mbedtls_ssl_transform transform_send;
|
||||||
|
mbedtls_ssl_transform transform_recv;
|
||||||
|
mbedtls_record rec;
|
||||||
|
unsigned char *buf = NULL;
|
||||||
|
size_t buf_len;
|
||||||
|
int other_endpoint;
|
||||||
|
|
||||||
|
TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT ||
|
||||||
|
endpoint == MBEDTLS_SSL_IS_SERVER );
|
||||||
|
|
||||||
|
if( endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
|
other_endpoint = MBEDTLS_SSL_IS_CLIENT;
|
||||||
|
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
|
other_endpoint = MBEDTLS_SSL_IS_SERVER;
|
||||||
|
|
||||||
|
TEST_ASSERT( server_write_key->len == client_write_key->len );
|
||||||
|
TEST_ASSERT( server_write_iv->len == client_write_iv->len );
|
||||||
|
|
||||||
|
memcpy( keys.client_write_key,
|
||||||
|
client_write_key->x, client_write_key->len );
|
||||||
|
memcpy( keys.client_write_iv,
|
||||||
|
client_write_iv->x, client_write_iv->len );
|
||||||
|
memcpy( keys.server_write_key,
|
||||||
|
server_write_key->x, server_write_key->len );
|
||||||
|
memcpy( keys.server_write_iv,
|
||||||
|
server_write_iv->x, server_write_iv->len );
|
||||||
|
|
||||||
|
keys.key_len = server_write_key->len;
|
||||||
|
keys.iv_len = server_write_iv->len;
|
||||||
|
|
||||||
|
mbedtls_ssl_transform_init( &transform_recv );
|
||||||
|
mbedtls_ssl_transform_init( &transform_send );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
|
||||||
|
&transform_send, endpoint,
|
||||||
|
ciphersuite, &keys, NULL ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_ssl_tls13_populate_transform(
|
||||||
|
&transform_recv, other_endpoint,
|
||||||
|
ciphersuite, &keys, NULL ) == 0 );
|
||||||
|
|
||||||
|
/* Make sure we have enough space in the buffer even if
|
||||||
|
* we use more padding than the KAT. */
|
||||||
|
buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
|
||||||
|
ASSERT_ALLOC( buf, buf_len );
|
||||||
|
rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||||
|
|
||||||
|
/* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */
|
||||||
|
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||||
|
MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||||
|
rec.ver );
|
||||||
|
|
||||||
|
/* Copy plaintext into record structure */
|
||||||
|
rec.buf = buf;
|
||||||
|
rec.buf_len = buf_len;
|
||||||
|
rec.data_offset = 0;
|
||||||
|
TEST_ASSERT( plaintext->len <= ciphertext->len );
|
||||||
|
memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len );
|
||||||
|
rec.data_len = plaintext->len;
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
rec.cid_len = 0;
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
|
memset( &rec.ctr[0], 0, 8 );
|
||||||
|
rec.ctr[7] = ctr;
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec,
|
||||||
|
NULL, NULL ) == 0 );
|
||||||
|
|
||||||
|
if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY )
|
||||||
|
{
|
||||||
|
ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
|
||||||
|
ciphertext->x, ciphertext->len );
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 );
|
||||||
|
ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len,
|
||||||
|
plaintext->x, plaintext->len );
|
||||||
|
|
||||||
|
mbedtls_free( buf );
|
||||||
|
mbedtls_ssl_transform_free( &transform_send );
|
||||||
|
mbedtls_ssl_transform_free( &transform_recv );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
void ssl_tls1_3_key_evolution( int hash_alg,
|
void ssl_tls1_3_key_evolution( int hash_alg,
|
||||||
data_t *secret,
|
data_t *secret,
|
||||||
|
|
Loading…
Reference in a new issue