Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
This commit is contained in:
commit
dd57b2f240
26 changed files with 119 additions and 1135 deletions
13
ChangeLog.d/issue4282.txt
Normal file
13
ChangeLog.d/issue4282.txt
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
Removals
|
||||||
|
* Remove the following deprecated functions and constants of hex-encoded
|
||||||
|
primes based on RFC 5114 and RFC 3526 from library code and tests:
|
||||||
|
mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(),
|
||||||
|
mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(),
|
||||||
|
mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(),
|
||||||
|
mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(),
|
||||||
|
mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(),
|
||||||
|
MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G,
|
||||||
|
MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G,
|
||||||
|
MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G,
|
||||||
|
MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G.
|
||||||
|
Remove the deprecated file: include/mbedtls/net.h. Fixes #4282.
|
|
@ -397,12 +397,6 @@
|
||||||
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
||||||
* with this definition.
|
* with this definition.
|
||||||
*
|
*
|
||||||
* \note Because of a signature change, the core AES encryption and decryption routines are
|
|
||||||
* currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
|
|
||||||
* respectively. When setting up alternative implementations, these functions should
|
|
||||||
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
|
|
||||||
* must stay untouched.
|
|
||||||
*
|
|
||||||
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
|
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
|
||||||
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
|
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
|
||||||
* tables.
|
* tables.
|
||||||
|
|
|
@ -0,0 +1,72 @@
|
||||||
|
Deprecated functions were removed from AES
|
||||||
|
------------------------------------------
|
||||||
|
|
||||||
|
The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were
|
||||||
|
removed.
|
||||||
|
|
||||||
|
If you're simply using the AES module, you should be calling the higher-level
|
||||||
|
functions `mbedtls_aes_crypt_xxx()`.
|
||||||
|
|
||||||
|
If you're providing an alternative implementation using
|
||||||
|
`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be
|
||||||
|
replacing the removed functions with `mbedtls_internal_aes_encrypt()` and
|
||||||
|
`mbedtls_internal_aes_decrypt()` respectively.
|
||||||
|
|
||||||
|
Deprecated functions were removed from bignum
|
||||||
|
---------------------------------------------
|
||||||
|
|
||||||
|
The function `mbedtls_mpi_is_prime()` was removed. Please use
|
||||||
|
`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the
|
||||||
|
number of Miller-Rabin rounds.
|
||||||
|
|
||||||
|
Deprecated functions were removed from cipher
|
||||||
|
---------------------------------------------
|
||||||
|
|
||||||
|
The functions `mbedtls_cipher_auth_encrypt()` and
|
||||||
|
`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by
|
||||||
|
`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()`
|
||||||
|
respectively which additionally support key wrapping algorithms such as
|
||||||
|
NIST_KW.
|
||||||
|
|
||||||
|
Deprecated functions were removed from DRBGs
|
||||||
|
--------------------------------------------
|
||||||
|
|
||||||
|
The functions `mbedtls_ctr_drbg_update()` and `mbedtls_hmac_drbg_update()`
|
||||||
|
were removed. They were superseded by `mbedtls_ctr_drbg_update_ret()` and
|
||||||
|
`mbedtls_hmac_drbg_update_ret()` respectively.
|
||||||
|
|
||||||
|
Deprecated functions were removed from ECDSA
|
||||||
|
--------------------------------------------
|
||||||
|
|
||||||
|
The functions `mbedtls_ecdsa_write_signature_det()` and
|
||||||
|
`mbedtls_ecdsa_sign_det()` were removed. They were superseded by
|
||||||
|
`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()`
|
||||||
|
respectively.
|
||||||
|
|
||||||
|
Deprecated functions were removed from SSL
|
||||||
|
------------------------------------------
|
||||||
|
|
||||||
|
The function `mbedtls_ssl_conf_dh_param()` was removed. Please use
|
||||||
|
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
|
||||||
|
|
||||||
|
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
|
||||||
|
`mbedtls_ssl_get_output_max_frag_len()` instead.
|
||||||
|
|
||||||
|
Deprecated hex-encoded primes were removed from DHM
|
||||||
|
---------------------------------------------------
|
||||||
|
|
||||||
|
The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`,
|
||||||
|
`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`,
|
||||||
|
`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`,
|
||||||
|
`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were
|
||||||
|
removed. The primes from RFC 5114 are deprecated because their derivation is not
|
||||||
|
documented and therefore their usage constitutes a security risk; they are fully
|
||||||
|
removed from the library. Please use parameters from RFC3526 (still in the
|
||||||
|
library, only in binary form) or RFC 7919 (also available in the library) or
|
||||||
|
other trusted sources instead.
|
||||||
|
|
||||||
|
Deprecated net.h file was removed
|
||||||
|
---------------------------------
|
||||||
|
|
||||||
|
The file `include/mbedtls/net.h` was removed because its only function was to
|
||||||
|
include `mbedtls/net_sockets.h` which now should be included directly.
|
|
@ -611,44 +611,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||||
const unsigned char input[16],
|
const unsigned char input[16],
|
||||||
unsigned char output[16] );
|
unsigned char output[16] );
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief Deprecated internal AES block encryption function
|
|
||||||
* without return value.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_internal_aes_encrypt()
|
|
||||||
*
|
|
||||||
* \param ctx The AES context to use for encryption.
|
|
||||||
* \param input Plaintext block.
|
|
||||||
* \param output Output (ciphertext) block.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
|
||||||
const unsigned char input[16],
|
|
||||||
unsigned char output[16] );
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Deprecated internal AES block decryption function
|
|
||||||
* without return value.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_internal_aes_decrypt()
|
|
||||||
*
|
|
||||||
* \param ctx The AES context to use for decryption.
|
|
||||||
* \param input Ciphertext block.
|
|
||||||
* \param output Output (plaintext) block.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
|
||||||
const unsigned char input[16],
|
|
||||||
unsigned char output[16] );
|
|
||||||
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SELF_TEST)
|
#if defined(MBEDTLS_SELF_TEST)
|
||||||
/**
|
/**
|
||||||
* \brief Checkup routine.
|
* \brief Checkup routine.
|
||||||
|
|
|
@ -904,37 +904,6 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
|
||||||
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
|
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
|
||||||
const mbedtls_mpi *N );
|
const mbedtls_mpi *N );
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief Perform a Miller-Rabin primality test with error
|
|
||||||
* probability of 2<sup>-80</sup>.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows
|
|
||||||
* specifying the number of Miller-Rabin rounds.
|
|
||||||
*
|
|
||||||
* \param X The MPI to check for primality.
|
|
||||||
* This must point to an initialized MPI.
|
|
||||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
|
||||||
* \param p_rng The RNG parameter to be passed to \p f_rng.
|
|
||||||
* This may be \c NULL if \p f_rng doesn't use a
|
|
||||||
* context parameter.
|
|
||||||
*
|
|
||||||
* \return \c 0 if successful, i.e. \p X is probably prime.
|
|
||||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
|
|
||||||
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
|
|
||||||
* \return Another negative error code on other kinds of failure.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
|
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng );
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Miller-Rabin primality test.
|
* \brief Miller-Rabin primality test.
|
||||||
*
|
*
|
||||||
|
|
|
@ -467,8 +467,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
||||||
* \param cipher_info The cipher to use.
|
* \param cipher_info The cipher to use.
|
||||||
* \param taglen For AEAD ciphers, the length in bytes of the
|
* \param taglen For AEAD ciphers, the length in bytes of the
|
||||||
* authentication tag to use. Subsequent uses of
|
* authentication tag to use. Subsequent uses of
|
||||||
* mbedtls_cipher_auth_encrypt() or
|
* mbedtls_cipher_auth_encrypt_ext() or
|
||||||
* mbedtls_cipher_auth_decrypt() must provide
|
* mbedtls_cipher_auth_decrypt_ext() must provide
|
||||||
* the same tag length.
|
* the same tag length.
|
||||||
* For non-AEAD ciphers, the value must be \c 0.
|
* For non-AEAD ciphers, the value must be \c 0.
|
||||||
*
|
*
|
||||||
|
@ -853,129 +853,6 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||||
const unsigned char *input, size_t ilen,
|
const unsigned char *input, size_t ilen,
|
||||||
unsigned char *output, size_t *olen );
|
unsigned char *output, size_t *olen );
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
|
||||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
|
||||||
/**
|
|
||||||
* \brief The generic authenticated encryption (AEAD) function.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_cipher_auth_encrypt_ext().
|
|
||||||
*
|
|
||||||
* \note This function only supports AEAD algorithms, not key
|
|
||||||
* wrapping algorithms such as NIST_KW; for this, see
|
|
||||||
* mbedtls_cipher_auth_encrypt_ext().
|
|
||||||
*
|
|
||||||
* \param ctx The generic cipher context. This must be initialized and
|
|
||||||
* bound to a key associated with an AEAD algorithm.
|
|
||||||
* \param iv The nonce to use. This must be a readable buffer of
|
|
||||||
* at least \p iv_len Bytes and must not be \c NULL.
|
|
||||||
* \param iv_len The length of the nonce. This must satisfy the
|
|
||||||
* constraints imposed by the AEAD cipher used.
|
|
||||||
* \param ad The additional data to authenticate. This must be a
|
|
||||||
* readable buffer of at least \p ad_len Bytes, and may
|
|
||||||
* be \c NULL is \p ad_len is \c 0.
|
|
||||||
* \param ad_len The length of \p ad.
|
|
||||||
* \param input The buffer holding the input data. This must be a
|
|
||||||
* readable buffer of at least \p ilen Bytes, and may be
|
|
||||||
* \c NULL if \p ilen is \c 0.
|
|
||||||
* \param ilen The length of the input data.
|
|
||||||
* \param output The buffer for the output data. This must be a
|
|
||||||
* writable buffer of at least \p ilen Bytes, and must
|
|
||||||
* not be \c NULL.
|
|
||||||
* \param olen This will be filled with the actual number of Bytes
|
|
||||||
* written to the \p output buffer. This must point to a
|
|
||||||
* writable object of type \c size_t.
|
|
||||||
* \param tag The buffer for the authentication tag. This must be a
|
|
||||||
* writable buffer of at least \p tag_len Bytes. See note
|
|
||||||
* below regarding restrictions with PSA-based contexts.
|
|
||||||
* \param tag_len The desired length of the authentication tag. This
|
|
||||||
* must match the constraints imposed by the AEAD cipher
|
|
||||||
* used, and in particular must not be \c 0.
|
|
||||||
*
|
|
||||||
* \note If the context is based on PSA (that is, it was set up
|
|
||||||
* with mbedtls_cipher_setup_psa()), then it is required
|
|
||||||
* that \c tag == output + ilen. That is, the tag must be
|
|
||||||
* appended to the ciphertext as recommended by RFC 5116.
|
|
||||||
*
|
|
||||||
* \return \c 0 on success.
|
|
||||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
|
||||||
* parameter-verification failure.
|
|
||||||
* \return A cipher-specific error code on failure.
|
|
||||||
*/
|
|
||||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|
||||||
const unsigned char *iv, size_t iv_len,
|
|
||||||
const unsigned char *ad, size_t ad_len,
|
|
||||||
const unsigned char *input, size_t ilen,
|
|
||||||
unsigned char *output, size_t *olen,
|
|
||||||
unsigned char *tag, size_t tag_len )
|
|
||||||
MBEDTLS_DEPRECATED;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief The generic authenticated decryption (AEAD) function.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_cipher_auth_decrypt_ext().
|
|
||||||
*
|
|
||||||
* \note This function only supports AEAD algorithms, not key
|
|
||||||
* wrapping algorithms such as NIST_KW; for this, see
|
|
||||||
* mbedtls_cipher_auth_decrypt_ext().
|
|
||||||
*
|
|
||||||
* \note If the data is not authentic, then the output buffer
|
|
||||||
* is zeroed out to prevent the unauthentic plaintext being
|
|
||||||
* used, making this interface safer.
|
|
||||||
*
|
|
||||||
* \param ctx The generic cipher context. This must be initialized and
|
|
||||||
* bound to a key associated with an AEAD algorithm.
|
|
||||||
* \param iv The nonce to use. This must be a readable buffer of
|
|
||||||
* at least \p iv_len Bytes and must not be \c NULL.
|
|
||||||
* \param iv_len The length of the nonce. This must satisfy the
|
|
||||||
* constraints imposed by the AEAD cipher used.
|
|
||||||
* \param ad The additional data to authenticate. This must be a
|
|
||||||
* readable buffer of at least \p ad_len Bytes, and may
|
|
||||||
* be \c NULL is \p ad_len is \c 0.
|
|
||||||
* \param ad_len The length of \p ad.
|
|
||||||
* \param input The buffer holding the input data. This must be a
|
|
||||||
* readable buffer of at least \p ilen Bytes, and may be
|
|
||||||
* \c NULL if \p ilen is \c 0.
|
|
||||||
* \param ilen The length of the input data.
|
|
||||||
* \param output The buffer for the output data. This must be a
|
|
||||||
* writable buffer of at least \p ilen Bytes, and must
|
|
||||||
* not be \c NULL.
|
|
||||||
* \param olen This will be filled with the actual number of Bytes
|
|
||||||
* written to the \p output buffer. This must point to a
|
|
||||||
* writable object of type \c size_t.
|
|
||||||
* \param tag The buffer for the authentication tag. This must be a
|
|
||||||
* readable buffer of at least \p tag_len Bytes. See note
|
|
||||||
* below regarding restrictions with PSA-based contexts.
|
|
||||||
* \param tag_len The length of the authentication tag. This must match
|
|
||||||
* the constraints imposed by the AEAD cipher used, and in
|
|
||||||
* particular must not be \c 0.
|
|
||||||
*
|
|
||||||
* \note If the context is based on PSA (that is, it was set up
|
|
||||||
* with mbedtls_cipher_setup_psa()), then it is required
|
|
||||||
* that \c tag == input + len. That is, the tag must be
|
|
||||||
* appended to the ciphertext as recommended by RFC 5116.
|
|
||||||
*
|
|
||||||
* \return \c 0 on success.
|
|
||||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
|
||||||
* parameter-verification failure.
|
|
||||||
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
|
|
||||||
* \return A cipher-specific error code on failure.
|
|
||||||
*/
|
|
||||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
|
||||||
const unsigned char *iv, size_t iv_len,
|
|
||||||
const unsigned char *ad, size_t ad_len,
|
|
||||||
const unsigned char *input, size_t ilen,
|
|
||||||
unsigned char *output, size_t *olen,
|
|
||||||
const unsigned char *tag, size_t tag_len )
|
|
||||||
MBEDTLS_DEPRECATED;
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||||
/**
|
/**
|
||||||
* \brief The authenticated encryption (AEAD/NIST_KW) function.
|
* \brief The authenticated encryption (AEAD/NIST_KW) function.
|
||||||
|
|
|
@ -421,12 +421,6 @@
|
||||||
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
||||||
* with this definition.
|
* with this definition.
|
||||||
*
|
*
|
||||||
* \note Because of a signature change, the core AES encryption and decryption routines are
|
|
||||||
* currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
|
|
||||||
* respectively. When setting up alternative implementations, these functions should
|
|
||||||
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
|
|
||||||
* must stay untouched.
|
|
||||||
*
|
|
||||||
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
|
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
|
||||||
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
|
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
|
||||||
* tables.
|
* tables.
|
||||||
|
@ -445,9 +439,7 @@
|
||||||
* alternative implementations should use the RNG only for generating
|
* alternative implementations should use the RNG only for generating
|
||||||
* the ephemeral key and nothing else. If this is not possible, then
|
* the ephemeral key and nothing else. If this is not possible, then
|
||||||
* MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
|
* MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
|
||||||
* implementation should be provided for mbedtls_ecdsa_sign_det_ext()
|
* implementation should be provided for mbedtls_ecdsa_sign_det_ext().
|
||||||
* (and for mbedtls_ecdsa_sign_det() too if backward compatibility is
|
|
||||||
* desirable).
|
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
//#define MBEDTLS_MD2_PROCESS_ALT
|
//#define MBEDTLS_MD2_PROCESS_ALT
|
||||||
|
|
|
@ -528,35 +528,6 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||||
int mbedtls_ctr_drbg_random( void *p_rng,
|
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||||
unsigned char *output, size_t output_len );
|
unsigned char *output, size_t output_len );
|
||||||
|
|
||||||
|
|
||||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief This function updates the state of the CTR_DRBG context.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_ctr_drbg_update_ret()
|
|
||||||
* in 2.16.0.
|
|
||||||
*
|
|
||||||
* \note If \p add_len is greater than
|
|
||||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
|
||||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
|
||||||
* The remaining Bytes are silently discarded.
|
|
||||||
*
|
|
||||||
* \param ctx The CTR_DRBG context.
|
|
||||||
* \param additional The data to update the state with.
|
|
||||||
* \param add_len Length of \p additional data.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
|
|
||||||
mbedtls_ctr_drbg_context *ctx,
|
|
||||||
const unsigned char *additional,
|
|
||||||
size_t add_len );
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
/**
|
/**
|
||||||
* \brief This function writes a seed file.
|
* \brief This function writes a seed file.
|
||||||
|
|
|
@ -382,161 +382,6 @@ int mbedtls_dhm_self_test( int verbose );
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \warning The origin of the primes in RFC 5114 is not documented and
|
|
||||||
* their use therefore constitutes a security risk!
|
|
||||||
*
|
|
||||||
* \deprecated The hex-encoded primes from RFC 5114 are deprecated and are
|
|
||||||
* likely to be removed in a future version of the library without
|
|
||||||
* replacement.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the prime underlying the
|
|
||||||
* 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined
|
|
||||||
* in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
|
|
||||||
* IETF Standards</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
|
||||||
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
|
|
||||||
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
|
|
||||||
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
|
|
||||||
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
|
|
||||||
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
|
|
||||||
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
|
|
||||||
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
|
|
||||||
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
|
|
||||||
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
|
|
||||||
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
|
|
||||||
"CF9DE5384E71B81C0AC4DFFE0C10E64F" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the chosen generator of the 2048-bit MODP
|
|
||||||
* Group with 224-bit Prime Order Subgroup, as defined in <em>RFC-5114:
|
|
||||||
* Additional Diffie-Hellman Groups for Use with IETF Standards</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC5114_MODP_2048_G \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
|
||||||
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \
|
|
||||||
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \
|
|
||||||
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \
|
|
||||||
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \
|
|
||||||
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \
|
|
||||||
"F180EB34118E98D119529A45D6F834566E3025E316A330EF" \
|
|
||||||
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \
|
|
||||||
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \
|
|
||||||
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \
|
|
||||||
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \
|
|
||||||
"81BC087F2A7065B384B890D3191F2BFA" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the prime underlying the 2048-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*
|
|
||||||
* \deprecated The hex-encoded primes from RFC 3625 are deprecated and
|
|
||||||
* superseded by the corresponding macros providing them as
|
|
||||||
* binary constants. Their hex-encoded constants are likely
|
|
||||||
* to be removed in a future version of the library.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
|
||||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
|
||||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
|
|
||||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
|
|
||||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
|
|
||||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
|
|
||||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
|
|
||||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
|
|
||||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
|
|
||||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
|
|
||||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
|
|
||||||
"15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the chosen generator of the 2048-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_2048_G \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the prime underlying the 3072-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3072: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_3072_P \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
|
||||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
|
||||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
|
|
||||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
|
|
||||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
|
|
||||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
|
|
||||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
|
|
||||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
|
|
||||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
|
|
||||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
|
|
||||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
|
|
||||||
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
|
|
||||||
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
|
|
||||||
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
|
|
||||||
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
|
|
||||||
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
|
|
||||||
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the chosen generator of the 3072-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_3072_G \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the prime underlying the 4096-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_4096_P \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
|
||||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
|
||||||
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
|
|
||||||
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
|
|
||||||
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
|
|
||||||
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
|
|
||||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
|
|
||||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
|
|
||||||
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
|
|
||||||
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
|
|
||||||
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
|
|
||||||
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
|
|
||||||
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
|
|
||||||
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
|
|
||||||
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
|
|
||||||
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
|
|
||||||
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
|
|
||||||
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
|
|
||||||
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
|
|
||||||
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
|
|
||||||
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
|
|
||||||
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
|
|
||||||
"FFFFFFFFFFFFFFFF" )
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The hexadecimal presentation of the chosen generator of the 4096-bit MODP
|
|
||||||
* Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
|
|
||||||
* Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_DHM_RFC3526_MODP_4096_G \
|
|
||||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
|
|
||||||
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Trustworthy DHM parameters in binary form
|
* Trustworthy DHM parameters in binary form
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -138,7 +138,7 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
|
||||||
* previously-hashed message.
|
* previously-hashed message.
|
||||||
*
|
*
|
||||||
* \note The deterministic version implemented in
|
* \note The deterministic version implemented in
|
||||||
* mbedtls_ecdsa_sign_det() is usually preferred.
|
* mbedtls_ecdsa_sign_det_ext() is usually preferred.
|
||||||
*
|
*
|
||||||
* \note If the bitlength of the message hash is larger than the
|
* \note If the bitlength of the message hash is larger than the
|
||||||
* bitlength of the group order, then the hash is truncated
|
* bitlength of the group order, then the hash is truncated
|
||||||
|
@ -174,67 +174,6 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief This function computes the ECDSA signature of a
|
|
||||||
* previously-hashed message, deterministic version.
|
|
||||||
*
|
|
||||||
* For more information, see <em>RFC-6979: Deterministic
|
|
||||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
|
||||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
|
||||||
*
|
|
||||||
* \note If the bitlength of the message hash is larger than the
|
|
||||||
* bitlength of the group order, then the hash is truncated as
|
|
||||||
* defined in <em>Standards for Efficient Cryptography Group
|
|
||||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
|
||||||
* 4.1.3, step 5.
|
|
||||||
*
|
|
||||||
* \warning Since the output of the internal RNG is always the same for
|
|
||||||
* the same key and message, this limits the efficiency of
|
|
||||||
* blinding and leaks information through side channels. For
|
|
||||||
* secure behavior use mbedtls_ecdsa_sign_det_ext() instead.
|
|
||||||
*
|
|
||||||
* (Optimally the blinding is a random value that is different
|
|
||||||
* on every execution. In this case the blinding is still
|
|
||||||
* random from the attackers perspective, but is the same on
|
|
||||||
* each execution. This means that this blinding does not
|
|
||||||
* prevent attackers from recovering secrets by combining
|
|
||||||
* several measurement traces, but may prevent some attacks
|
|
||||||
* that exploit relationships between secret data.)
|
|
||||||
*
|
|
||||||
* \see ecp.h
|
|
||||||
*
|
|
||||||
* \param grp The context for the elliptic curve to use.
|
|
||||||
* This must be initialized and have group parameters
|
|
||||||
* set, for example through mbedtls_ecp_group_load().
|
|
||||||
* \param r The MPI context in which to store the first part
|
|
||||||
* the signature. This must be initialized.
|
|
||||||
* \param s The MPI context in which to store the second part
|
|
||||||
* the signature. This must be initialized.
|
|
||||||
* \param d The private signing key. This must be initialized
|
|
||||||
* and setup, for example through mbedtls_ecp_gen_privkey().
|
|
||||||
* \param buf The hashed content to be signed. This must be a readable
|
|
||||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
|
||||||
* \p blen is zero.
|
|
||||||
* \param blen The length of \p buf in Bytes.
|
|
||||||
* \param md_alg The hash algorithm used to hash the original data.
|
|
||||||
*
|
|
||||||
* \return \c 0 on success.
|
|
||||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
|
||||||
* error code on failure.
|
|
||||||
*/
|
|
||||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
|
||||||
mbedtls_mpi *s, const mbedtls_mpi *d,
|
|
||||||
const unsigned char *buf, size_t blen,
|
|
||||||
mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief This function computes the ECDSA signature of a
|
* \brief This function computes the ECDSA signature of a
|
||||||
* previously-hashed message, deterministic version.
|
* previously-hashed message, deterministic version.
|
||||||
|
@ -421,64 +360,6 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||||
void *p_rng,
|
void *p_rng,
|
||||||
mbedtls_ecdsa_restart_ctx *rs_ctx );
|
mbedtls_ecdsa_restart_ctx *rs_ctx );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
|
||||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief This function computes an ECDSA signature and writes
|
|
||||||
* it to a buffer, serialized as defined in <em>RFC-4492:
|
|
||||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
|
||||||
* Transport Layer Security (TLS)</em>.
|
|
||||||
*
|
|
||||||
* The deterministic version is defined in <em>RFC-6979:
|
|
||||||
* Deterministic Usage of the Digital Signature Algorithm (DSA)
|
|
||||||
* and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
|
||||||
*
|
|
||||||
* \warning It is not thread-safe to use the same context in
|
|
||||||
* multiple threads.
|
|
||||||
*
|
|
||||||
* \note If the bitlength of the message hash is larger than the
|
|
||||||
* bitlength of the group order, then the hash is truncated as
|
|
||||||
* defined in <em>Standards for Efficient Cryptography Group
|
|
||||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
|
||||||
* 4.1.3, step 5.
|
|
||||||
*
|
|
||||||
* \see ecp.h
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
|
||||||
* Mbed TLS version 2.0 and later.
|
|
||||||
*
|
|
||||||
* \param ctx The ECDSA context to use. This must be initialized
|
|
||||||
* and have a group and private key bound to it, for example
|
|
||||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
|
||||||
* \param hash The message hash to be signed. This must be a readable
|
|
||||||
* buffer of length \p blen Bytes.
|
|
||||||
* \param hlen The length of the hash \p hash in Bytes.
|
|
||||||
* \param sig The buffer to which to write the signature. This must be a
|
|
||||||
* writable buffer of length at least twice as large as the
|
|
||||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
|
||||||
* a 256-bit curve is used. A buffer length of
|
|
||||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
|
||||||
* \param slen The address at which to store the actual length of
|
|
||||||
* the signature written. Must not be \c NULL.
|
|
||||||
* \param md_alg The message digest that was used to hash the message.
|
|
||||||
*
|
|
||||||
* \return \c 0 on success.
|
|
||||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
|
||||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
|
||||||
*/
|
|
||||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|
||||||
const unsigned char *hash, size_t hlen,
|
|
||||||
unsigned char *sig, size_t *slen,
|
|
||||||
mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief This function reads and verifies an ECDSA signature.
|
* \brief This function reads and verifies an ECDSA signature.
|
||||||
*
|
*
|
||||||
|
|
|
@ -397,30 +397,6 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len
|
||||||
*/
|
*/
|
||||||
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
|
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
|
||||||
|
|
||||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
/**
|
|
||||||
* \brief This function updates the state of the HMAC_DRBG context.
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
|
|
||||||
* in 2.16.0.
|
|
||||||
*
|
|
||||||
* \param ctx The HMAC_DRBG context.
|
|
||||||
* \param additional The data to update the state with.
|
|
||||||
* If this is \c NULL, there is no additional data.
|
|
||||||
* \param add_len Length of \p additional in bytes.
|
|
||||||
* Unused if \p additional is \c NULL.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
|
|
||||||
mbedtls_hmac_drbg_context *ctx,
|
|
||||||
const unsigned char *additional, size_t add_len );
|
|
||||||
#undef MBEDTLS_DEPRECATED
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
/**
|
/**
|
||||||
* \brief This function writes a seed file.
|
* \brief This function writes a seed file.
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
/**
|
|
||||||
* \file net.h
|
|
||||||
*
|
|
||||||
* \brief Deprecated header file that includes net_sockets.h
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
|
||||||
*/
|
|
||||||
/*
|
|
||||||
* Copyright The Mbed TLS Contributors
|
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
* not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
||||||
#include "mbedtls/config.h"
|
|
||||||
#else
|
|
||||||
#include MBEDTLS_CONFIG_FILE
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#include "mbedtls/net_sockets.h"
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
|
@ -2859,34 +2859,6 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Set the Diffie-Hellman public P and G values,
|
|
||||||
* read as hexadecimal strings (server-side only)
|
|
||||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
|
|
||||||
*
|
|
||||||
* \param conf SSL configuration
|
|
||||||
* \param dhm_P Diffie-Hellman-Merkle modulus
|
|
||||||
* \param dhm_G Diffie-Hellman-Merkle generator
|
|
||||||
*
|
|
||||||
* \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin.
|
|
||||||
*
|
|
||||||
* \return 0 if successful
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
|
|
||||||
const char *dhm_P,
|
|
||||||
const char *dhm_G );
|
|
||||||
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the Diffie-Hellman public P and G values
|
* \brief Set the Diffie-Hellman public P and G values
|
||||||
* from big-endian binary presentations.
|
* from big-endian binary presentations.
|
||||||
|
@ -3659,32 +3631,6 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
* \return Current maximum fragment length for the output buffer.
|
* \return Current maximum fragment length for the output buffer.
|
||||||
*/
|
*/
|
||||||
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_DEPRECATED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief This function is a deprecated approach to getting the max
|
|
||||||
* fragment length. Its an alias for
|
|
||||||
* \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
|
|
||||||
* is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
|
|
||||||
* more detail.
|
|
||||||
*
|
|
||||||
* \sa mbedtls_ssl_get_input_max_frag_len()
|
|
||||||
* \sa mbedtls_ssl_get_output_max_frag_len()
|
|
||||||
*
|
|
||||||
* \param ssl SSL context
|
|
||||||
*
|
|
||||||
* \return Current maximum fragment length for the output buffer.
|
|
||||||
*/
|
|
||||||
MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
|
|
||||||
const mbedtls_ssl_context *ssl );
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -921,15 +921,6 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||||
}
|
}
|
||||||
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
|
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
|
||||||
const unsigned char input[16],
|
|
||||||
unsigned char output[16] )
|
|
||||||
{
|
|
||||||
mbedtls_internal_aes_encrypt( ctx, input, output );
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* AES-ECB block decryption
|
* AES-ECB block decryption
|
||||||
*/
|
*/
|
||||||
|
@ -994,15 +985,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||||
}
|
}
|
||||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
|
||||||
const unsigned char input[16],
|
|
||||||
unsigned char output[16] )
|
|
||||||
{
|
|
||||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* AES-ECB block encryption/decryption
|
* AES-ECB block encryption/decryption
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -2717,26 +2717,6 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
|
||||||
return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
|
return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
/*
|
|
||||||
* Pseudo-primality test, error probability 2^-80
|
|
||||||
*/
|
|
||||||
int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
|
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng )
|
|
||||||
{
|
|
||||||
MPI_VALIDATE_RET( X != NULL );
|
|
||||||
MPI_VALIDATE_RET( f_rng != NULL );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* In the past our key generation aimed for an error rate of at most
|
|
||||||
* 2^-80. Since this function is deprecated, aim for the same certainty
|
|
||||||
* here as well.
|
|
||||||
*/
|
|
||||||
return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prime number generation
|
* Prime number generation
|
||||||
*
|
*
|
||||||
|
|
|
@ -1288,8 +1288,8 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||||
/*
|
/*
|
||||||
* Packet-oriented encryption for AEAD modes: internal function shared by
|
* Packet-oriented encryption for AEAD modes: internal function used by
|
||||||
* mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
|
* mbedtls_cipher_auth_encrypt_ext().
|
||||||
*/
|
*/
|
||||||
static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
|
static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
|
||||||
const unsigned char *iv, size_t iv_len,
|
const unsigned char *iv, size_t iv_len,
|
||||||
|
@ -1368,8 +1368,8 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Packet-oriented encryption for AEAD modes: internal function shared by
|
* Packet-oriented encryption for AEAD modes: internal function used by
|
||||||
* mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
|
* mbedtls_cipher_auth_encrypt_ext().
|
||||||
*/
|
*/
|
||||||
static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
|
static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
|
||||||
const unsigned char *iv, size_t iv_len,
|
const unsigned char *iv, size_t iv_len,
|
||||||
|
@ -1468,54 +1468,6 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
|
||||||
|
|
||||||
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
/*
|
|
||||||
* Packet-oriented encryption for AEAD modes: public legacy function.
|
|
||||||
*/
|
|
||||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|
||||||
const unsigned char *iv, size_t iv_len,
|
|
||||||
const unsigned char *ad, size_t ad_len,
|
|
||||||
const unsigned char *input, size_t ilen,
|
|
||||||
unsigned char *output, size_t *olen,
|
|
||||||
unsigned char *tag, size_t tag_len )
|
|
||||||
{
|
|
||||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( olen != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
|
||||||
|
|
||||||
return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
|
|
||||||
input, ilen, output, olen,
|
|
||||||
tag, tag_len ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Packet-oriented decryption for AEAD modes: public legacy function.
|
|
||||||
*/
|
|
||||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
|
||||||
const unsigned char *iv, size_t iv_len,
|
|
||||||
const unsigned char *ad, size_t ad_len,
|
|
||||||
const unsigned char *input, size_t ilen,
|
|
||||||
unsigned char *output, size_t *olen,
|
|
||||||
const unsigned char *tag, size_t tag_len )
|
|
||||||
{
|
|
||||||
CIPHER_VALIDATE_RET( ctx != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( olen != NULL );
|
|
||||||
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
|
||||||
|
|
||||||
return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
|
|
||||||
input, ilen, output, olen,
|
|
||||||
tag, tag_len ) );
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
|
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||||
|
|
|
@ -304,7 +304,7 @@ exit:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
|
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
|
||||||
* mbedtls_ctr_drbg_update(ctx, additional, add_len)
|
* mbedtls_ctr_drbg_update_ret(ctx, additional, add_len)
|
||||||
* implements
|
* implements
|
||||||
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
|
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
|
||||||
* security_strength) -> initial_working_state
|
* security_strength) -> initial_working_state
|
||||||
|
@ -335,19 +335,6 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
|
||||||
const unsigned char *additional,
|
|
||||||
size_t add_len )
|
|
||||||
{
|
|
||||||
/* MAX_INPUT would be more logical here, but we have to match
|
|
||||||
* block_cipher_df()'s limits since we can't propagate errors */
|
|
||||||
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
|
|
||||||
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
|
|
||||||
(void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
|
/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
|
||||||
* mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len)
|
* mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len)
|
||||||
* implements
|
* implements
|
||||||
|
|
116
library/ecdsa.c
116
library/ecdsa.c
|
@ -420,6 +420,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||||
/*
|
/*
|
||||||
* Deterministic signature wrapper
|
* Deterministic signature wrapper
|
||||||
|
*
|
||||||
|
* note: The f_rng_blind parameter must not be NULL.
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
|
static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
|
||||||
mbedtls_mpi *r, mbedtls_mpi *s,
|
mbedtls_mpi *r, mbedtls_mpi *s,
|
||||||
|
@ -475,69 +478,9 @@ sign:
|
||||||
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
|
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
|
||||||
mbedtls_hmac_drbg_random, p_rng );
|
mbedtls_hmac_drbg_random, p_rng );
|
||||||
#else
|
#else
|
||||||
if( f_rng_blind != NULL )
|
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
|
||||||
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
|
mbedtls_hmac_drbg_random, p_rng,
|
||||||
mbedtls_hmac_drbg_random, p_rng,
|
f_rng_blind, p_rng_blind, rs_ctx );
|
||||||
f_rng_blind, p_rng_blind, rs_ctx );
|
|
||||||
else
|
|
||||||
{
|
|
||||||
mbedtls_hmac_drbg_context *p_rng_blind_det;
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_ECP_RESTARTABLE)
|
|
||||||
/*
|
|
||||||
* To avoid reusing rng_ctx and risking incorrect behavior we seed a
|
|
||||||
* second HMAC-DRBG with the same seed. We also apply a label to avoid
|
|
||||||
* reusing the bits of the ephemeral key for blinding and eliminate the
|
|
||||||
* risk that they leak this way.
|
|
||||||
*/
|
|
||||||
const char* blind_label = "BLINDING CONTEXT";
|
|
||||||
mbedtls_hmac_drbg_context rng_ctx_blind;
|
|
||||||
|
|
||||||
mbedtls_hmac_drbg_init( &rng_ctx_blind );
|
|
||||||
p_rng_blind_det = &rng_ctx_blind;
|
|
||||||
mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info,
|
|
||||||
data, 2 * grp_len );
|
|
||||||
ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det,
|
|
||||||
(const unsigned char*) blind_label,
|
|
||||||
strlen( blind_label ) );
|
|
||||||
if( ret != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_hmac_drbg_free( &rng_ctx_blind );
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
/*
|
|
||||||
* In the case of restartable computations we would either need to store
|
|
||||||
* the second RNG in the restart context too or set it up at every
|
|
||||||
* restart. The first option would penalize the correct application of
|
|
||||||
* the function and the second would defeat the purpose of the
|
|
||||||
* restartable feature.
|
|
||||||
*
|
|
||||||
* Therefore in this case we reuse the original RNG. This comes with the
|
|
||||||
* price that the resulting signature might not be a valid deterministic
|
|
||||||
* ECDSA signature with a very low probability (same magnitude as
|
|
||||||
* successfully guessing the private key). However even then it is still
|
|
||||||
* a valid ECDSA signature.
|
|
||||||
*/
|
|
||||||
p_rng_blind_det = p_rng;
|
|
||||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Since the output of the RNGs is always the same for the same key and
|
|
||||||
* message, this limits the efficiency of blinding and leaks information
|
|
||||||
* through side channels. After mbedtls_ecdsa_sign_det() is removed NULL
|
|
||||||
* won't be a valid value for f_rng_blind anymore. Therefore it should
|
|
||||||
* be checked by the caller and this branch and check can be removed.
|
|
||||||
*/
|
|
||||||
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
|
|
||||||
mbedtls_hmac_drbg_random, p_rng,
|
|
||||||
mbedtls_hmac_drbg_random, p_rng_blind_det,
|
|
||||||
rs_ctx );
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_ECP_RESTARTABLE)
|
|
||||||
mbedtls_hmac_drbg_free( &rng_ctx_blind );
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
|
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
@ -550,26 +493,8 @@ cleanup:
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Deterministic signature wrappers
|
* Deterministic signature wrapper
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
|
||||||
mbedtls_mpi *s, const mbedtls_mpi *d,
|
|
||||||
const unsigned char *buf, size_t blen,
|
|
||||||
mbedtls_md_type_t md_alg )
|
|
||||||
{
|
|
||||||
ECDSA_VALIDATE_RET( grp != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( r != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( s != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( d != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
|
|
||||||
|
|
||||||
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
|
|
||||||
NULL, NULL, NULL ) );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
||||||
mbedtls_mpi *s, const mbedtls_mpi *d,
|
mbedtls_mpi *s, const mbedtls_mpi *d,
|
||||||
const unsigned char *buf, size_t blen,
|
const unsigned char *buf, size_t blen,
|
||||||
|
@ -756,10 +681,13 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_mpi r, s;
|
mbedtls_mpi r, s;
|
||||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
ECDSA_VALIDATE_RET( ctx != NULL );
|
||||||
ECDSA_VALIDATE_RET( hash != NULL );
|
ECDSA_VALIDATE_RET( hash != NULL );
|
||||||
ECDSA_VALIDATE_RET( sig != NULL );
|
ECDSA_VALIDATE_RET( sig != NULL );
|
||||||
ECDSA_VALIDATE_RET( slen != NULL );
|
ECDSA_VALIDATE_RET( slen != NULL );
|
||||||
|
|
||||||
|
if( f_rng == NULL )
|
||||||
|
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||||
|
|
||||||
mbedtls_mpi_init( &r );
|
mbedtls_mpi_init( &r );
|
||||||
mbedtls_mpi_init( &s );
|
mbedtls_mpi_init( &s );
|
||||||
|
@ -811,22 +739,6 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
|
||||||
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
|
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
|
|
||||||
defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
|
||||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|
||||||
const unsigned char *hash, size_t hlen,
|
|
||||||
unsigned char *sig, size_t *slen,
|
|
||||||
mbedtls_md_type_t md_alg )
|
|
||||||
{
|
|
||||||
ECDSA_VALIDATE_RET( ctx != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( hash != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( sig != NULL );
|
|
||||||
ECDSA_VALIDATE_RET( slen != NULL );
|
|
||||||
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
|
|
||||||
NULL, NULL ) );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read and check signature
|
* Read and check signature
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -104,15 +104,6 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
|
|
||||||
const unsigned char *additional,
|
|
||||||
size_t add_len )
|
|
||||||
{
|
|
||||||
(void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
|
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -782,7 +782,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
&rec->data_len,
|
&rec->data_len,
|
||||||
transform->taglen ) ) != 0 )
|
transform->taglen ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
|
||||||
|
@ -1341,7 +1341,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
* explicit_iv_len Bytes preceeding data, and taglen
|
* explicit_iv_len Bytes preceeding data, and taglen
|
||||||
* bytes following data + data_len. This justifies
|
* bytes following data + data_len. This justifies
|
||||||
* the debug message and the invocation of
|
* the debug message and the invocation of
|
||||||
* mbedtls_cipher_auth_decrypt() below. */
|
* mbedtls_cipher_auth_decrypt_ext() below. */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
|
MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
|
||||||
|
@ -1357,7 +1357,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
data, rec->buf_len - (data - rec->buf), &olen, /* dst */
|
data, rec->buf_len - (data - rec->buf), &olen, /* dst */
|
||||||
transform->taglen ) ) != 0 )
|
transform->taglen ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt_ext", ret );
|
||||||
|
|
||||||
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
|
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
|
|
|
@ -4180,24 +4180,6 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
|
|
||||||
{
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
|
|
||||||
( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_mpi_free( &conf->dhm_P );
|
|
||||||
mbedtls_mpi_free( &conf->dhm_G );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
|
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
|
||||||
const unsigned char *dhm_P, size_t P_len,
|
const unsigned char *dhm_P, size_t P_len,
|
||||||
const unsigned char *dhm_G, size_t G_len )
|
const unsigned char *dhm_G, size_t G_len )
|
||||||
|
@ -4722,13 +4704,6 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
return( max_len );
|
return( max_len );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
|
||||||
{
|
|
||||||
return mbedtls_ssl_get_output_max_frag_len( ssl );
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|
|
@ -57,7 +57,6 @@
|
||||||
#include "mbedtls/md2.h"
|
#include "mbedtls/md2.h"
|
||||||
#include "mbedtls/md4.h"
|
#include "mbedtls/md4.h"
|
||||||
#include "mbedtls/md5.h"
|
#include "mbedtls/md5.h"
|
||||||
#include "mbedtls/net.h"
|
|
||||||
#include "mbedtls/net_sockets.h"
|
#include "mbedtls/net_sockets.h"
|
||||||
#include "mbedtls/nist_kw.h"
|
#include "mbedtls/nist_kw.h"
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
|
|
|
@ -422,124 +422,6 @@ void cipher_invalid_param_conditional( )
|
||||||
valid_buffer, valid_size,
|
valid_buffer, valid_size,
|
||||||
valid_buffer, NULL ) );
|
valid_buffer, NULL ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
|
||||||
/* mbedtls_cipher_auth_encrypt() */
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( NULL,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, NULL,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_encrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
NULL, valid_size ) );
|
|
||||||
|
|
||||||
/* mbedtls_cipher_auth_decrypt() */
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( NULL,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
NULL, &size_t_var,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, NULL,
|
|
||||||
valid_buffer, valid_size ) );
|
|
||||||
TEST_INVALID_PARAM_RET(
|
|
||||||
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
|
|
||||||
mbedtls_cipher_auth_decrypt( &valid_ctx,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, valid_size,
|
|
||||||
valid_buffer, &size_t_var,
|
|
||||||
NULL, valid_size ) );
|
|
||||||
#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||||
/* mbedtls_cipher_auth_encrypt_ext */
|
/* mbedtls_cipher_auth_encrypt_ext */
|
||||||
TEST_INVALID_PARAM_RET(
|
TEST_INVALID_PARAM_RET(
|
||||||
|
@ -1126,11 +1008,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||||
* of AEAD decryption and AEAD encryption. Check that
|
* of AEAD decryption and AEAD encryption. Check that
|
||||||
* this results in the expected plaintext, and that
|
* this results in the expected plaintext, and that
|
||||||
* decryption and encryption are inverse to one another.
|
* decryption and encryption are inverse to one another.
|
||||||
*
|
|
||||||
* Do that twice:
|
|
||||||
* - once with legacy functions auth_decrypt/auth_encrypt
|
|
||||||
* - once with new functions auth_decrypt_ext/auth_encrypt_ext
|
|
||||||
* This allows testing both without duplicating test cases.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -1146,13 +1023,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||||
unsigned char *encrypt_buf = NULL;
|
unsigned char *encrypt_buf = NULL;
|
||||||
size_t encrypt_buf_len = 0;
|
size_t encrypt_buf_len = 0;
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
|
|
||||||
!defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
unsigned char *tmp_tag = NULL;
|
|
||||||
unsigned char *tmp_cipher = NULL;
|
|
||||||
unsigned char *tag_buf = NULL;
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
/* Null pointers are documented as valid for inputs of length 0.
|
/* Null pointers are documented as valid for inputs of length 0.
|
||||||
* The test framework passes non-null pointers, so set them to NULL.
|
* The test framework passes non-null pointers, so set them to NULL.
|
||||||
* key, cipher and tag can't be empty. */
|
* key, cipher and tag can't be empty. */
|
||||||
|
@ -1184,12 +1054,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||||
cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
|
cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
|
||||||
using_nist_kw_padding;
|
using_nist_kw_padding;
|
||||||
|
|
||||||
/****************************************************************
|
|
||||||
* *
|
|
||||||
* Part 1: non-deprecated API *
|
|
||||||
* *
|
|
||||||
****************************************************************/
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare context for decryption
|
* Prepare context for decryption
|
||||||
*/
|
*/
|
||||||
|
@ -1253,7 +1117,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||||
ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
|
ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Free this, but keep cipher_plus_tag for deprecated function with PSA */
|
|
||||||
mbedtls_free( decrypt_buf );
|
mbedtls_free( decrypt_buf );
|
||||||
decrypt_buf = NULL;
|
decrypt_buf = NULL;
|
||||||
|
|
||||||
|
@ -1315,135 +1178,12 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||||
encrypt_buf = NULL;
|
encrypt_buf = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/****************************************************************
|
|
||||||
* *
|
|
||||||
* Part 2: deprecated API *
|
|
||||||
* *
|
|
||||||
****************************************************************/
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
|
|
||||||
!defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Prepare context for decryption
|
|
||||||
*/
|
|
||||||
if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
|
|
||||||
MBEDTLS_DECRYPT ) )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Prepare pointers for decryption
|
|
||||||
*/
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
if( use_psa == 1 )
|
|
||||||
{
|
|
||||||
/* PSA requires that the tag immediately follows the ciphertext.
|
|
||||||
* Fortunately, we already have that from testing the new API. */
|
|
||||||
tmp_cipher = cipher_plus_tag;
|
|
||||||
tmp_tag = tmp_cipher + cipher->len;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
||||||
{
|
|
||||||
tmp_cipher = cipher->x;
|
|
||||||
tmp_tag = tag->x;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Authenticate and decrypt, and check result
|
|
||||||
*/
|
|
||||||
|
|
||||||
ASSERT_ALLOC( decrypt_buf, cipher->len );
|
|
||||||
outlen = 0;
|
|
||||||
ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
|
|
||||||
tmp_cipher, cipher->len, decrypt_buf, &outlen,
|
|
||||||
tmp_tag, tag->len );
|
|
||||||
|
|
||||||
if( using_nist_kw )
|
|
||||||
{
|
|
||||||
/* NIST_KW with legacy API */
|
|
||||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
|
||||||
}
|
|
||||||
else if( strcmp( result, "FAIL" ) == 0 )
|
|
||||||
{
|
|
||||||
/* unauthentic message */
|
|
||||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
|
|
||||||
TEST_ASSERT( buffer_is_all_zero( decrypt_buf, cipher->len ) );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* authentic message: is the plaintext correct? */
|
|
||||||
TEST_ASSERT( ret == 0 );
|
|
||||||
ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_free( decrypt_buf );
|
|
||||||
decrypt_buf = NULL;
|
|
||||||
mbedtls_free( cipher_plus_tag );
|
|
||||||
cipher_plus_tag = NULL;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Encrypt back if test data was authentic
|
|
||||||
*/
|
|
||||||
if( strcmp( result, "FAIL" ) != 0 )
|
|
||||||
{
|
|
||||||
/* prepare context for encryption */
|
|
||||||
if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
|
|
||||||
MBEDTLS_ENCRYPT ) )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
/* prepare buffers for encryption */
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
if( use_psa )
|
|
||||||
{
|
|
||||||
ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len );
|
|
||||||
tmp_cipher = cipher_plus_tag;
|
|
||||||
tmp_tag = cipher_plus_tag + cipher->len;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
||||||
{
|
|
||||||
ASSERT_ALLOC( encrypt_buf, cipher->len );
|
|
||||||
ASSERT_ALLOC( tag_buf, tag->len );
|
|
||||||
tmp_cipher = encrypt_buf;
|
|
||||||
tmp_tag = tag_buf;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Encrypt and check the result
|
|
||||||
*/
|
|
||||||
outlen = 0;
|
|
||||||
ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
|
|
||||||
clear->x, clear->len, tmp_cipher, &outlen,
|
|
||||||
tmp_tag, tag->len );
|
|
||||||
|
|
||||||
if( using_nist_kw )
|
|
||||||
{
|
|
||||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
TEST_ASSERT( ret == 0 );
|
|
||||||
|
|
||||||
TEST_ASSERT( outlen == cipher->len );
|
|
||||||
if( cipher->len != 0 )
|
|
||||||
TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 );
|
|
||||||
TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
||||||
mbedtls_cipher_free( &ctx );
|
mbedtls_cipher_free( &ctx );
|
||||||
mbedtls_free( decrypt_buf );
|
mbedtls_free( decrypt_buf );
|
||||||
mbedtls_free( encrypt_buf );
|
mbedtls_free( encrypt_buf );
|
||||||
mbedtls_free( cipher_plus_tag );
|
mbedtls_free( cipher_plus_tag );
|
||||||
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
|
|
||||||
!defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
mbedtls_free( tag_buf );
|
|
||||||
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( use_psa == 1 )
|
if( use_psa == 1 )
|
||||||
|
|
|
@ -599,7 +599,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
||||||
cnt_restart = 0;
|
cnt_restart = 0;
|
||||||
do {
|
do {
|
||||||
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
||||||
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL,
|
||||||
|
&rs_ctx );
|
||||||
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
||||||
|
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
@ -614,7 +615,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg,
|
||||||
if( min_restart > 0 )
|
if( min_restart > 0 )
|
||||||
{
|
{
|
||||||
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
|
||||||
md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
|
md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL,
|
||||||
|
&rs_ctx );
|
||||||
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -821,7 +821,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
cnt_restart = 0;
|
cnt_restart = 0;
|
||||||
do {
|
do {
|
||||||
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
||||||
sig, &slen, NULL, NULL, &rs_ctx );
|
sig, &slen, mbedtls_test_rnd_std_rand,
|
||||||
|
NULL, &rs_ctx );
|
||||||
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
||||||
|
|
||||||
TEST_ASSERT( ret == 0 );
|
TEST_ASSERT( ret == 0 );
|
||||||
|
@ -868,7 +869,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
|
||||||
|
|
||||||
slen = sizeof( sig );
|
slen = sizeof( sig );
|
||||||
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
|
||||||
sig, &slen, NULL, NULL, &rs_ctx );
|
sig, &slen, mbedtls_test_rnd_std_rand,
|
||||||
|
NULL, &rs_ctx );
|
||||||
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -176,7 +176,6 @@
|
||||||
<ClInclude Include="..\..\include\mbedtls\md4.h" />
|
<ClInclude Include="..\..\include\mbedtls\md4.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\md5.h" />
|
<ClInclude Include="..\..\include\mbedtls\md5.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\memory_buffer_alloc.h" />
|
<ClInclude Include="..\..\include\mbedtls\memory_buffer_alloc.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\net.h" />
|
|
||||||
<ClInclude Include="..\..\include\mbedtls\net_sockets.h" />
|
<ClInclude Include="..\..\include\mbedtls\net_sockets.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\nist_kw.h" />
|
<ClInclude Include="..\..\include\mbedtls\nist_kw.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\oid.h" />
|
<ClInclude Include="..\..\include\mbedtls\oid.h" />
|
||||||
|
|
Loading…
Reference in a new issue