mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 20:01:02 +00:00
Merge pull request #787 from ARMmbed/dev/yanesca/mbedtls-2.16.9r0-pr
Prepare Release Candidate for Mbed TLS 2.16.9
This commit is contained in:
commit
3fac0bae4a
68
ChangeLog
68
ChangeLog
|
@ -1,5 +1,73 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS 2.16.9 branch released 2020-12-11
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Limit the size of calculations performed by mbedtls_mpi_exp_mod to
|
||||||
|
MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
|
||||||
|
generating Diffie-Hellman key pairs. Credit to OSS-Fuzz.
|
||||||
|
* A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
|
||||||
|
which is how most uses of randomization in asymmetric cryptography
|
||||||
|
(including key generation, intermediate value randomization and blinding)
|
||||||
|
are implemented. This could cause failures or the silent use of non-random
|
||||||
|
values. A random generator can fail if it needs reseeding and cannot not
|
||||||
|
obtain entropy, or due to an internal failure (which, for Mbed TLS's own
|
||||||
|
CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
|
||||||
|
* Fix a compliance issue whereby we were not checking the tag on the
|
||||||
|
algorithm parameters (only the size) when comparing the signature in the
|
||||||
|
description part of the cert to the real signature. This meant that a
|
||||||
|
NULL algorithm parameters entry would look identical to an array of REAL
|
||||||
|
(size zero) to the library and thus the certificate would be considered
|
||||||
|
valid. However, if the parameters do not match in *any* way then the
|
||||||
|
certificate should be considered invalid, and indeed OpenSSL marks these
|
||||||
|
certs as invalid when mbedtls did not.
|
||||||
|
Many thanks to guidovranken who found this issue via differential fuzzing
|
||||||
|
and reported it in #3629.
|
||||||
|
* Zeroising of local buffers and variables which are used for calculations
|
||||||
|
in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
|
||||||
|
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
|
||||||
|
functions to erase sensitive data from memory. Reported by
|
||||||
|
Johan Malmgren and Johan Uppman Bruce from Sectra.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
|
||||||
|
when the input has trailing garbage. Fixes #2512.
|
||||||
|
* Fix rsa_prepare_blinding() to retry when the blinding value is not
|
||||||
|
invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
|
||||||
|
addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
|
||||||
|
Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
|
||||||
|
Fixes #3647.
|
||||||
|
* Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
|
||||||
|
Fix #3432.
|
||||||
|
* Correct the default IV size for mbedtls_cipher_info_t structures using
|
||||||
|
MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
|
||||||
|
* Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
|
||||||
|
defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.
|
||||||
|
* Fix build failures on GCC 11. Fixes #3782.
|
||||||
|
* Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
|
||||||
|
(an error condition) and the second operand was aliased to the result.
|
||||||
|
* Fix a case in elliptic curve arithmetic where an out-of-memory condition
|
||||||
|
could go undetected, resulting in an incorrect result.
|
||||||
|
* In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
|
||||||
|
Fixes #2927.
|
||||||
|
* In PEM writing functions, fill the trailing part of the buffer with null
|
||||||
|
bytes. This guarantees that the corresponding parsing function can read
|
||||||
|
the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
|
||||||
|
until this property was inadvertently broken in Mbed TLS 2.19.0.
|
||||||
|
Fixes #3682.
|
||||||
|
* Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
|
||||||
|
option on. In this configuration key management methods that are required
|
||||||
|
for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
|
||||||
|
Fixes #3818. Reported by John Stroebel.
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Reduce stack usage significantly during sliding window exponentiation.
|
||||||
|
Reported in #3591 and fix contributed in #3592 by Daniel Otte.
|
||||||
|
* Remove the zeroization of a pointer variable in AES rounds. It was valid
|
||||||
|
but spurious and misleading since it looked like a mistaken attempt to
|
||||||
|
zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
|
||||||
|
Leti, France.
|
||||||
|
|
||||||
= mbed TLS 2.16.8 branch released 2020-09-01
|
= mbed TLS 2.16.8 branch released 2020-09-01
|
||||||
|
|
||||||
Features
|
Features
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
|
|
||||||
Fix #3432.
|
|
|
@ -1,3 +0,0 @@
|
||||||
Changes
|
|
||||||
* Reduce stack usage significantly during sliding window exponentiation.
|
|
||||||
Reported in #3591 and fix contributed in #3592 by Daniel Otte.
|
|
|
@ -1,5 +0,0 @@
|
||||||
Changes
|
|
||||||
* Remove the zeroization of a pointer variable in AES rounds. It was valid
|
|
||||||
but spurious and misleading since it looked like a mistaken attempt to
|
|
||||||
zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
|
|
||||||
Leti, France.
|
|
|
@ -1,3 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
|
|
||||||
defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.
|
|
|
@ -1,3 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
|
|
||||||
Fixes #2927.
|
|
|
@ -1,2 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix build failures on GCC 11. Fixes #3782.
|
|
|
@ -1,6 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* In PEM writing functions, fill the trailing part of the buffer with null
|
|
||||||
bytes. This guarantees that the corresponding parsing function can read
|
|
||||||
the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
|
|
||||||
until this property was inadvertently broken in Mbed TLS 2.19.0.
|
|
||||||
Fixes #3682.
|
|
|
@ -1,3 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Correct the default IV size for mbedtls_cipher_info_t structures using
|
|
||||||
MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
|
|
|
@ -1,5 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
|
|
||||||
(an error condition) and the second operand was aliased to the result.
|
|
||||||
* Fix a case in elliptic curve arithmetic where an out-of-memory condition
|
|
||||||
could go undetected, resulting in an incorrect result.
|
|
|
@ -1,6 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix rsa_prepare_blinding() to retry when the blinding value is not
|
|
||||||
invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
|
|
||||||
addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
|
|
||||||
Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
|
|
||||||
Fixes #3647.
|
|
|
@ -49,7 +49,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @mainpage mbed TLS v2.16.8 source code documentation
|
* @mainpage mbed TLS v2.16.9 source code documentation
|
||||||
*
|
*
|
||||||
* This documentation describes the internal structure of mbed TLS. It was
|
* This documentation describes the internal structure of mbed TLS. It was
|
||||||
* automatically generated from specially formatted comment blocks in
|
* automatically generated from specially formatted comment blocks in
|
||||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
||||||
# identify the project. Note that if you do not use Doxywizard you need
|
# identify the project. Note that if you do not use Doxywizard you need
|
||||||
# to put quotes around the project name if it contains spaces.
|
# to put quotes around the project name if it contains spaces.
|
||||||
|
|
||||||
PROJECT_NAME = "mbed TLS v2.16.8"
|
PROJECT_NAME = "mbed TLS v2.16.9"
|
||||||
|
|
||||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||||
# This could be handy for archiving the generated documentation or
|
# This could be handy for archiving the generated documentation or
|
||||||
|
|
|
@ -65,16 +65,16 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_MAJOR 2
|
#define MBEDTLS_VERSION_MAJOR 2
|
||||||
#define MBEDTLS_VERSION_MINOR 16
|
#define MBEDTLS_VERSION_MINOR 16
|
||||||
#define MBEDTLS_VERSION_PATCH 8
|
#define MBEDTLS_VERSION_PATCH 9
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The single version number has the following structure:
|
* The single version number has the following structure:
|
||||||
* MMNNPP00
|
* MMNNPP00
|
||||||
* Major version | Minor version | Patch version
|
* Major version | Minor version | Patch version
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_NUMBER 0x02100800
|
#define MBEDTLS_VERSION_NUMBER 0x02100900
|
||||||
#define MBEDTLS_VERSION_STRING "2.16.8"
|
#define MBEDTLS_VERSION_STRING "2.16.9"
|
||||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.8"
|
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.9"
|
||||||
|
|
||||||
#if defined(MBEDTLS_VERSION_C)
|
#if defined(MBEDTLS_VERSION_C)
|
||||||
|
|
||||||
|
|
|
@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
||||||
|
|
||||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||||
add_library(mbedcrypto SHARED ${src_crypto})
|
add_library(mbedcrypto SHARED ${src_crypto})
|
||||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.8 SOVERSION 3)
|
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3)
|
||||||
target_link_libraries(mbedcrypto ${libs})
|
target_link_libraries(mbedcrypto ${libs})
|
||||||
|
|
||||||
add_library(mbedx509 SHARED ${src_x509})
|
add_library(mbedx509 SHARED ${src_x509})
|
||||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.8 SOVERSION 0)
|
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0)
|
||||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||||
|
|
||||||
add_library(mbedtls SHARED ${src_tls})
|
add_library(mbedtls SHARED ${src_tls})
|
||||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.8 SOVERSION 12)
|
set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12)
|
||||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||||
|
|
||||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||||
|
|
|
@ -2061,6 +2061,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
|
||||||
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
|
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
|
||||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
|
||||||
|
mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
|
||||||
|
return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Init temps and window size
|
* Init temps and window size
|
||||||
*/
|
*/
|
||||||
|
@ -2337,7 +2341,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
||||||
|
|
||||||
Xp = (unsigned char*) X->p;
|
Xp = (unsigned char*) X->p;
|
||||||
f_rng( p_rng, Xp + overhead, size );
|
MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) );
|
||||||
|
|
||||||
mpi_bigendian_to_host( X->p, limbs );
|
mpi_bigendian_to_host( X->p, limbs );
|
||||||
|
|
||||||
|
|
|
@ -177,6 +177,9 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
|
||||||
t = ctx->cksum[i];
|
t = ctx->cksum[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Zeroise variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
152
library/md4.c
152
library/md4.c
|
@ -143,31 +143,34 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx )
|
||||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||||
const unsigned char data[64] )
|
const unsigned char data[64] )
|
||||||
{
|
{
|
||||||
uint32_t X[16], A, B, C, D;
|
struct
|
||||||
|
{
|
||||||
|
uint32_t X[16], A, B, C, D;
|
||||||
|
} local;
|
||||||
|
|
||||||
GET_UINT32_LE( X[ 0], data, 0 );
|
GET_UINT32_LE( local.X[ 0], data, 0 );
|
||||||
GET_UINT32_LE( X[ 1], data, 4 );
|
GET_UINT32_LE( local.X[ 1], data, 4 );
|
||||||
GET_UINT32_LE( X[ 2], data, 8 );
|
GET_UINT32_LE( local.X[ 2], data, 8 );
|
||||||
GET_UINT32_LE( X[ 3], data, 12 );
|
GET_UINT32_LE( local.X[ 3], data, 12 );
|
||||||
GET_UINT32_LE( X[ 4], data, 16 );
|
GET_UINT32_LE( local.X[ 4], data, 16 );
|
||||||
GET_UINT32_LE( X[ 5], data, 20 );
|
GET_UINT32_LE( local.X[ 5], data, 20 );
|
||||||
GET_UINT32_LE( X[ 6], data, 24 );
|
GET_UINT32_LE( local.X[ 6], data, 24 );
|
||||||
GET_UINT32_LE( X[ 7], data, 28 );
|
GET_UINT32_LE( local.X[ 7], data, 28 );
|
||||||
GET_UINT32_LE( X[ 8], data, 32 );
|
GET_UINT32_LE( local.X[ 8], data, 32 );
|
||||||
GET_UINT32_LE( X[ 9], data, 36 );
|
GET_UINT32_LE( local.X[ 9], data, 36 );
|
||||||
GET_UINT32_LE( X[10], data, 40 );
|
GET_UINT32_LE( local.X[10], data, 40 );
|
||||||
GET_UINT32_LE( X[11], data, 44 );
|
GET_UINT32_LE( local.X[11], data, 44 );
|
||||||
GET_UINT32_LE( X[12], data, 48 );
|
GET_UINT32_LE( local.X[12], data, 48 );
|
||||||
GET_UINT32_LE( X[13], data, 52 );
|
GET_UINT32_LE( local.X[13], data, 52 );
|
||||||
GET_UINT32_LE( X[14], data, 56 );
|
GET_UINT32_LE( local.X[14], data, 56 );
|
||||||
GET_UINT32_LE( X[15], data, 60 );
|
GET_UINT32_LE( local.X[15], data, 60 );
|
||||||
|
|
||||||
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
||||||
|
|
||||||
A = ctx->state[0];
|
local.A = ctx->state[0];
|
||||||
B = ctx->state[1];
|
local.B = ctx->state[1];
|
||||||
C = ctx->state[2];
|
local.C = ctx->state[2];
|
||||||
D = ctx->state[3];
|
local.D = ctx->state[3];
|
||||||
|
|
||||||
#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
|
#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
|
||||||
#define P(a,b,c,d,x,s) \
|
#define P(a,b,c,d,x,s) \
|
||||||
|
@ -178,22 +181,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
|
|
||||||
P( A, B, C, D, X[ 0], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
|
||||||
P( D, A, B, C, X[ 1], 7 );
|
P( local.D, local.A, local.B, local.C, local.X[ 1], 7 );
|
||||||
P( C, D, A, B, X[ 2], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 2], 11 );
|
||||||
P( B, C, D, A, X[ 3], 19 );
|
P( local.B, local.C, local.D, local.A, local.X[ 3], 19 );
|
||||||
P( A, B, C, D, X[ 4], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 4], 3 );
|
||||||
P( D, A, B, C, X[ 5], 7 );
|
P( local.D, local.A, local.B, local.C, local.X[ 5], 7 );
|
||||||
P( C, D, A, B, X[ 6], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
|
||||||
P( B, C, D, A, X[ 7], 19 );
|
P( local.B, local.C, local.D, local.A, local.X[ 7], 19 );
|
||||||
P( A, B, C, D, X[ 8], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 8], 3 );
|
||||||
P( D, A, B, C, X[ 9], 7 );
|
P( local.D, local.A, local.B, local.C, local.X[ 9], 7 );
|
||||||
P( C, D, A, B, X[10], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[10], 11 );
|
||||||
P( B, C, D, A, X[11], 19 );
|
P( local.B, local.C, local.D, local.A, local.X[11], 19 );
|
||||||
P( A, B, C, D, X[12], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[12], 3 );
|
||||||
P( D, A, B, C, X[13], 7 );
|
P( local.D, local.A, local.B, local.C, local.X[13], 7 );
|
||||||
P( C, D, A, B, X[14], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[14], 11 );
|
||||||
P( B, C, D, A, X[15], 19 );
|
P( local.B, local.C, local.D, local.A, local.X[15], 19 );
|
||||||
|
|
||||||
#undef P
|
#undef P
|
||||||
#undef F
|
#undef F
|
||||||
|
@ -206,22 +209,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||||
(a) = S((a),(s)); \
|
(a) = S((a),(s)); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
P( A, B, C, D, X[ 0], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
|
||||||
P( D, A, B, C, X[ 4], 5 );
|
P( local.D, local.A, local.B, local.C, local.X[ 4], 5 );
|
||||||
P( C, D, A, B, X[ 8], 9 );
|
P( local.C, local.D, local.A, local.B, local.X[ 8], 9 );
|
||||||
P( B, C, D, A, X[12], 13 );
|
P( local.B, local.C, local.D, local.A, local.X[12], 13 );
|
||||||
P( A, B, C, D, X[ 1], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
|
||||||
P( D, A, B, C, X[ 5], 5 );
|
P( local.D, local.A, local.B, local.C, local.X[ 5], 5 );
|
||||||
P( C, D, A, B, X[ 9], 9 );
|
P( local.C, local.D, local.A, local.B, local.X[ 9], 9 );
|
||||||
P( B, C, D, A, X[13], 13 );
|
P( local.B, local.C, local.D, local.A, local.X[13], 13 );
|
||||||
P( A, B, C, D, X[ 2], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
|
||||||
P( D, A, B, C, X[ 6], 5 );
|
P( local.D, local.A, local.B, local.C, local.X[ 6], 5 );
|
||||||
P( C, D, A, B, X[10], 9 );
|
P( local.C, local.D, local.A, local.B, local.X[10], 9 );
|
||||||
P( B, C, D, A, X[14], 13 );
|
P( local.B, local.C, local.D, local.A, local.X[14], 13 );
|
||||||
P( A, B, C, D, X[ 3], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
|
||||||
P( D, A, B, C, X[ 7], 5 );
|
P( local.D, local.A, local.B, local.C, local.X[ 7], 5 );
|
||||||
P( C, D, A, B, X[11], 9 );
|
P( local.C, local.D, local.A, local.B, local.X[11], 9 );
|
||||||
P( B, C, D, A, X[15], 13 );
|
P( local.B, local.C, local.D, local.A, local.X[15], 13 );
|
||||||
|
|
||||||
#undef P
|
#undef P
|
||||||
#undef F
|
#undef F
|
||||||
|
@ -234,30 +237,33 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||||
(a) = S((a),(s)); \
|
(a) = S((a),(s)); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
P( A, B, C, D, X[ 0], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
|
||||||
P( D, A, B, C, X[ 8], 9 );
|
P( local.D, local.A, local.B, local.C, local.X[ 8], 9 );
|
||||||
P( C, D, A, B, X[ 4], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 4], 11 );
|
||||||
P( B, C, D, A, X[12], 15 );
|
P( local.B, local.C, local.D, local.A, local.X[12], 15 );
|
||||||
P( A, B, C, D, X[ 2], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
|
||||||
P( D, A, B, C, X[10], 9 );
|
P( local.D, local.A, local.B, local.C, local.X[10], 9 );
|
||||||
P( C, D, A, B, X[ 6], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
|
||||||
P( B, C, D, A, X[14], 15 );
|
P( local.B, local.C, local.D, local.A, local.X[14], 15 );
|
||||||
P( A, B, C, D, X[ 1], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
|
||||||
P( D, A, B, C, X[ 9], 9 );
|
P( local.D, local.A, local.B, local.C, local.X[ 9], 9 );
|
||||||
P( C, D, A, B, X[ 5], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 5], 11 );
|
||||||
P( B, C, D, A, X[13], 15 );
|
P( local.B, local.C, local.D, local.A, local.X[13], 15 );
|
||||||
P( A, B, C, D, X[ 3], 3 );
|
P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
|
||||||
P( D, A, B, C, X[11], 9 );
|
P( local.D, local.A, local.B, local.C, local.X[11], 9 );
|
||||||
P( C, D, A, B, X[ 7], 11 );
|
P( local.C, local.D, local.A, local.B, local.X[ 7], 11 );
|
||||||
P( B, C, D, A, X[15], 15 );
|
P( local.B, local.C, local.D, local.A, local.X[15], 15 );
|
||||||
|
|
||||||
#undef F
|
#undef F
|
||||||
#undef P
|
#undef P
|
||||||
|
|
||||||
ctx->state[0] += A;
|
ctx->state[0] += local.A;
|
||||||
ctx->state[1] += B;
|
ctx->state[1] += local.B;
|
||||||
ctx->state[2] += C;
|
ctx->state[2] += local.C;
|
||||||
ctx->state[3] += D;
|
ctx->state[3] += local.D;
|
||||||
|
|
||||||
|
/* Zeroise variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
194
library/md5.c
194
library/md5.c
|
@ -142,128 +142,134 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx )
|
||||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||||
const unsigned char data[64] )
|
const unsigned char data[64] )
|
||||||
{
|
{
|
||||||
uint32_t X[16], A, B, C, D;
|
struct
|
||||||
|
{
|
||||||
|
uint32_t X[16], A, B, C, D;
|
||||||
|
} local;
|
||||||
|
|
||||||
GET_UINT32_LE( X[ 0], data, 0 );
|
GET_UINT32_LE( local.X[ 0], data, 0 );
|
||||||
GET_UINT32_LE( X[ 1], data, 4 );
|
GET_UINT32_LE( local.X[ 1], data, 4 );
|
||||||
GET_UINT32_LE( X[ 2], data, 8 );
|
GET_UINT32_LE( local.X[ 2], data, 8 );
|
||||||
GET_UINT32_LE( X[ 3], data, 12 );
|
GET_UINT32_LE( local.X[ 3], data, 12 );
|
||||||
GET_UINT32_LE( X[ 4], data, 16 );
|
GET_UINT32_LE( local.X[ 4], data, 16 );
|
||||||
GET_UINT32_LE( X[ 5], data, 20 );
|
GET_UINT32_LE( local.X[ 5], data, 20 );
|
||||||
GET_UINT32_LE( X[ 6], data, 24 );
|
GET_UINT32_LE( local.X[ 6], data, 24 );
|
||||||
GET_UINT32_LE( X[ 7], data, 28 );
|
GET_UINT32_LE( local.X[ 7], data, 28 );
|
||||||
GET_UINT32_LE( X[ 8], data, 32 );
|
GET_UINT32_LE( local.X[ 8], data, 32 );
|
||||||
GET_UINT32_LE( X[ 9], data, 36 );
|
GET_UINT32_LE( local.X[ 9], data, 36 );
|
||||||
GET_UINT32_LE( X[10], data, 40 );
|
GET_UINT32_LE( local.X[10], data, 40 );
|
||||||
GET_UINT32_LE( X[11], data, 44 );
|
GET_UINT32_LE( local.X[11], data, 44 );
|
||||||
GET_UINT32_LE( X[12], data, 48 );
|
GET_UINT32_LE( local.X[12], data, 48 );
|
||||||
GET_UINT32_LE( X[13], data, 52 );
|
GET_UINT32_LE( local.X[13], data, 52 );
|
||||||
GET_UINT32_LE( X[14], data, 56 );
|
GET_UINT32_LE( local.X[14], data, 56 );
|
||||||
GET_UINT32_LE( X[15], data, 60 );
|
GET_UINT32_LE( local.X[15], data, 60 );
|
||||||
|
|
||||||
#define S(x,n) \
|
#define S(x,n) \
|
||||||
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
|
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
|
||||||
|
|
||||||
#define P(a,b,c,d,k,s,t) \
|
#define P(a,b,c,d,k,s,t) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
(a) += F((b),(c),(d)) + X[(k)] + (t); \
|
(a) += F((b),(c),(d)) + local.X[(k)] + (t); \
|
||||||
(a) = S((a),(s)) + (b); \
|
(a) = S((a),(s)) + (b); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
A = ctx->state[0];
|
local.A = ctx->state[0];
|
||||||
B = ctx->state[1];
|
local.B = ctx->state[1];
|
||||||
C = ctx->state[2];
|
local.C = ctx->state[2];
|
||||||
D = ctx->state[3];
|
local.D = ctx->state[3];
|
||||||
|
|
||||||
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
||||||
|
|
||||||
P( A, B, C, D, 0, 7, 0xD76AA478 );
|
P( local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478 );
|
||||||
P( D, A, B, C, 1, 12, 0xE8C7B756 );
|
P( local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756 );
|
||||||
P( C, D, A, B, 2, 17, 0x242070DB );
|
P( local.C, local.D, local.A, local.B, 2, 17, 0x242070DB );
|
||||||
P( B, C, D, A, 3, 22, 0xC1BDCEEE );
|
P( local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE );
|
||||||
P( A, B, C, D, 4, 7, 0xF57C0FAF );
|
P( local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF );
|
||||||
P( D, A, B, C, 5, 12, 0x4787C62A );
|
P( local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A );
|
||||||
P( C, D, A, B, 6, 17, 0xA8304613 );
|
P( local.C, local.D, local.A, local.B, 6, 17, 0xA8304613 );
|
||||||
P( B, C, D, A, 7, 22, 0xFD469501 );
|
P( local.B, local.C, local.D, local.A, 7, 22, 0xFD469501 );
|
||||||
P( A, B, C, D, 8, 7, 0x698098D8 );
|
P( local.A, local.B, local.C, local.D, 8, 7, 0x698098D8 );
|
||||||
P( D, A, B, C, 9, 12, 0x8B44F7AF );
|
P( local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF );
|
||||||
P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
|
P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 );
|
||||||
P( B, C, D, A, 11, 22, 0x895CD7BE );
|
P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE );
|
||||||
P( A, B, C, D, 12, 7, 0x6B901122 );
|
P( local.A, local.B, local.C, local.D, 12, 7, 0x6B901122 );
|
||||||
P( D, A, B, C, 13, 12, 0xFD987193 );
|
P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 );
|
||||||
P( C, D, A, B, 14, 17, 0xA679438E );
|
P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E );
|
||||||
P( B, C, D, A, 15, 22, 0x49B40821 );
|
P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 );
|
||||||
|
|
||||||
#undef F
|
#undef F
|
||||||
|
|
||||||
#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
|
#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
|
||||||
|
|
||||||
P( A, B, C, D, 1, 5, 0xF61E2562 );
|
P( local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562 );
|
||||||
P( D, A, B, C, 6, 9, 0xC040B340 );
|
P( local.D, local.A, local.B, local.C, 6, 9, 0xC040B340 );
|
||||||
P( C, D, A, B, 11, 14, 0x265E5A51 );
|
P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 );
|
||||||
P( B, C, D, A, 0, 20, 0xE9B6C7AA );
|
P( local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA );
|
||||||
P( A, B, C, D, 5, 5, 0xD62F105D );
|
P( local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D );
|
||||||
P( D, A, B, C, 10, 9, 0x02441453 );
|
P( local.D, local.A, local.B, local.C, 10, 9, 0x02441453 );
|
||||||
P( C, D, A, B, 15, 14, 0xD8A1E681 );
|
P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 );
|
||||||
P( B, C, D, A, 4, 20, 0xE7D3FBC8 );
|
P( local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8 );
|
||||||
P( A, B, C, D, 9, 5, 0x21E1CDE6 );
|
P( local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6 );
|
||||||
P( D, A, B, C, 14, 9, 0xC33707D6 );
|
P( local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6 );
|
||||||
P( C, D, A, B, 3, 14, 0xF4D50D87 );
|
P( local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87 );
|
||||||
P( B, C, D, A, 8, 20, 0x455A14ED );
|
P( local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED );
|
||||||
P( A, B, C, D, 13, 5, 0xA9E3E905 );
|
P( local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905 );
|
||||||
P( D, A, B, C, 2, 9, 0xFCEFA3F8 );
|
P( local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8 );
|
||||||
P( C, D, A, B, 7, 14, 0x676F02D9 );
|
P( local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9 );
|
||||||
P( B, C, D, A, 12, 20, 0x8D2A4C8A );
|
P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A );
|
||||||
|
|
||||||
#undef F
|
#undef F
|
||||||
|
|
||||||
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
||||||
|
|
||||||
P( A, B, C, D, 5, 4, 0xFFFA3942 );
|
P( local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942 );
|
||||||
P( D, A, B, C, 8, 11, 0x8771F681 );
|
P( local.D, local.A, local.B, local.C, 8, 11, 0x8771F681 );
|
||||||
P( C, D, A, B, 11, 16, 0x6D9D6122 );
|
P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 );
|
||||||
P( B, C, D, A, 14, 23, 0xFDE5380C );
|
P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C );
|
||||||
P( A, B, C, D, 1, 4, 0xA4BEEA44 );
|
P( local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44 );
|
||||||
P( D, A, B, C, 4, 11, 0x4BDECFA9 );
|
P( local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9 );
|
||||||
P( C, D, A, B, 7, 16, 0xF6BB4B60 );
|
P( local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60 );
|
||||||
P( B, C, D, A, 10, 23, 0xBEBFBC70 );
|
P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 );
|
||||||
P( A, B, C, D, 13, 4, 0x289B7EC6 );
|
P( local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6 );
|
||||||
P( D, A, B, C, 0, 11, 0xEAA127FA );
|
P( local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA );
|
||||||
P( C, D, A, B, 3, 16, 0xD4EF3085 );
|
P( local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085 );
|
||||||
P( B, C, D, A, 6, 23, 0x04881D05 );
|
P( local.B, local.C, local.D, local.A, 6, 23, 0x04881D05 );
|
||||||
P( A, B, C, D, 9, 4, 0xD9D4D039 );
|
P( local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039 );
|
||||||
P( D, A, B, C, 12, 11, 0xE6DB99E5 );
|
P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 );
|
||||||
P( C, D, A, B, 15, 16, 0x1FA27CF8 );
|
P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 );
|
||||||
P( B, C, D, A, 2, 23, 0xC4AC5665 );
|
P( local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665 );
|
||||||
|
|
||||||
#undef F
|
#undef F
|
||||||
|
|
||||||
#define F(x,y,z) ((y) ^ ((x) | ~(z)))
|
#define F(x,y,z) ((y) ^ ((x) | ~(z)))
|
||||||
|
|
||||||
P( A, B, C, D, 0, 6, 0xF4292244 );
|
P( local.A, local.B, local.C, local.D, 0, 6, 0xF4292244 );
|
||||||
P( D, A, B, C, 7, 10, 0x432AFF97 );
|
P( local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97 );
|
||||||
P( C, D, A, B, 14, 15, 0xAB9423A7 );
|
P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 );
|
||||||
P( B, C, D, A, 5, 21, 0xFC93A039 );
|
P( local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039 );
|
||||||
P( A, B, C, D, 12, 6, 0x655B59C3 );
|
P( local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3 );
|
||||||
P( D, A, B, C, 3, 10, 0x8F0CCC92 );
|
P( local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92 );
|
||||||
P( C, D, A, B, 10, 15, 0xFFEFF47D );
|
P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D );
|
||||||
P( B, C, D, A, 1, 21, 0x85845DD1 );
|
P( local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1 );
|
||||||
P( A, B, C, D, 8, 6, 0x6FA87E4F );
|
P( local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F );
|
||||||
P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
|
P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 );
|
||||||
P( C, D, A, B, 6, 15, 0xA3014314 );
|
P( local.C, local.D, local.A, local.B, 6, 15, 0xA3014314 );
|
||||||
P( B, C, D, A, 13, 21, 0x4E0811A1 );
|
P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 );
|
||||||
P( A, B, C, D, 4, 6, 0xF7537E82 );
|
P( local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82 );
|
||||||
P( D, A, B, C, 11, 10, 0xBD3AF235 );
|
P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 );
|
||||||
P( C, D, A, B, 2, 15, 0x2AD7D2BB );
|
P( local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB );
|
||||||
P( B, C, D, A, 9, 21, 0xEB86D391 );
|
P( local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391 );
|
||||||
|
|
||||||
#undef F
|
#undef F
|
||||||
|
|
||||||
ctx->state[0] += A;
|
ctx->state[0] += local.A;
|
||||||
ctx->state[1] += B;
|
ctx->state[1] += local.B;
|
||||||
ctx->state[2] += C;
|
ctx->state[2] += local.C;
|
||||||
ctx->state[3] += D;
|
ctx->state[3] += local.D;
|
||||||
|
|
||||||
|
/* Zeroise variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -247,7 +247,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
|
||||||
unsigned int iteration_count,
|
unsigned int iteration_count,
|
||||||
uint32_t key_length, unsigned char *output )
|
uint32_t key_length, unsigned char *output )
|
||||||
{
|
{
|
||||||
int ret, j;
|
int ret = 0, j;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
unsigned char md1[MBEDTLS_MD_MAX_SIZE];
|
unsigned char md1[MBEDTLS_MD_MAX_SIZE];
|
||||||
unsigned char work[MBEDTLS_MD_MAX_SIZE];
|
unsigned char work[MBEDTLS_MD_MAX_SIZE];
|
||||||
|
@ -269,16 +269,16 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
|
||||||
// U1 ends up in work
|
// U1 ends up in work
|
||||||
//
|
//
|
||||||
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
memcpy( md1, work, md_size );
|
memcpy( md1, work, md_size );
|
||||||
|
|
||||||
|
@ -287,13 +287,13 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
|
||||||
// U2 ends up in md1
|
// U2 ends up in md1
|
||||||
//
|
//
|
||||||
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
|
if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
|
||||||
return( ret );
|
goto cleanup;
|
||||||
|
|
||||||
// U1 xor U2
|
// U1 xor U2
|
||||||
//
|
//
|
||||||
|
@ -312,7 +312,12 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
return( 0 );
|
cleanup:
|
||||||
|
/* Zeroise buffers to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE );
|
||||||
|
mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SELF_TEST)
|
#if defined(MBEDTLS_SELF_TEST)
|
||||||
|
|
|
@ -147,30 +147,33 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
|
||||||
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
const unsigned char data[64] )
|
const unsigned char data[64] )
|
||||||
{
|
{
|
||||||
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
struct
|
||||||
|
{
|
||||||
|
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
||||||
|
} local;
|
||||||
|
|
||||||
GET_UINT32_LE( X[ 0], data, 0 );
|
GET_UINT32_LE( local.X[ 0], data, 0 );
|
||||||
GET_UINT32_LE( X[ 1], data, 4 );
|
GET_UINT32_LE( local.X[ 1], data, 4 );
|
||||||
GET_UINT32_LE( X[ 2], data, 8 );
|
GET_UINT32_LE( local.X[ 2], data, 8 );
|
||||||
GET_UINT32_LE( X[ 3], data, 12 );
|
GET_UINT32_LE( local.X[ 3], data, 12 );
|
||||||
GET_UINT32_LE( X[ 4], data, 16 );
|
GET_UINT32_LE( local.X[ 4], data, 16 );
|
||||||
GET_UINT32_LE( X[ 5], data, 20 );
|
GET_UINT32_LE( local.X[ 5], data, 20 );
|
||||||
GET_UINT32_LE( X[ 6], data, 24 );
|
GET_UINT32_LE( local.X[ 6], data, 24 );
|
||||||
GET_UINT32_LE( X[ 7], data, 28 );
|
GET_UINT32_LE( local.X[ 7], data, 28 );
|
||||||
GET_UINT32_LE( X[ 8], data, 32 );
|
GET_UINT32_LE( local.X[ 8], data, 32 );
|
||||||
GET_UINT32_LE( X[ 9], data, 36 );
|
GET_UINT32_LE( local.X[ 9], data, 36 );
|
||||||
GET_UINT32_LE( X[10], data, 40 );
|
GET_UINT32_LE( local.X[10], data, 40 );
|
||||||
GET_UINT32_LE( X[11], data, 44 );
|
GET_UINT32_LE( local.X[11], data, 44 );
|
||||||
GET_UINT32_LE( X[12], data, 48 );
|
GET_UINT32_LE( local.X[12], data, 48 );
|
||||||
GET_UINT32_LE( X[13], data, 52 );
|
GET_UINT32_LE( local.X[13], data, 52 );
|
||||||
GET_UINT32_LE( X[14], data, 56 );
|
GET_UINT32_LE( local.X[14], data, 56 );
|
||||||
GET_UINT32_LE( X[15], data, 60 );
|
GET_UINT32_LE( local.X[15], data, 60 );
|
||||||
|
|
||||||
A = Ap = ctx->state[0];
|
local.A = local.Ap = ctx->state[0];
|
||||||
B = Bp = ctx->state[1];
|
local.B = local.Bp = ctx->state[1];
|
||||||
C = Cp = ctx->state[2];
|
local.C = local.Cp = ctx->state[2];
|
||||||
D = Dp = ctx->state[3];
|
local.D = local.Dp = ctx->state[3];
|
||||||
E = Ep = ctx->state[4];
|
local.E = local.Ep = ctx->state[4];
|
||||||
|
|
||||||
#define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
|
#define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
|
||||||
#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
|
#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
|
||||||
|
@ -180,12 +183,12 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
|
|
||||||
#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
|
#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
|
||||||
|
|
||||||
#define P( a, b, c, d, e, r, s, f, k ) \
|
#define P( a, b, c, d, e, r, s, f, k ) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
(a) += f( (b), (c), (d) ) + X[r] + (k); \
|
(a) += f( (b), (c), (d) ) + local.X[r] + (k); \
|
||||||
(a) = S( (a), (s) ) + (e); \
|
(a) = S( (a), (s) ) + (e); \
|
||||||
(c) = S( (c), 10 ); \
|
(c) = S( (c), 10 ); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
#define P2( a, b, c, d, e, r, s, rp, sp ) \
|
#define P2( a, b, c, d, e, r, s, rp, sp ) \
|
||||||
|
@ -200,22 +203,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
#define K 0x00000000
|
#define K 0x00000000
|
||||||
#define Fp F5
|
#define Fp F5
|
||||||
#define Kp 0x50A28BE6
|
#define Kp 0x50A28BE6
|
||||||
P2( A, B, C, D, E, 0, 11, 5, 8 );
|
P2( local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8 );
|
||||||
P2( E, A, B, C, D, 1, 14, 14, 9 );
|
P2( local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9 );
|
||||||
P2( D, E, A, B, C, 2, 15, 7, 9 );
|
P2( local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9 );
|
||||||
P2( C, D, E, A, B, 3, 12, 0, 11 );
|
P2( local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11 );
|
||||||
P2( B, C, D, E, A, 4, 5, 9, 13 );
|
P2( local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13 );
|
||||||
P2( A, B, C, D, E, 5, 8, 2, 15 );
|
P2( local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15 );
|
||||||
P2( E, A, B, C, D, 6, 7, 11, 15 );
|
P2( local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15 );
|
||||||
P2( D, E, A, B, C, 7, 9, 4, 5 );
|
P2( local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5 );
|
||||||
P2( C, D, E, A, B, 8, 11, 13, 7 );
|
P2( local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7 );
|
||||||
P2( B, C, D, E, A, 9, 13, 6, 7 );
|
P2( local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7 );
|
||||||
P2( A, B, C, D, E, 10, 14, 15, 8 );
|
P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8 );
|
||||||
P2( E, A, B, C, D, 11, 15, 8, 11 );
|
P2( local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11 );
|
||||||
P2( D, E, A, B, C, 12, 6, 1, 14 );
|
P2( local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14 );
|
||||||
P2( C, D, E, A, B, 13, 7, 10, 14 );
|
P2( local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14 );
|
||||||
P2( B, C, D, E, A, 14, 9, 3, 12 );
|
P2( local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12 );
|
||||||
P2( A, B, C, D, E, 15, 8, 12, 6 );
|
P2( local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6 );
|
||||||
#undef F
|
#undef F
|
||||||
#undef K
|
#undef K
|
||||||
#undef Fp
|
#undef Fp
|
||||||
|
@ -225,22 +228,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
#define K 0x5A827999
|
#define K 0x5A827999
|
||||||
#define Fp F4
|
#define Fp F4
|
||||||
#define Kp 0x5C4DD124
|
#define Kp 0x5C4DD124
|
||||||
P2( E, A, B, C, D, 7, 7, 6, 9 );
|
P2( local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9 );
|
||||||
P2( D, E, A, B, C, 4, 6, 11, 13 );
|
P2( local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13 );
|
||||||
P2( C, D, E, A, B, 13, 8, 3, 15 );
|
P2( local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15 );
|
||||||
P2( B, C, D, E, A, 1, 13, 7, 7 );
|
P2( local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7 );
|
||||||
P2( A, B, C, D, E, 10, 11, 0, 12 );
|
P2( local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12 );
|
||||||
P2( E, A, B, C, D, 6, 9, 13, 8 );
|
P2( local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8 );
|
||||||
P2( D, E, A, B, C, 15, 7, 5, 9 );
|
P2( local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9 );
|
||||||
P2( C, D, E, A, B, 3, 15, 10, 11 );
|
P2( local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11 );
|
||||||
P2( B, C, D, E, A, 12, 7, 14, 7 );
|
P2( local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7 );
|
||||||
P2( A, B, C, D, E, 0, 12, 15, 7 );
|
P2( local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7 );
|
||||||
P2( E, A, B, C, D, 9, 15, 8, 12 );
|
P2( local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12 );
|
||||||
P2( D, E, A, B, C, 5, 9, 12, 7 );
|
P2( local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7 );
|
||||||
P2( C, D, E, A, B, 2, 11, 4, 6 );
|
P2( local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6 );
|
||||||
P2( B, C, D, E, A, 14, 7, 9, 15 );
|
P2( local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15 );
|
||||||
P2( A, B, C, D, E, 11, 13, 1, 13 );
|
P2( local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13 );
|
||||||
P2( E, A, B, C, D, 8, 12, 2, 11 );
|
P2( local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11 );
|
||||||
#undef F
|
#undef F
|
||||||
#undef K
|
#undef K
|
||||||
#undef Fp
|
#undef Fp
|
||||||
|
@ -250,22 +253,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
#define K 0x6ED9EBA1
|
#define K 0x6ED9EBA1
|
||||||
#define Fp F3
|
#define Fp F3
|
||||||
#define Kp 0x6D703EF3
|
#define Kp 0x6D703EF3
|
||||||
P2( D, E, A, B, C, 3, 11, 15, 9 );
|
P2( local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9 );
|
||||||
P2( C, D, E, A, B, 10, 13, 5, 7 );
|
P2( local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7 );
|
||||||
P2( B, C, D, E, A, 14, 6, 1, 15 );
|
P2( local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15 );
|
||||||
P2( A, B, C, D, E, 4, 7, 3, 11 );
|
P2( local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11 );
|
||||||
P2( E, A, B, C, D, 9, 14, 7, 8 );
|
P2( local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8 );
|
||||||
P2( D, E, A, B, C, 15, 9, 14, 6 );
|
P2( local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6 );
|
||||||
P2( C, D, E, A, B, 8, 13, 6, 6 );
|
P2( local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6 );
|
||||||
P2( B, C, D, E, A, 1, 15, 9, 14 );
|
P2( local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14 );
|
||||||
P2( A, B, C, D, E, 2, 14, 11, 12 );
|
P2( local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12 );
|
||||||
P2( E, A, B, C, D, 7, 8, 8, 13 );
|
P2( local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13 );
|
||||||
P2( D, E, A, B, C, 0, 13, 12, 5 );
|
P2( local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5 );
|
||||||
P2( C, D, E, A, B, 6, 6, 2, 14 );
|
P2( local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14 );
|
||||||
P2( B, C, D, E, A, 13, 5, 10, 13 );
|
P2( local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13 );
|
||||||
P2( A, B, C, D, E, 11, 12, 0, 13 );
|
P2( local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13 );
|
||||||
P2( E, A, B, C, D, 5, 7, 4, 7 );
|
P2( local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7 );
|
||||||
P2( D, E, A, B, C, 12, 5, 13, 5 );
|
P2( local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5 );
|
||||||
#undef F
|
#undef F
|
||||||
#undef K
|
#undef K
|
||||||
#undef Fp
|
#undef Fp
|
||||||
|
@ -275,22 +278,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
#define K 0x8F1BBCDC
|
#define K 0x8F1BBCDC
|
||||||
#define Fp F2
|
#define Fp F2
|
||||||
#define Kp 0x7A6D76E9
|
#define Kp 0x7A6D76E9
|
||||||
P2( C, D, E, A, B, 1, 11, 8, 15 );
|
P2( local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15 );
|
||||||
P2( B, C, D, E, A, 9, 12, 6, 5 );
|
P2( local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5 );
|
||||||
P2( A, B, C, D, E, 11, 14, 4, 8 );
|
P2( local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8 );
|
||||||
P2( E, A, B, C, D, 10, 15, 1, 11 );
|
P2( local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11 );
|
||||||
P2( D, E, A, B, C, 0, 14, 3, 14 );
|
P2( local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14 );
|
||||||
P2( C, D, E, A, B, 8, 15, 11, 14 );
|
P2( local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14 );
|
||||||
P2( B, C, D, E, A, 12, 9, 15, 6 );
|
P2( local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6 );
|
||||||
P2( A, B, C, D, E, 4, 8, 0, 14 );
|
P2( local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14 );
|
||||||
P2( E, A, B, C, D, 13, 9, 5, 6 );
|
P2( local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6 );
|
||||||
P2( D, E, A, B, C, 3, 14, 12, 9 );
|
P2( local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9 );
|
||||||
P2( C, D, E, A, B, 7, 5, 2, 12 );
|
P2( local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12 );
|
||||||
P2( B, C, D, E, A, 15, 6, 13, 9 );
|
P2( local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9 );
|
||||||
P2( A, B, C, D, E, 14, 8, 9, 12 );
|
P2( local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12 );
|
||||||
P2( E, A, B, C, D, 5, 6, 7, 5 );
|
P2( local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5 );
|
||||||
P2( D, E, A, B, C, 6, 5, 10, 15 );
|
P2( local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15 );
|
||||||
P2( C, D, E, A, B, 2, 12, 14, 8 );
|
P2( local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8 );
|
||||||
#undef F
|
#undef F
|
||||||
#undef K
|
#undef K
|
||||||
#undef Fp
|
#undef Fp
|
||||||
|
@ -300,33 +303,36 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||||
#define K 0xA953FD4E
|
#define K 0xA953FD4E
|
||||||
#define Fp F1
|
#define Fp F1
|
||||||
#define Kp 0x00000000
|
#define Kp 0x00000000
|
||||||
P2( B, C, D, E, A, 4, 9, 12, 8 );
|
P2( local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8 );
|
||||||
P2( A, B, C, D, E, 0, 15, 15, 5 );
|
P2( local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5 );
|
||||||
P2( E, A, B, C, D, 5, 5, 10, 12 );
|
P2( local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12 );
|
||||||
P2( D, E, A, B, C, 9, 11, 4, 9 );
|
P2( local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9 );
|
||||||
P2( C, D, E, A, B, 7, 6, 1, 12 );
|
P2( local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12 );
|
||||||
P2( B, C, D, E, A, 12, 8, 5, 5 );
|
P2( local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5 );
|
||||||
P2( A, B, C, D, E, 2, 13, 8, 14 );
|
P2( local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14 );
|
||||||
P2( E, A, B, C, D, 10, 12, 7, 6 );
|
P2( local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6 );
|
||||||
P2( D, E, A, B, C, 14, 5, 6, 8 );
|
P2( local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8 );
|
||||||
P2( C, D, E, A, B, 1, 12, 2, 13 );
|
P2( local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13 );
|
||||||
P2( B, C, D, E, A, 3, 13, 13, 6 );
|
P2( local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6 );
|
||||||
P2( A, B, C, D, E, 8, 14, 14, 5 );
|
P2( local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5 );
|
||||||
P2( E, A, B, C, D, 11, 11, 0, 15 );
|
P2( local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15 );
|
||||||
P2( D, E, A, B, C, 6, 8, 3, 13 );
|
P2( local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13 );
|
||||||
P2( C, D, E, A, B, 15, 5, 9, 11 );
|
P2( local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11 );
|
||||||
P2( B, C, D, E, A, 13, 6, 11, 11 );
|
P2( local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11 );
|
||||||
#undef F
|
#undef F
|
||||||
#undef K
|
#undef K
|
||||||
#undef Fp
|
#undef Fp
|
||||||
#undef Kp
|
#undef Kp
|
||||||
|
|
||||||
C = ctx->state[1] + C + Dp;
|
local.C = ctx->state[1] + local.C + local.Dp;
|
||||||
ctx->state[1] = ctx->state[2] + D + Ep;
|
ctx->state[1] = ctx->state[2] + local.D + local.Ep;
|
||||||
ctx->state[2] = ctx->state[3] + E + Ap;
|
ctx->state[2] = ctx->state[3] + local.E + local.Ap;
|
||||||
ctx->state[3] = ctx->state[4] + A + Bp;
|
ctx->state[3] = ctx->state[4] + local.A + local.Bp;
|
||||||
ctx->state[4] = ctx->state[0] + B + Cp;
|
ctx->state[4] = ctx->state[0] + local.B + local.Cp;
|
||||||
ctx->state[0] = C;
|
ctx->state[0] = local.C;
|
||||||
|
|
||||||
|
/* Zeroise variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
228
library/sha1.c
228
library/sha1.c
|
@ -155,35 +155,40 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
|
||||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
const unsigned char data[64] )
|
const unsigned char data[64] )
|
||||||
{
|
{
|
||||||
uint32_t temp, W[16], A, B, C, D, E;
|
struct
|
||||||
|
{
|
||||||
|
uint32_t temp, W[16], A, B, C, D, E;
|
||||||
|
} local;
|
||||||
|
|
||||||
SHA1_VALIDATE_RET( ctx != NULL );
|
SHA1_VALIDATE_RET( ctx != NULL );
|
||||||
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
|
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||||
|
|
||||||
GET_UINT32_BE( W[ 0], data, 0 );
|
GET_UINT32_BE( local.W[ 0], data, 0 );
|
||||||
GET_UINT32_BE( W[ 1], data, 4 );
|
GET_UINT32_BE( local.W[ 1], data, 4 );
|
||||||
GET_UINT32_BE( W[ 2], data, 8 );
|
GET_UINT32_BE( local.W[ 2], data, 8 );
|
||||||
GET_UINT32_BE( W[ 3], data, 12 );
|
GET_UINT32_BE( local.W[ 3], data, 12 );
|
||||||
GET_UINT32_BE( W[ 4], data, 16 );
|
GET_UINT32_BE( local.W[ 4], data, 16 );
|
||||||
GET_UINT32_BE( W[ 5], data, 20 );
|
GET_UINT32_BE( local.W[ 5], data, 20 );
|
||||||
GET_UINT32_BE( W[ 6], data, 24 );
|
GET_UINT32_BE( local.W[ 6], data, 24 );
|
||||||
GET_UINT32_BE( W[ 7], data, 28 );
|
GET_UINT32_BE( local.W[ 7], data, 28 );
|
||||||
GET_UINT32_BE( W[ 8], data, 32 );
|
GET_UINT32_BE( local.W[ 8], data, 32 );
|
||||||
GET_UINT32_BE( W[ 9], data, 36 );
|
GET_UINT32_BE( local.W[ 9], data, 36 );
|
||||||
GET_UINT32_BE( W[10], data, 40 );
|
GET_UINT32_BE( local.W[10], data, 40 );
|
||||||
GET_UINT32_BE( W[11], data, 44 );
|
GET_UINT32_BE( local.W[11], data, 44 );
|
||||||
GET_UINT32_BE( W[12], data, 48 );
|
GET_UINT32_BE( local.W[12], data, 48 );
|
||||||
GET_UINT32_BE( W[13], data, 52 );
|
GET_UINT32_BE( local.W[13], data, 52 );
|
||||||
GET_UINT32_BE( W[14], data, 56 );
|
GET_UINT32_BE( local.W[14], data, 56 );
|
||||||
GET_UINT32_BE( W[15], data, 60 );
|
GET_UINT32_BE( local.W[15], data, 60 );
|
||||||
|
|
||||||
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
|
||||||
|
|
||||||
#define R(t) \
|
#define R(t) \
|
||||||
( \
|
( \
|
||||||
temp = W[( (t) - 3 ) & 0x0F] ^ W[( (t) - 8 ) & 0x0F] ^ \
|
local.temp = local.W[( (t) - 3 ) & 0x0F] ^ \
|
||||||
W[( (t) - 14 ) & 0x0F] ^ W[ (t) & 0x0F], \
|
local.W[( (t) - 8 ) & 0x0F] ^ \
|
||||||
( W[(t) & 0x0F] = S(temp,1) ) \
|
local.W[( (t) - 14 ) & 0x0F] ^ \
|
||||||
|
local.W[ (t) & 0x0F], \
|
||||||
|
( local.W[(t) & 0x0F] = S(local.temp,1) ) \
|
||||||
)
|
)
|
||||||
|
|
||||||
#define P(a,b,c,d,e,x) \
|
#define P(a,b,c,d,e,x) \
|
||||||
|
@ -193,35 +198,35 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
(b) = S((b),30); \
|
(b) = S((b),30); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
A = ctx->state[0];
|
local.A = ctx->state[0];
|
||||||
B = ctx->state[1];
|
local.B = ctx->state[1];
|
||||||
C = ctx->state[2];
|
local.C = ctx->state[2];
|
||||||
D = ctx->state[3];
|
local.D = ctx->state[3];
|
||||||
E = ctx->state[4];
|
local.E = ctx->state[4];
|
||||||
|
|
||||||
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
||||||
#define K 0x5A827999
|
#define K 0x5A827999
|
||||||
|
|
||||||
P( A, B, C, D, E, W[0] );
|
P( local.A, local.B, local.C, local.D, local.E, local.W[0] );
|
||||||
P( E, A, B, C, D, W[1] );
|
P( local.E, local.A, local.B, local.C, local.D, local.W[1] );
|
||||||
P( D, E, A, B, C, W[2] );
|
P( local.D, local.E, local.A, local.B, local.C, local.W[2] );
|
||||||
P( C, D, E, A, B, W[3] );
|
P( local.C, local.D, local.E, local.A, local.B, local.W[3] );
|
||||||
P( B, C, D, E, A, W[4] );
|
P( local.B, local.C, local.D, local.E, local.A, local.W[4] );
|
||||||
P( A, B, C, D, E, W[5] );
|
P( local.A, local.B, local.C, local.D, local.E, local.W[5] );
|
||||||
P( E, A, B, C, D, W[6] );
|
P( local.E, local.A, local.B, local.C, local.D, local.W[6] );
|
||||||
P( D, E, A, B, C, W[7] );
|
P( local.D, local.E, local.A, local.B, local.C, local.W[7] );
|
||||||
P( C, D, E, A, B, W[8] );
|
P( local.C, local.D, local.E, local.A, local.B, local.W[8] );
|
||||||
P( B, C, D, E, A, W[9] );
|
P( local.B, local.C, local.D, local.E, local.A, local.W[9] );
|
||||||
P( A, B, C, D, E, W[10] );
|
P( local.A, local.B, local.C, local.D, local.E, local.W[10] );
|
||||||
P( E, A, B, C, D, W[11] );
|
P( local.E, local.A, local.B, local.C, local.D, local.W[11] );
|
||||||
P( D, E, A, B, C, W[12] );
|
P( local.D, local.E, local.A, local.B, local.C, local.W[12] );
|
||||||
P( C, D, E, A, B, W[13] );
|
P( local.C, local.D, local.E, local.A, local.B, local.W[13] );
|
||||||
P( B, C, D, E, A, W[14] );
|
P( local.B, local.C, local.D, local.E, local.A, local.W[14] );
|
||||||
P( A, B, C, D, E, W[15] );
|
P( local.A, local.B, local.C, local.D, local.E, local.W[15] );
|
||||||
P( E, A, B, C, D, R(16) );
|
P( local.E, local.A, local.B, local.C, local.D, R(16) );
|
||||||
P( D, E, A, B, C, R(17) );
|
P( local.D, local.E, local.A, local.B, local.C, R(17) );
|
||||||
P( C, D, E, A, B, R(18) );
|
P( local.C, local.D, local.E, local.A, local.B, R(18) );
|
||||||
P( B, C, D, E, A, R(19) );
|
P( local.B, local.C, local.D, local.E, local.A, R(19) );
|
||||||
|
|
||||||
#undef K
|
#undef K
|
||||||
#undef F
|
#undef F
|
||||||
|
@ -229,26 +234,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
||||||
#define K 0x6ED9EBA1
|
#define K 0x6ED9EBA1
|
||||||
|
|
||||||
P( A, B, C, D, E, R(20) );
|
P( local.A, local.B, local.C, local.D, local.E, R(20) );
|
||||||
P( E, A, B, C, D, R(21) );
|
P( local.E, local.A, local.B, local.C, local.D, R(21) );
|
||||||
P( D, E, A, B, C, R(22) );
|
P( local.D, local.E, local.A, local.B, local.C, R(22) );
|
||||||
P( C, D, E, A, B, R(23) );
|
P( local.C, local.D, local.E, local.A, local.B, R(23) );
|
||||||
P( B, C, D, E, A, R(24) );
|
P( local.B, local.C, local.D, local.E, local.A, R(24) );
|
||||||
P( A, B, C, D, E, R(25) );
|
P( local.A, local.B, local.C, local.D, local.E, R(25) );
|
||||||
P( E, A, B, C, D, R(26) );
|
P( local.E, local.A, local.B, local.C, local.D, R(26) );
|
||||||
P( D, E, A, B, C, R(27) );
|
P( local.D, local.E, local.A, local.B, local.C, R(27) );
|
||||||
P( C, D, E, A, B, R(28) );
|
P( local.C, local.D, local.E, local.A, local.B, R(28) );
|
||||||
P( B, C, D, E, A, R(29) );
|
P( local.B, local.C, local.D, local.E, local.A, R(29) );
|
||||||
P( A, B, C, D, E, R(30) );
|
P( local.A, local.B, local.C, local.D, local.E, R(30) );
|
||||||
P( E, A, B, C, D, R(31) );
|
P( local.E, local.A, local.B, local.C, local.D, R(31) );
|
||||||
P( D, E, A, B, C, R(32) );
|
P( local.D, local.E, local.A, local.B, local.C, R(32) );
|
||||||
P( C, D, E, A, B, R(33) );
|
P( local.C, local.D, local.E, local.A, local.B, R(33) );
|
||||||
P( B, C, D, E, A, R(34) );
|
P( local.B, local.C, local.D, local.E, local.A, R(34) );
|
||||||
P( A, B, C, D, E, R(35) );
|
P( local.A, local.B, local.C, local.D, local.E, R(35) );
|
||||||
P( E, A, B, C, D, R(36) );
|
P( local.E, local.A, local.B, local.C, local.D, R(36) );
|
||||||
P( D, E, A, B, C, R(37) );
|
P( local.D, local.E, local.A, local.B, local.C, R(37) );
|
||||||
P( C, D, E, A, B, R(38) );
|
P( local.C, local.D, local.E, local.A, local.B, R(38) );
|
||||||
P( B, C, D, E, A, R(39) );
|
P( local.B, local.C, local.D, local.E, local.A, R(39) );
|
||||||
|
|
||||||
#undef K
|
#undef K
|
||||||
#undef F
|
#undef F
|
||||||
|
@ -256,26 +261,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
||||||
#define K 0x8F1BBCDC
|
#define K 0x8F1BBCDC
|
||||||
|
|
||||||
P( A, B, C, D, E, R(40) );
|
P( local.A, local.B, local.C, local.D, local.E, R(40) );
|
||||||
P( E, A, B, C, D, R(41) );
|
P( local.E, local.A, local.B, local.C, local.D, R(41) );
|
||||||
P( D, E, A, B, C, R(42) );
|
P( local.D, local.E, local.A, local.B, local.C, R(42) );
|
||||||
P( C, D, E, A, B, R(43) );
|
P( local.C, local.D, local.E, local.A, local.B, R(43) );
|
||||||
P( B, C, D, E, A, R(44) );
|
P( local.B, local.C, local.D, local.E, local.A, R(44) );
|
||||||
P( A, B, C, D, E, R(45) );
|
P( local.A, local.B, local.C, local.D, local.E, R(45) );
|
||||||
P( E, A, B, C, D, R(46) );
|
P( local.E, local.A, local.B, local.C, local.D, R(46) );
|
||||||
P( D, E, A, B, C, R(47) );
|
P( local.D, local.E, local.A, local.B, local.C, R(47) );
|
||||||
P( C, D, E, A, B, R(48) );
|
P( local.C, local.D, local.E, local.A, local.B, R(48) );
|
||||||
P( B, C, D, E, A, R(49) );
|
P( local.B, local.C, local.D, local.E, local.A, R(49) );
|
||||||
P( A, B, C, D, E, R(50) );
|
P( local.A, local.B, local.C, local.D, local.E, R(50) );
|
||||||
P( E, A, B, C, D, R(51) );
|
P( local.E, local.A, local.B, local.C, local.D, R(51) );
|
||||||
P( D, E, A, B, C, R(52) );
|
P( local.D, local.E, local.A, local.B, local.C, R(52) );
|
||||||
P( C, D, E, A, B, R(53) );
|
P( local.C, local.D, local.E, local.A, local.B, R(53) );
|
||||||
P( B, C, D, E, A, R(54) );
|
P( local.B, local.C, local.D, local.E, local.A, R(54) );
|
||||||
P( A, B, C, D, E, R(55) );
|
P( local.A, local.B, local.C, local.D, local.E, R(55) );
|
||||||
P( E, A, B, C, D, R(56) );
|
P( local.E, local.A, local.B, local.C, local.D, R(56) );
|
||||||
P( D, E, A, B, C, R(57) );
|
P( local.D, local.E, local.A, local.B, local.C, R(57) );
|
||||||
P( C, D, E, A, B, R(58) );
|
P( local.C, local.D, local.E, local.A, local.B, R(58) );
|
||||||
P( B, C, D, E, A, R(59) );
|
P( local.B, local.C, local.D, local.E, local.A, R(59) );
|
||||||
|
|
||||||
#undef K
|
#undef K
|
||||||
#undef F
|
#undef F
|
||||||
|
@ -283,35 +288,38 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||||
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
#define F(x,y,z) ((x) ^ (y) ^ (z))
|
||||||
#define K 0xCA62C1D6
|
#define K 0xCA62C1D6
|
||||||
|
|
||||||
P( A, B, C, D, E, R(60) );
|
P( local.A, local.B, local.C, local.D, local.E, R(60) );
|
||||||
P( E, A, B, C, D, R(61) );
|
P( local.E, local.A, local.B, local.C, local.D, R(61) );
|
||||||
P( D, E, A, B, C, R(62) );
|
P( local.D, local.E, local.A, local.B, local.C, R(62) );
|
||||||
P( C, D, E, A, B, R(63) );
|
P( local.C, local.D, local.E, local.A, local.B, R(63) );
|
||||||
P( B, C, D, E, A, R(64) );
|
P( local.B, local.C, local.D, local.E, local.A, R(64) );
|
||||||
P( A, B, C, D, E, R(65) );
|
P( local.A, local.B, local.C, local.D, local.E, R(65) );
|
||||||
P( E, A, B, C, D, R(66) );
|
P( local.E, local.A, local.B, local.C, local.D, R(66) );
|
||||||
P( D, E, A, B, C, R(67) );
|
P( local.D, local.E, local.A, local.B, local.C, R(67) );
|
||||||
P( C, D, E, A, B, R(68) );
|
P( local.C, local.D, local.E, local.A, local.B, R(68) );
|
||||||
P( B, C, D, E, A, R(69) );
|
P( local.B, local.C, local.D, local.E, local.A, R(69) );
|
||||||
P( A, B, C, D, E, R(70) );
|
P( local.A, local.B, local.C, local.D, local.E, R(70) );
|
||||||
P( E, A, B, C, D, R(71) );
|
P( local.E, local.A, local.B, local.C, local.D, R(71) );
|
||||||
P( D, E, A, B, C, R(72) );
|
P( local.D, local.E, local.A, local.B, local.C, R(72) );
|
||||||
P( C, D, E, A, B, R(73) );
|
P( local.C, local.D, local.E, local.A, local.B, R(73) );
|
||||||
P( B, C, D, E, A, R(74) );
|
P( local.B, local.C, local.D, local.E, local.A, R(74) );
|
||||||
P( A, B, C, D, E, R(75) );
|
P( local.A, local.B, local.C, local.D, local.E, R(75) );
|
||||||
P( E, A, B, C, D, R(76) );
|
P( local.E, local.A, local.B, local.C, local.D, R(76) );
|
||||||
P( D, E, A, B, C, R(77) );
|
P( local.D, local.E, local.A, local.B, local.C, R(77) );
|
||||||
P( C, D, E, A, B, R(78) );
|
P( local.C, local.D, local.E, local.A, local.B, R(78) );
|
||||||
P( B, C, D, E, A, R(79) );
|
P( local.B, local.C, local.D, local.E, local.A, R(79) );
|
||||||
|
|
||||||
#undef K
|
#undef K
|
||||||
#undef F
|
#undef F
|
||||||
|
|
||||||
ctx->state[0] += A;
|
ctx->state[0] += local.A;
|
||||||
ctx->state[1] += B;
|
ctx->state[1] += local.B;
|
||||||
ctx->state[2] += C;
|
ctx->state[2] += local.C;
|
||||||
ctx->state[3] += D;
|
ctx->state[3] += local.D;
|
||||||
ctx->state[4] += E;
|
ctx->state[4] += local.E;
|
||||||
|
|
||||||
|
/* Zeroise buffers and variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -209,77 +209,104 @@ static const uint32_t K[] =
|
||||||
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
||||||
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
||||||
|
|
||||||
#define R(t) \
|
#define R(t) \
|
||||||
( \
|
( \
|
||||||
W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \
|
local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
|
||||||
S0(W[(t) - 15]) + W[(t) - 16] \
|
S0(local.W[(t) - 15]) + local.W[(t) - 16] \
|
||||||
)
|
)
|
||||||
|
|
||||||
#define P(a,b,c,d,e,f,g,h,x,K) \
|
#define P(a,b,c,d,e,f,g,h,x,K) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
|
local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
|
||||||
temp2 = S2(a) + F0((a),(b),(c)); \
|
local.temp2 = S2(a) + F0((a),(b),(c)); \
|
||||||
(d) += temp1; (h) = temp1 + temp2; \
|
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||||
const unsigned char data[64] )
|
const unsigned char data[64] )
|
||||||
{
|
{
|
||||||
uint32_t temp1, temp2, W[64];
|
struct
|
||||||
uint32_t A[8];
|
{
|
||||||
|
uint32_t temp1, temp2, W[64];
|
||||||
|
uint32_t A[8];
|
||||||
|
} local;
|
||||||
|
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
SHA256_VALIDATE_RET( ctx != NULL );
|
SHA256_VALIDATE_RET( ctx != NULL );
|
||||||
SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
|
SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||||
|
|
||||||
for( i = 0; i < 8; i++ )
|
for( i = 0; i < 8; i++ )
|
||||||
A[i] = ctx->state[i];
|
local.A[i] = ctx->state[i];
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_SMALLER)
|
#if defined(MBEDTLS_SHA256_SMALLER)
|
||||||
for( i = 0; i < 64; i++ )
|
for( i = 0; i < 64; i++ )
|
||||||
{
|
{
|
||||||
if( i < 16 )
|
if( i < 16 )
|
||||||
GET_UINT32_BE( W[i], data, 4 * i );
|
GET_UINT32_BE( local.W[i], data, 4 * i );
|
||||||
else
|
else
|
||||||
R( i );
|
R( i );
|
||||||
|
|
||||||
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
|
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
|
||||||
|
local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
|
||||||
|
|
||||||
temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
|
local.temp1 = local.A[7]; local.A[7] = local.A[6];
|
||||||
A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
|
local.A[6] = local.A[5]; local.A[5] = local.A[4];
|
||||||
|
local.A[4] = local.A[3]; local.A[3] = local.A[2];
|
||||||
|
local.A[2] = local.A[1]; local.A[1] = local.A[0];
|
||||||
|
local.A[0] = local.temp1;
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_SHA256_SMALLER */
|
#else /* MBEDTLS_SHA256_SMALLER */
|
||||||
for( i = 0; i < 16; i++ )
|
for( i = 0; i < 16; i++ )
|
||||||
GET_UINT32_BE( W[i], data, 4 * i );
|
GET_UINT32_BE( local.W[i], data, 4 * i );
|
||||||
|
|
||||||
for( i = 0; i < 16; i += 8 )
|
for( i = 0; i < 16; i += 8 )
|
||||||
{
|
{
|
||||||
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
|
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
|
||||||
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
|
local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
|
||||||
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
|
P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
|
||||||
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
|
local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
|
||||||
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
|
P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
|
||||||
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
|
local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
|
||||||
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
|
P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
|
||||||
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
|
local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
|
||||||
|
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
|
||||||
|
local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
|
||||||
|
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
|
||||||
|
local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
|
||||||
|
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
|
||||||
|
local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
|
||||||
|
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
|
||||||
|
local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
|
||||||
}
|
}
|
||||||
|
|
||||||
for( i = 16; i < 64; i += 8 )
|
for( i = 16; i < 64; i += 8 )
|
||||||
{
|
{
|
||||||
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
|
P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
|
||||||
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
|
local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
|
||||||
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
|
P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
|
||||||
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
|
local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
|
||||||
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
|
P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
|
||||||
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
|
local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
|
||||||
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
|
P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
|
||||||
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
|
local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
|
||||||
|
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
|
||||||
|
local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
|
||||||
|
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
|
||||||
|
local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
|
||||||
|
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
|
||||||
|
local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
|
||||||
|
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
|
||||||
|
local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA256_SMALLER */
|
#endif /* MBEDTLS_SHA256_SMALLER */
|
||||||
|
|
||||||
for( i = 0; i < 8; i++ )
|
for( i = 0; i < 8; i++ )
|
||||||
ctx->state[i] += A[i];
|
ctx->state[i] += local.A[i];
|
||||||
|
|
||||||
|
/* Zeroise buffers and variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -243,8 +243,11 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||||
const unsigned char data[128] )
|
const unsigned char data[128] )
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
uint64_t temp1, temp2, W[80];
|
struct
|
||||||
uint64_t A, B, C, D, E, F, G, H;
|
{
|
||||||
|
uint64_t temp1, temp2, W[80];
|
||||||
|
uint64_t A, B, C, D, E, F, G, H;
|
||||||
|
} local;
|
||||||
|
|
||||||
SHA512_VALIDATE_RET( ctx != NULL );
|
SHA512_VALIDATE_RET( ctx != NULL );
|
||||||
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
|
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||||
|
@ -261,56 +264,67 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||||
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
|
||||||
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
|
||||||
|
|
||||||
#define P(a,b,c,d,e,f,g,h,x,K) \
|
#define P(a,b,c,d,e,f,g,h,x,K) \
|
||||||
do \
|
do \
|
||||||
{ \
|
{ \
|
||||||
temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
|
local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
|
||||||
temp2 = S2(a) + F0((a),(b),(c)); \
|
local.temp2 = S2(a) + F0((a),(b),(c)); \
|
||||||
(d) += temp1; (h) = temp1 + temp2; \
|
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
|
||||||
for( i = 0; i < 16; i++ )
|
for( i = 0; i < 16; i++ )
|
||||||
{
|
{
|
||||||
GET_UINT64_BE( W[i], data, i << 3 );
|
GET_UINT64_BE( local.W[i], data, i << 3 );
|
||||||
}
|
}
|
||||||
|
|
||||||
for( ; i < 80; i++ )
|
for( ; i < 80; i++ )
|
||||||
{
|
{
|
||||||
W[i] = S1(W[i - 2]) + W[i - 7] +
|
local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
|
||||||
S0(W[i - 15]) + W[i - 16];
|
S0(local.W[i - 15]) + local.W[i - 16];
|
||||||
}
|
}
|
||||||
|
|
||||||
A = ctx->state[0];
|
local.A = ctx->state[0];
|
||||||
B = ctx->state[1];
|
local.B = ctx->state[1];
|
||||||
C = ctx->state[2];
|
local.C = ctx->state[2];
|
||||||
D = ctx->state[3];
|
local.D = ctx->state[3];
|
||||||
E = ctx->state[4];
|
local.E = ctx->state[4];
|
||||||
F = ctx->state[5];
|
local.F = ctx->state[5];
|
||||||
G = ctx->state[6];
|
local.G = ctx->state[6];
|
||||||
H = ctx->state[7];
|
local.H = ctx->state[7];
|
||||||
i = 0;
|
i = 0;
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
|
P( local.A, local.B, local.C, local.D, local.E,
|
||||||
P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
|
local.F, local.G, local.H, local.W[i], K[i] ); i++;
|
||||||
P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
|
P( local.H, local.A, local.B, local.C, local.D,
|
||||||
P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
|
local.E, local.F, local.G, local.W[i], K[i] ); i++;
|
||||||
P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
|
P( local.G, local.H, local.A, local.B, local.C,
|
||||||
P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
|
local.D, local.E, local.F, local.W[i], K[i] ); i++;
|
||||||
P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
|
P( local.F, local.G, local.H, local.A, local.B,
|
||||||
P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
|
local.C, local.D, local.E, local.W[i], K[i] ); i++;
|
||||||
|
P( local.E, local.F, local.G, local.H, local.A,
|
||||||
|
local.B, local.C, local.D, local.W[i], K[i] ); i++;
|
||||||
|
P( local.D, local.E, local.F, local.G, local.H,
|
||||||
|
local.A, local.B, local.C, local.W[i], K[i] ); i++;
|
||||||
|
P( local.C, local.D, local.E, local.F, local.G,
|
||||||
|
local.H, local.A, local.B, local.W[i], K[i] ); i++;
|
||||||
|
P( local.B, local.C, local.D, local.E, local.F,
|
||||||
|
local.G, local.H, local.A, local.W[i], K[i] ); i++;
|
||||||
}
|
}
|
||||||
while( i < 80 );
|
while( i < 80 );
|
||||||
|
|
||||||
ctx->state[0] += A;
|
ctx->state[0] += local.A;
|
||||||
ctx->state[1] += B;
|
ctx->state[1] += local.B;
|
||||||
ctx->state[2] += C;
|
ctx->state[2] += local.C;
|
||||||
ctx->state[3] += D;
|
ctx->state[3] += local.D;
|
||||||
ctx->state[4] += E;
|
ctx->state[4] += local.E;
|
||||||
ctx->state[5] += F;
|
ctx->state[5] += local.F;
|
||||||
ctx->state[6] += G;
|
ctx->state[6] += local.G;
|
||||||
ctx->state[7] += H;
|
ctx->state[7] += local.H;
|
||||||
|
|
||||||
|
/* Zeroise buffers and variables to clear sensitive data from memory. */
|
||||||
|
mbedtls_platform_zeroize( &local, sizeof( local ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -1088,6 +1088,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
|
||||||
|
|
||||||
if( crt->sig_oid.len != sig_oid2.len ||
|
if( crt->sig_oid.len != sig_oid2.len ||
|
||||||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
||||||
|
sig_params1.tag != sig_params2.tag ||
|
||||||
sig_params1.len != sig_params2.len ||
|
sig_params1.len != sig_params2.len ||
|
||||||
( sig_params1.len != 0 &&
|
( sig_params1.len != 0 &&
|
||||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||||
|
|
|
@ -157,7 +157,11 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
|
||||||
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
all_final += cli-rsa-sha256.crt.der
|
all_final += cli-rsa-sha256.crt.der
|
||||||
|
|
||||||
cli-rsa.key.der: $(cli_crt_key_file_rsa)
|
cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
|
||||||
|
hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
|
||||||
|
all_final += cli-rsa-sha256-badalg.crt.der
|
||||||
|
|
||||||
|
cli-rsa.key.der: $(cli_crt_key_file_rsa)
|
||||||
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||||
all_final += cli-rsa.key.der
|
all_final += cli-rsa.key.der
|
||||||
|
|
||||||
|
|
BIN
tests/data_files/cli-rsa-sha256-badalg.crt.der
Normal file
BIN
tests/data_files/cli-rsa-sha256-badalg.crt.der
Normal file
Binary file not shown.
|
@ -22,10 +22,16 @@ dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
|
||||||
Diffie-Hellman zero modulus
|
Diffie-Hellman zero modulus
|
||||||
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
|
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
|
||||||
|
|
||||||
Diffie-Hellman load parameters from file
|
Diffie-Hellman MPI_MAX_SIZE modulus
|
||||||
|
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0
|
||||||
|
|
||||||
|
Diffie-Hellman MPI_MAX_SIZE + 1 modulus
|
||||||
|
dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:10:"5":MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Diffie-Hellman load parameters from file [#1]
|
||||||
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
|
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
|
||||||
|
|
||||||
Diffie-Hellman load parameters from file
|
Diffie-Hellman load parameters from file [#2]
|
||||||
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
|
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
|
||||||
|
|
||||||
Diffie-Hellman selftest
|
Diffie-Hellman selftest
|
||||||
|
|
|
@ -206,6 +206,36 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result )
|
||||||
|
{
|
||||||
|
mbedtls_mpi P, G;
|
||||||
|
mbedtls_dhm_context ctx;
|
||||||
|
unsigned char output[MBEDTLS_MPI_MAX_SIZE];
|
||||||
|
|
||||||
|
mbedtls_mpi_init( &P );
|
||||||
|
mbedtls_mpi_init( &G );
|
||||||
|
mbedtls_dhm_init( &ctx );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_mpi_lset( &P, 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
|
||||||
|
output, sizeof(output),
|
||||||
|
&rnd_pseudo_rand,
|
||||||
|
NULL ) == result );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_mpi_free( &P );
|
||||||
|
mbedtls_mpi_free( &G );
|
||||||
|
mbedtls_dhm_free( &ctx );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
|
||||||
void dhm_file( char * filename, char * p, char * g, int len )
|
void dhm_file( char * filename, char * p, char * g, int len )
|
||||||
{
|
{
|
||||||
|
|
|
@ -673,16 +673,36 @@ mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"":10:"5":0
|
||||||
Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
|
Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
|
||||||
mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
Base test mbedtls_mpi_exp_mod #7 (Negative base + exponent)
|
Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent)
|
||||||
mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent
|
||||||
|
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent
|
||||||
|
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:10:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE modulus
|
||||||
|
mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE:10:"":0
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 modulus
|
||||||
|
mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent and modulus
|
||||||
|
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:10:"":0
|
||||||
|
|
||||||
|
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent and modulus
|
||||||
|
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
Test mbedtls_mpi_exp_mod #1
|
Test mbedtls_mpi_exp_mod #1
|
||||||
|
depends_on:MPI_MAX_BITS_LARGER_THAN_792
|
||||||
mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
|
mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
|
||||||
|
|
||||||
Test mbedtls_mpi_exp_mod (Negative base)
|
Test mbedtls_mpi_exp_mod (Negative base)
|
||||||
mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0
|
mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0
|
||||||
|
|
||||||
Test mbedtls_mpi_exp_mod (Negative base)
|
Test mbedtls_mpi_exp_mod (Negative base) [#2]
|
||||||
|
depends_on:MPI_MAX_BITS_LARGER_THAN_792
|
||||||
mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
|
mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
|
||||||
|
|
||||||
Base test GCD #1
|
Base test GCD #1
|
||||||
|
@ -923,6 +943,48 @@ mbedtls_mpi_set_bit:16:"00":32:1:16:"0100000000":0
|
||||||
Test bit set (Invalid bit value)
|
Test bit set (Invalid bit value)
|
||||||
mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Fill random: 0 bytes
|
||||||
|
mpi_fill_random:0:0:0
|
||||||
|
|
||||||
|
Fill random: 1 byte, good
|
||||||
|
mpi_fill_random:1:1:0
|
||||||
|
|
||||||
|
Fill random: 2 bytes, good, no leading zero
|
||||||
|
mpi_fill_random:2:2:0
|
||||||
|
|
||||||
|
Fill random: 2 bytes, good, 1 leading zero
|
||||||
|
mpi_fill_random:2:256:0
|
||||||
|
|
||||||
|
Fill random: MAX_SIZE - 7, good
|
||||||
|
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0
|
||||||
|
|
||||||
|
Fill random: MAX_SIZE, good
|
||||||
|
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0
|
||||||
|
|
||||||
|
Fill random: 1 byte, RNG failure
|
||||||
|
mpi_fill_random:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 2 bytes, RNG failure after 1 byte
|
||||||
|
mpi_fill_random:2:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 4 bytes, RNG failure after 3 bytes
|
||||||
|
mpi_fill_random:4:3:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 8 bytes, RNG failure after 7 bytes
|
||||||
|
mpi_fill_random:8:7:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 16 bytes, RNG failure after 1 bytes
|
||||||
|
mpi_fill_random:16:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 16 bytes, RNG failure after 8 bytes
|
||||||
|
mpi_fill_random:16:8:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: 16 bytes, RNG failure after 15 bytes
|
||||||
|
mpi_fill_random:16:15:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
|
Fill random: MAX_SIZE bytes, RNG failure after MAX_SIZE-1 bytes
|
||||||
|
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||||
|
|
||||||
MPI Selftest
|
MPI Selftest
|
||||||
depends_on:MBEDTLS_SELF_TEST
|
depends_on:MBEDTLS_SELF_TEST
|
||||||
mpi_selftest:
|
mpi_selftest:
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
/* BEGIN_HEADER */
|
/* BEGIN_HEADER */
|
||||||
#include "mbedtls/bignum.h"
|
#include "mbedtls/bignum.h"
|
||||||
|
#include "mbedtls/entropy.h"
|
||||||
|
|
||||||
|
#if MBEDTLS_MPI_MAX_BITS > 792
|
||||||
|
#define MPI_MAX_BITS_LARGER_THAN_792
|
||||||
|
#endif
|
||||||
|
|
||||||
typedef struct mbedtls_test_mpi_random
|
typedef struct mbedtls_test_mpi_random
|
||||||
{
|
{
|
||||||
|
@ -43,6 +48,22 @@ int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Random generator that is told how many bytes to return. */
|
||||||
|
static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len )
|
||||||
|
{
|
||||||
|
size_t *bytes_left = state;
|
||||||
|
size_t i;
|
||||||
|
for( i = 0; i < len; i++ )
|
||||||
|
{
|
||||||
|
if( *bytes_left == 0 )
|
||||||
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
|
buf[i] = *bytes_left & 0xff;
|
||||||
|
--( *bytes_left );
|
||||||
|
}
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/* END_HEADER */
|
/* END_HEADER */
|
||||||
|
|
||||||
/* BEGIN_DEPENDENCIES
|
/* BEGIN_DEPENDENCIES
|
||||||
|
@ -1114,6 +1135,40 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void mbedtls_mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
|
||||||
|
int radix_RR, char * input_RR, int exp_result )
|
||||||
|
{
|
||||||
|
mbedtls_mpi A, E, N, RR, Z;
|
||||||
|
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
|
||||||
|
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );
|
||||||
|
|
||||||
|
/* Set A to 2^(A_bytes - 1) + 1 */
|
||||||
|
TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );
|
||||||
|
|
||||||
|
/* Set E to 2^(E_bytes - 1) + 1 */
|
||||||
|
TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );
|
||||||
|
|
||||||
|
/* Set N to 2^(N_bytes - 1) + 1 */
|
||||||
|
TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
|
||||||
|
|
||||||
|
if( strlen( input_RR ) )
|
||||||
|
TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
|
||||||
|
mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y,
|
void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y,
|
||||||
char * input_Y, int radix_A, char * input_A,
|
char * input_Y, int radix_A, char * input_A,
|
||||||
|
@ -1255,6 +1310,37 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void mpi_fill_random( int wanted_bytes, int rng_bytes, int expected_ret )
|
||||||
|
{
|
||||||
|
mbedtls_mpi X;
|
||||||
|
int ret;
|
||||||
|
size_t bytes_left = rng_bytes;
|
||||||
|
mbedtls_mpi_init( &X );
|
||||||
|
|
||||||
|
ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
|
||||||
|
f_rng_bytes_left, &bytes_left );
|
||||||
|
TEST_ASSERT( ret == expected_ret );
|
||||||
|
|
||||||
|
if( expected_ret == 0 )
|
||||||
|
{
|
||||||
|
/* mbedtls_mpi_fill_random is documented to use bytes from the RNG
|
||||||
|
* as a big-endian representation of the number. We know when
|
||||||
|
* our RNG function returns null bytes, so we know how many
|
||||||
|
* leading zero bytes the number has. */
|
||||||
|
size_t leading_zeros = 0;
|
||||||
|
if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
|
||||||
|
leading_zeros = 1;
|
||||||
|
TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
|
||||||
|
(size_t) wanted_bytes );
|
||||||
|
TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
|
||||||
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_mpi_free( &X );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
||||||
void mpi_selftest( )
|
void mpi_selftest( )
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
Check compiletime library version
|
Check compiletime library version
|
||||||
check_compiletime_version:"2.16.8"
|
check_compiletime_version:"2.16.9"
|
||||||
|
|
||||||
Check runtime library version
|
Check runtime library version
|
||||||
check_runtime_version:"2.16.8"
|
check_runtime_version:"2.16.9"
|
||||||
|
|
||||||
Check for MBEDTLS_VERSION_C
|
Check for MBEDTLS_VERSION_C
|
||||||
check_feature:"MBEDTLS_VERSION_C":0
|
check_feature:"MBEDTLS_VERSION_C":0
|
||||||
|
|
|
@ -1884,6 +1884,10 @@ X509 File parse (trailing spaces, OK)
|
||||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||||
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
|
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
|
||||||
|
|
||||||
|
X509 File parse (Algorithm Params Tag mismatch)
|
||||||
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||||
|
x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
|
||||||
|
|
||||||
X509 Get time (UTC no issues)
|
X509 Get time (UTC no issues)
|
||||||
depends_on:MBEDTLS_X509_USE_C
|
depends_on:MBEDTLS_X509_USE_C
|
||||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
|
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
|
||||||
|
|
Loading…
Reference in a new issue