mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:05:28 +00:00
Merge branch 'development' into development-restricted
* development: Update crypto to a repo with latest crypto Update Mbed Crypto tls: Remove duplicate psa_util.h include Remove unused cryptography test files Remove crypto C files Remove files sourced from Mbed Crypto config: Fix Doxygen link to MBEDTLS_PARAM_FAILED Use mbedtls-based path for includes check-names: Consider crypto-sourced header files
This commit is contained in:
commit
58f11d010b
2
crypto
2
crypto
|
@ -1 +1 @@
|
|||
Subproject commit b6229e304e69e672dec653700467c696d32d19ae
|
||||
Subproject commit 24b8f9f1719fefa179c7d1e00717f415f4a0868b
|
|
@ -664,7 +664,7 @@ WARN_LOGFILE =
|
|||
# directories like "/usr/src/myproject". Separate the files or directories
|
||||
# with spaces.
|
||||
|
||||
INPUT = ../include input
|
||||
INPUT = ../include ../crypto/include input
|
||||
|
||||
# This tag can be used to specify the character encoding of the source files
|
||||
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
|
||||
|
@ -696,7 +696,12 @@ RECURSIVE = YES
|
|||
# Note that relative paths are relative to the directory from which doxygen is
|
||||
# run.
|
||||
|
||||
EXCLUDE =
|
||||
EXCLUDE = \
|
||||
../crypto/include/mbedtls/check_config.h \
|
||||
../crypto/include/mbedtls/compat-1.3.h \
|
||||
../crypto/include/mbedtls/config.h \
|
||||
../crypto/include/mbedtls/error.h \
|
||||
../crypto/include/mbedtls/version.h \
|
||||
|
||||
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
|
||||
# directories that are symbolic links (a Unix file system feature) are excluded
|
||||
|
|
|
@ -1,674 +0,0 @@
|
|||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief This file contains AES definitions and functions.
|
||||
*
|
||||
* The Advanced Encryption Standard (AES) specifies a FIPS-approved
|
||||
* cryptographic algorithm that can be used to protect electronic
|
||||
* data.
|
||||
*
|
||||
* The AES algorithm is a symmetric block cipher that can
|
||||
* encrypt and decrypt information. For more information, see
|
||||
* <em>FIPS Publication 197: Advanced Encryption Standard</em> and
|
||||
* <em>ISO/IEC 18033-2:2006: Information technology -- Security
|
||||
* techniques -- Encryption algorithms -- Part 2: Asymmetric
|
||||
* ciphers</em>.
|
||||
*
|
||||
* The AES-XTS block mode is standardized by NIST SP 800-38E
|
||||
* <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
|
||||
* and described in detail by IEEE P1619
|
||||
* <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AES_H
|
||||
#define MBEDTLS_AES_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* padlock.c and aesni.c rely on these values! */
|
||||
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
|
||||
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
|
||||
|
||||
/* Error codes in range 0x0020-0x0022 */
|
||||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
/* Error codes in range 0x0021-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
|
||||
|
||||
/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
|
||||
/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The AES context-type definition.
|
||||
*/
|
||||
typedef struct mbedtls_aes_context
|
||||
{
|
||||
int nr; /*!< The number of rounds. */
|
||||
uint32_t *rk; /*!< AES round keys. */
|
||||
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
|
||||
hold 32 extra Bytes, which can be used for
|
||||
one of the following purposes:
|
||||
<ul><li>Alignment if VIA padlock is
|
||||
used.</li>
|
||||
<li>Simplifying key expansion in the 256-bit
|
||||
case by generating an extra round key.
|
||||
</li></ul> */
|
||||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
/**
|
||||
* \brief The AES XTS context-type definition.
|
||||
*/
|
||||
typedef struct mbedtls_aes_xts_context
|
||||
{
|
||||
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
|
||||
encryption or decryption. */
|
||||
mbedtls_aes_context tweak; /*!< The AES context used for tweak
|
||||
computation. */
|
||||
} mbedtls_aes_xts_context;
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified AES context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified AES context.
|
||||
*
|
||||
* \param ctx The AES context to clear.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
* Otherwise, the context must have been at least initialized.
|
||||
*/
|
||||
void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
/**
|
||||
* \brief This function initializes the specified AES XTS context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified AES XTS context.
|
||||
*
|
||||
* \param ctx The AES XTS context to clear.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
* Otherwise, the context must have been at least initialized.
|
||||
*/
|
||||
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
/**
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The encryption key.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The decryption key.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
/**
|
||||
* \brief This function prepares an XTS context for encryption and
|
||||
* sets the encryption key.
|
||||
*
|
||||
* \param ctx The AES XTS context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The encryption key. This is comprised of the XTS key1
|
||||
* concatenated with the XTS key2.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of \p key passed in bits. Valid options are:
|
||||
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
|
||||
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function prepares an XTS context for decryption and
|
||||
* sets the decryption key.
|
||||
*
|
||||
* \param ctx The AES XTS context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The decryption key. This is comprised of the XTS key1
|
||||
* concatenated with the XTS key2.
|
||||
* This must be a readable buffer of size \p keybits bits.
|
||||
* \param keybits The size of \p key passed in bits. Valid options are:
|
||||
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
|
||||
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
/**
|
||||
* \brief This function performs an AES single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode parameter
|
||||
* (encrypt or decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
|
||||
* mbedtls_aes_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and at least \c 16 Bytes long.
|
||||
* \param output The buffer where the output data will be written.
|
||||
* It must be writeable and at least \c 16 Bytes long.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief This function performs an AES-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aes_init(), and either
|
||||
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \note This function operates on full blocks, that is, the input size
|
||||
* must be a multiple of the AES block size of \c 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (\c 16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
/**
|
||||
* \brief This function performs an AES-XTS encryption or decryption
|
||||
* operation for an entire XTS data unit.
|
||||
*
|
||||
* AES-XTS encrypts or decrypts blocks based on their location as
|
||||
* defined by a data unit number. The data unit number must be
|
||||
* provided by \p data_unit.
|
||||
*
|
||||
* NIST SP 800-38E limits the maximum size of a data unit to 2^20
|
||||
* AES blocks. If the data unit is larger than this, this function
|
||||
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
|
||||
*
|
||||
* \param ctx The AES XTS context to use for AES XTS operations.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of a data unit in Bytes. This can be any
|
||||
* length between 16 bytes and 2^24 bytes inclusive
|
||||
* (between 1 and 2^20 block cipher blocks).
|
||||
* \param data_unit The address of the data unit encoded as an array of 16
|
||||
* bytes in little-endian format. For disk encryption, this
|
||||
* is typically the index of the block device sector that
|
||||
* contains the data.
|
||||
* \param input The buffer holding the input data (which is an entire
|
||||
* data unit). This function reads \p length Bytes from \p
|
||||
* input.
|
||||
* \param output The buffer holding the output data (which is an entire
|
||||
* data unit). This function writes \p length Bytes to \p
|
||||
* output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
|
||||
* smaller than an AES block in size (16 Bytes) or if \p
|
||||
* length is larger than 2^20 blocks (16 MiB).
|
||||
*/
|
||||
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
const unsigned char data_unit[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief This function performs an AES-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* It must point to a valid \c size_t.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function performs an AES-CFB8 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined
|
||||
* in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CFB, you must use the same key schedule for
|
||||
* both encryption and decryption operations. Therefore, you must
|
||||
* use the context initialized with mbedtls_aes_setkey_enc() for
|
||||
* both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT
|
||||
* \param length The length of the input data.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /*MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
||||
/**
|
||||
* \brief This function performs an AES-OFB (Output Feedback Mode)
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* For OFB, you must set up the context with
|
||||
* mbedtls_aes_setkey_enc(), regardless of whether you are
|
||||
* performing an encryption or decryption operation. This is
|
||||
* because OFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* The OFB operation is identical for encryption or decryption,
|
||||
* therefore no operation mode needs to be specified.
|
||||
*
|
||||
* \note Upon exit, the content of iv, the Initialisation Vector, is
|
||||
* updated so that you can call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was encrypted
|
||||
* in one call. This allows a "streaming" usage, by initialising
|
||||
* iv_off to 0 before the first call, and preserving its value
|
||||
* between calls.
|
||||
*
|
||||
* For non-streaming use, the iv should be initialised on each call
|
||||
* to a unique value, and iv_off set to 0 on each call.
|
||||
*
|
||||
* If you need to retain the contents of the initialisation vector,
|
||||
* you must either save it manually or use the cipher module
|
||||
* instead.
|
||||
*
|
||||
* \warning For the OFB mode, the initialisation vector must be unique
|
||||
* every encryption operation. Reuse of an initialisation vector
|
||||
* will compromise security.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* It must point to a valid \c size_t.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* It must be a readable and writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_MODE_OFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief This function performs an AES-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aes_setkey_enc()
|
||||
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an AES block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* It must point to a valid \c size_t.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* It must be a readable-writeable buffer of \c 16 Bytes.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* It must be a readable-writeable buffer of \c 16 Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* It must be readable and of size \p length Bytes.
|
||||
* \param output The buffer holding the output data.
|
||||
* It must be writeable and of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[16],
|
||||
unsigned char stream_block[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
/**
|
||||
* \brief Internal AES block encryption function. This is only
|
||||
* exposed to allow overriding it using
|
||||
* \c MBEDTLS_AES_ENCRYPT_ALT.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input The plaintext block.
|
||||
* \param output The output (ciphertext) block.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal AES block decryption function. This is only
|
||||
* exposed to allow overriding it using see
|
||||
* \c MBEDTLS_AES_DECRYPT_ALT.
|
||||
*
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input The ciphertext block.
|
||||
* \param output The output (plaintext) block.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Deprecated internal AES block encryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_aes_encrypt()
|
||||
*
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input Plaintext block.
|
||||
* \param output Output (ciphertext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Deprecated internal AES block decryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_aes_decrypt()
|
||||
*
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input Ciphertext block.
|
||||
* \param output Output (plaintext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* aes.h */
|
|
@ -1,138 +0,0 @@
|
|||
/**
|
||||
* \file aesni.h
|
||||
*
|
||||
* \brief AES-NI for hardware AES acceleration on some Intel processors
|
||||
*
|
||||
* \warning These functions are only for internal use by other library
|
||||
* functions; you must not call them directly.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_AESNI_H
|
||||
#define MBEDTLS_AESNI_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#define MBEDTLS_AESNI_AES 0x02000000u
|
||||
#define MBEDTLS_AESNI_CLMUL 0x00000002u
|
||||
|
||||
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
|
||||
( defined(__amd64__) || defined(__x86_64__) ) && \
|
||||
! defined(MBEDTLS_HAVE_X86_64)
|
||||
#define MBEDTLS_HAVE_X86_64
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_X86_64)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Internal function to detect the AES-NI feature in CPUs.
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param what The feature to detect
|
||||
* (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
|
||||
*
|
||||
* \return 1 if CPU has support for the feature, 0 otherwise
|
||||
*/
|
||||
int mbedtls_aesni_has_support( unsigned int what );
|
||||
|
||||
/**
|
||||
* \brief Internal AES-NI AES-ECB block encryption and decryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
*
|
||||
* \return 0 on success (cannot fail)
|
||||
*/
|
||||
int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal GCM multiplication: c = a * b in GF(2^128)
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param c Result
|
||||
* \param a First operand
|
||||
* \param b Second operand
|
||||
*
|
||||
* \note Both operands and result are bit strings interpreted as
|
||||
* elements of GF(2^128) as per the GCM spec.
|
||||
*/
|
||||
void mbedtls_aesni_gcm_mult( unsigned char c[16],
|
||||
const unsigned char a[16],
|
||||
const unsigned char b[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal round key inversion. This function computes
|
||||
* decryption round keys from the encryption round keys.
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param invkey Round keys for the equivalent inverse cipher
|
||||
* \param fwdkey Original round keys (for encryption)
|
||||
* \param nr Number of rounds (that is, number of round keys minus one)
|
||||
*/
|
||||
void mbedtls_aesni_inverse_key( unsigned char *invkey,
|
||||
const unsigned char *fwdkey,
|
||||
int nr );
|
||||
|
||||
/**
|
||||
* \brief Internal key expansion for encryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param rk Destination buffer where the round keys are written
|
||||
* \param key Encryption key
|
||||
* \param bits Key size in bits (must be 128, 192 or 256)
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int mbedtls_aesni_setkey_enc( unsigned char *rk,
|
||||
const unsigned char *key,
|
||||
size_t bits );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_HAVE_X86_64 */
|
||||
|
||||
#endif /* MBEDTLS_AESNI_H */
|
|
@ -1,146 +0,0 @@
|
|||
/**
|
||||
* \file arc4.h
|
||||
*
|
||||
* \brief The ARCFOUR stream cipher
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_ARC4_H
|
||||
#define MBEDTLS_ARC4_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief ARC4 context structure
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_arc4_context
|
||||
{
|
||||
int x; /*!< permutation index */
|
||||
int y; /*!< permutation index */
|
||||
unsigned char m[256]; /*!< permutation table */
|
||||
}
|
||||
mbedtls_arc4_context;
|
||||
|
||||
#else /* MBEDTLS_ARC4_ALT */
|
||||
#include "arc4_alt.h"
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be initialized
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be cleared
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief ARC4 key schedule
|
||||
*
|
||||
* \param ctx ARC4 context to be setup
|
||||
* \param key the secret key
|
||||
* \param keylen length of the key, in bytes
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
||||
unsigned int keylen );
|
||||
|
||||
/**
|
||||
* \brief ARC4 cipher function
|
||||
*
|
||||
* \param ctx ARC4 context
|
||||
* \param length length of the input data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for the output data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* arc4.h */
|
|
@ -1,370 +0,0 @@
|
|||
/**
|
||||
* \file aria.h
|
||||
*
|
||||
* \brief ARIA block cipher
|
||||
*
|
||||
* The ARIA algorithm is a symmetric block cipher that can encrypt and
|
||||
* decrypt information. It is defined by the Korean Agency for
|
||||
* Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
|
||||
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
|
||||
* and also described by the IETF in <em>RFC 5794</em>.
|
||||
*/
|
||||
/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ARIA_H
|
||||
#define MBEDTLS_ARIA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
|
||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
|
||||
|
||||
/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ARIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The ARIA context-type definition.
|
||||
*/
|
||||
typedef struct mbedtls_aria_context
|
||||
{
|
||||
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
|
||||
/*! The ARIA round keys. */
|
||||
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
|
||||
}
|
||||
mbedtls_aria_context;
|
||||
|
||||
#else /* MBEDTLS_ARIA_ALT */
|
||||
#include "aria_alt.h"
|
||||
#endif /* MBEDTLS_ARIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified ARIA context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The ARIA context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_aria_init( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ARIA context.
|
||||
*
|
||||
* \param ctx The ARIA context to clear. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not \c NULL,
|
||||
* it must point to an initialized ARIA context.
|
||||
*/
|
||||
void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* This must be initialized.
|
||||
* \param key The encryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The size of \p key in Bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* This must be initialized.
|
||||
* \param key The decryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function performs an ARIA single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* It performs encryption or decryption (depending on whether
|
||||
* the key was set for encryption on decryption) on the input
|
||||
* data buffer defined in the \p input parameter.
|
||||
*
|
||||
* mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
|
||||
* mbedtls_aria_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aria_init(), and either
|
||||
* mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the ARIA block size of 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_ARIA_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_ARIA_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* This must be a readable buffer of size 16 Bytes.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_ARIA_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_ARIA_DECRYPT for decryption.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* This must not be larger than 15.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* This must be a readable buffer of size 16 Bytes.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aria_setkey_enc()
|
||||
* for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an ARIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* \param nc_off The offset in Bytes in the current \p stream_block,
|
||||
* for resuming within the current cipher stream. The
|
||||
* offset pointer should be \c 0 at the start of a
|
||||
* stream. This must not be larger than \c 15 Bytes.
|
||||
* \param nonce_counter The 128-bit nonce and counter. This must point to
|
||||
* a read/write buffer of length \c 16 bytes.
|
||||
* \param stream_block The saved stream block for resuming. This must
|
||||
* point to a read/write buffer of length \c 16 bytes.
|
||||
* This is overwritten by the function.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must
|
||||
* be a writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aria_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* aria.h */
|
|
@ -1,358 +0,0 @@
|
|||
/**
|
||||
* \file asn1.h
|
||||
*
|
||||
* \brief Generic ASN.1 parsing
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ASN1_H
|
||||
#define MBEDTLS_ASN1_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
#include "bignum.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \addtogroup asn1_module
|
||||
* \{
|
||||
*/
|
||||
|
||||
/**
|
||||
* \name ASN1 Error codes
|
||||
* These error codes are OR'ed to X509 error codes for
|
||||
* higher error granularity.
|
||||
* ASN1 is a standard to specify data structures.
|
||||
* \{
|
||||
*/
|
||||
#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */
|
||||
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */
|
||||
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */
|
||||
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */
|
||||
#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */
|
||||
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A /**< Memory allocation failed */
|
||||
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */
|
||||
|
||||
/* \} name */
|
||||
|
||||
/**
|
||||
* \name DER constants
|
||||
* These constants comply with the DER encoded ASN.1 type tags.
|
||||
* DER encoding uses hexadecimal representation.
|
||||
* An example DER sequence is:\n
|
||||
* - 0x02 -- tag indicating INTEGER
|
||||
* - 0x01 -- length in octets
|
||||
* - 0x05 -- value
|
||||
* Such sequences are typically read into \c ::mbedtls_x509_buf.
|
||||
* \{
|
||||
*/
|
||||
#define MBEDTLS_ASN1_BOOLEAN 0x01
|
||||
#define MBEDTLS_ASN1_INTEGER 0x02
|
||||
#define MBEDTLS_ASN1_BIT_STRING 0x03
|
||||
#define MBEDTLS_ASN1_OCTET_STRING 0x04
|
||||
#define MBEDTLS_ASN1_NULL 0x05
|
||||
#define MBEDTLS_ASN1_OID 0x06
|
||||
#define MBEDTLS_ASN1_UTF8_STRING 0x0C
|
||||
#define MBEDTLS_ASN1_SEQUENCE 0x10
|
||||
#define MBEDTLS_ASN1_SET 0x11
|
||||
#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
|
||||
#define MBEDTLS_ASN1_T61_STRING 0x14
|
||||
#define MBEDTLS_ASN1_IA5_STRING 0x16
|
||||
#define MBEDTLS_ASN1_UTC_TIME 0x17
|
||||
#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
|
||||
#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
|
||||
#define MBEDTLS_ASN1_BMP_STRING 0x1E
|
||||
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
||||
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
||||
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||
|
||||
/*
|
||||
* Bit masks for each of the components of an ASN.1 tag as specified in
|
||||
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
|
||||
* paragraph 8.1.2.2:
|
||||
*
|
||||
* Bit 8 7 6 5 1
|
||||
* +-------+-----+------------+
|
||||
* | Class | P/C | Tag number |
|
||||
* +-------+-----+------------+
|
||||
*/
|
||||
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
||||
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup asn1_module */
|
||||
|
||||
/** Returns the size of the binary string, without the trailing \\0 */
|
||||
#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
|
||||
|
||||
/**
|
||||
* Compares an mbedtls_asn1_buf structure to a reference OID.
|
||||
*
|
||||
* Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
|
||||
* 'unsigned char *oid' here!
|
||||
*/
|
||||
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
|
||||
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
|
||||
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name Functions to parse ASN.1 data structures
|
||||
* \{
|
||||
*/
|
||||
|
||||
/**
|
||||
* Type-length-value structure that allows for ASN1 using DER.
|
||||
*/
|
||||
typedef struct mbedtls_asn1_buf
|
||||
{
|
||||
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
|
||||
}
|
||||
mbedtls_asn1_buf;
|
||||
|
||||
/**
|
||||
* Container for ASN1 bit strings.
|
||||
*/
|
||||
typedef struct mbedtls_asn1_bitstring
|
||||
{
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
|
||||
unsigned char *p; /**< Raw ASN1 data for the bit string */
|
||||
}
|
||||
mbedtls_asn1_bitstring;
|
||||
|
||||
/**
|
||||
* Container for a sequence of ASN.1 items
|
||||
*/
|
||||
typedef struct mbedtls_asn1_sequence
|
||||
{
|
||||
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
|
||||
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
|
||||
}
|
||||
mbedtls_asn1_sequence;
|
||||
|
||||
/**
|
||||
* Container for a sequence or list of 'named' ASN.1 data items
|
||||
*/
|
||||
typedef struct mbedtls_asn1_named_data
|
||||
{
|
||||
mbedtls_asn1_buf oid; /**< The object identifier. */
|
||||
mbedtls_asn1_buf val; /**< The named value. */
|
||||
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
|
||||
unsigned char next_merged; /**< Merge next item into the current one? */
|
||||
}
|
||||
mbedtls_asn1_named_data;
|
||||
|
||||
/**
|
||||
* \brief Get the length of an ASN.1 element.
|
||||
* Updates the pointer to immediately behind the length.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param len The variable that will receive the value
|
||||
*
|
||||
* \return 0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
|
||||
* end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
|
||||
* unparseable.
|
||||
*/
|
||||
int mbedtls_asn1_get_len( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
size_t *len );
|
||||
|
||||
/**
|
||||
* \brief Get the tag and length of the tag. Check for the requested tag.
|
||||
* Updates the pointer to immediately behind the tag and length.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param len The variable that will receive the length
|
||||
* \param tag The expected tag
|
||||
*
|
||||
* \return 0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
|
||||
* not match requested tag, or another specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_tag( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
size_t *len, int tag );
|
||||
|
||||
/**
|
||||
* \brief Retrieve a boolean ASN.1 tag and its value.
|
||||
* Updates the pointer to immediately behind the full tag.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param val The variable that will receive the value
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_bool( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
int *val );
|
||||
|
||||
/**
|
||||
* \brief Retrieve an integer ASN.1 tag and its value.
|
||||
* Updates the pointer to immediately behind the full tag.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param val The variable that will receive the value
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_int( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
int *val );
|
||||
|
||||
/**
|
||||
* \brief Retrieve a bitstring ASN.1 tag and its value.
|
||||
* Updates the pointer to immediately behind the full tag.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param bs The variable that will receive the value
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
|
||||
mbedtls_asn1_bitstring *bs);
|
||||
|
||||
/**
|
||||
* \brief Retrieve a bitstring ASN.1 tag without unused bits and its
|
||||
* value.
|
||||
* Updates the pointer to the beginning of the bit/octet string.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param len Length of the actual bit/octect string in bytes
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
|
||||
size_t *len );
|
||||
|
||||
/**
|
||||
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
||||
* Updated the pointer to immediately behind the full sequence tag.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param cur First variable in the chain to fill
|
||||
* \param tag Type of sequence
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_sequence_of( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_sequence *cur,
|
||||
int tag);
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
/**
|
||||
* \brief Retrieve a MPI value from an integer ASN.1 tag.
|
||||
* Updates the pointer to immediately behind the full tag.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param X The MPI that will receive the value
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 or MPI error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_mpi( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_mpi *X );
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
/**
|
||||
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
|
||||
* Updates the pointer to immediately behind the full
|
||||
* AlgorithmIdentifier.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param alg The buffer to receive the OID
|
||||
* \param params The buffer to receive the params (if any)
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 or MPI error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_alg( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
|
||||
|
||||
/**
|
||||
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
|
||||
* params.
|
||||
* Updates the pointer to immediately behind the full
|
||||
* AlgorithmIdentifier.
|
||||
*
|
||||
* \param p The position in the ASN.1 data
|
||||
* \param end End of data
|
||||
* \param alg The buffer to receive the OID
|
||||
*
|
||||
* \return 0 if successful or a specific ASN.1 or MPI error code.
|
||||
*/
|
||||
int mbedtls_asn1_get_alg_null( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_buf *alg );
|
||||
|
||||
/**
|
||||
* \brief Find a specific named_data entry in a sequence or list based on
|
||||
* the OID.
|
||||
*
|
||||
* \param list The list to seek through
|
||||
* \param oid The OID to look for
|
||||
* \param len Size of the OID
|
||||
*
|
||||
* \return NULL if not found, or a pointer to the existing entry.
|
||||
*/
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
|
||||
const char *oid, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Free a mbedtls_asn1_named_data entry
|
||||
*
|
||||
* \param entry The named data entry to free
|
||||
*/
|
||||
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
|
||||
|
||||
/**
|
||||
* \brief Free all entries in a mbedtls_asn1_named_data list
|
||||
* Head will be set to NULL
|
||||
*
|
||||
* \param head Pointer to the head of the list of named data entries to free
|
||||
*/
|
||||
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* asn1.h */
|
|
@ -1,351 +0,0 @@
|
|||
/**
|
||||
* \file asn1write.h
|
||||
*
|
||||
* \brief ASN.1 buffer writing functionality
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ASN1_WRITE_H
|
||||
#define MBEDTLS_ASN1_WRITE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
|
||||
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
|
||||
do \
|
||||
{ \
|
||||
if( ( ret = (f) ) < 0 ) \
|
||||
return( ret ); \
|
||||
else \
|
||||
(g) += ret; \
|
||||
} while( 0 )
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Write a length field in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param len The length value to write.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
|
||||
size_t len );
|
||||
/**
|
||||
* \brief Write an ASN.1 tag in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param tag The tag to write.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
|
||||
unsigned char tag );
|
||||
|
||||
/**
|
||||
* \brief Write raw buffer data.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param buf The data buffer to write.
|
||||
* \param size The length of the data buffer.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t size );
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
/**
|
||||
* \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
|
||||
* in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param X The MPI to write.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
|
||||
const mbedtls_mpi *X );
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
/**
|
||||
* \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
|
||||
* in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
|
||||
|
||||
/**
|
||||
* \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
|
||||
* in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param oid The OID to write.
|
||||
* \param oid_len The length of the OID.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len );
|
||||
|
||||
/**
|
||||
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param oid The OID of the algorithm to write.
|
||||
* \param oid_len The length of the algorithm's OID.
|
||||
* \param par_len The length of the parameters, which must be already written.
|
||||
* If 0, NULL parameters are added
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
size_t par_len );
|
||||
|
||||
/**
|
||||
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
|
||||
* in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param boolean The boolean value to write, either \c 0 or \c 1.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
|
||||
int boolean );
|
||||
|
||||
/**
|
||||
* \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
|
||||
* in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param val The integer value to write.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
|
||||
|
||||
/**
|
||||
* \brief Write a string in ASN.1 format using a specific
|
||||
* string encoding tag.
|
||||
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param tag The string encoding tag to write, e.g.
|
||||
* #MBEDTLS_ASN1_UTF8_STRING.
|
||||
* \param text The string to write.
|
||||
* \param text_len The length of \p text in bytes (which might
|
||||
* be strictly larger than the number of characters).
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
|
||||
int tag, const char *text,
|
||||
size_t text_len );
|
||||
|
||||
/**
|
||||
* \brief Write a string in ASN.1 format using the PrintableString
|
||||
* string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param text The string to write.
|
||||
* \param text_len The length of \p text in bytes (which might
|
||||
* be strictly larger than the number of characters).
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_printable_string( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const char *text, size_t text_len );
|
||||
|
||||
/**
|
||||
* \brief Write a UTF8 string in ASN.1 format using the UTF8String
|
||||
* string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param text The string to write.
|
||||
* \param text_len The length of \p text in bytes (which might
|
||||
* be strictly larger than the number of characters).
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
|
||||
const char *text, size_t text_len );
|
||||
|
||||
/**
|
||||
* \brief Write a string in ASN.1 format using the IA5String
|
||||
* string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param text The string to write.
|
||||
* \param text_len The length of \p text in bytes (which might
|
||||
* be strictly larger than the number of characters).
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
||||
const char *text, size_t text_len );
|
||||
|
||||
/**
|
||||
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
|
||||
* value in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param buf The bitstring to write.
|
||||
* \param bits The total number of bits in the bitstring.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t bits );
|
||||
|
||||
/**
|
||||
* \brief This function writes a named bitstring tag
|
||||
* (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
|
||||
*
|
||||
* As stated in RFC 5280 Appendix B, trailing zeroes are
|
||||
* omitted when encoding named bitstrings in DER.
|
||||
*
|
||||
* \note This function works backwards within the data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer which is used for bounds-checking.
|
||||
* \param buf The bitstring to write.
|
||||
* \param bits The total number of bits in the bitstring.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_named_bitstring( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const unsigned char *buf,
|
||||
size_t bits );
|
||||
|
||||
/**
|
||||
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
|
||||
* and value in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param buf The buffer holding the data to write.
|
||||
* \param size The length of the data buffer \p buf.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t size );
|
||||
|
||||
/**
|
||||
* \brief Create or find a specific named_data entry for writing in a
|
||||
* sequence or list based on the OID. If not already in there,
|
||||
* a new entry is added to the head of the list.
|
||||
* Warning: Destructive behaviour for the val data!
|
||||
*
|
||||
* \param list The pointer to the location of the head of the list to seek
|
||||
* through (will be updated in case of a new entry).
|
||||
* \param oid The OID to look for.
|
||||
* \param oid_len The size of the OID.
|
||||
* \param val The data to store (can be \c NULL if you want to fill
|
||||
* it by hand).
|
||||
* \param val_len The minimum length of the data buffer needed.
|
||||
*
|
||||
* \return A pointer to the new / existing entry on success.
|
||||
* \return \c NULL if if there was a memory allocation error.
|
||||
*/
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
|
||||
const char *oid, size_t oid_len,
|
||||
const unsigned char *val,
|
||||
size_t val_len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_ASN1_WRITE_H */
|
|
@ -1,98 +0,0 @@
|
|||
/**
|
||||
* \file base64.h
|
||||
*
|
||||
* \brief RFC 1521 base64 encoding/decoding
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_BASE64_H
|
||||
#define MBEDTLS_BASE64_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
|
||||
#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Encode a buffer into base64 format
|
||||
*
|
||||
* \param dst destination buffer
|
||||
* \param dlen size of the destination buffer
|
||||
* \param olen number of bytes written
|
||||
* \param src source buffer
|
||||
* \param slen amount of data to be encoded
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
|
||||
* *olen is always updated to reflect the amount
|
||||
* of data that has (or would have) been written.
|
||||
* If that length cannot be represented, then no data is
|
||||
* written to the buffer and *olen is set to the maximum
|
||||
* length representable as a size_t.
|
||||
*
|
||||
* \note Call this function with dlen = 0 to obtain the
|
||||
* required buffer size in *olen
|
||||
*/
|
||||
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
const unsigned char *src, size_t slen );
|
||||
|
||||
/**
|
||||
* \brief Decode a base64-formatted buffer
|
||||
*
|
||||
* \param dst destination buffer (can be NULL for checking size)
|
||||
* \param dlen size of the destination buffer
|
||||
* \param olen number of bytes written
|
||||
* \param src source buffer
|
||||
* \param slen amount of data to be decoded
|
||||
*
|
||||
* \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
|
||||
* MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
|
||||
* not correct. *olen is always updated to reflect the amount
|
||||
* of data that has (or would have) been written.
|
||||
*
|
||||
* \note Call this function with *dst = NULL or dlen = 0 to obtain
|
||||
* the required buffer size in *olen
|
||||
*/
|
||||
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
const unsigned char *src, size_t slen );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_base64_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* base64.h */
|
File diff suppressed because it is too large
Load diff
|
@ -1,287 +0,0 @@
|
|||
/**
|
||||
* \file blowfish.h
|
||||
*
|
||||
* \brief Blowfish block cipher
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_BLOWFISH_H
|
||||
#define MBEDTLS_BLOWFISH_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_BLOWFISH_ENCRYPT 1
|
||||
#define MBEDTLS_BLOWFISH_DECRYPT 0
|
||||
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
|
||||
#define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32
|
||||
#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
|
||||
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief Blowfish context structure
|
||||
*/
|
||||
typedef struct mbedtls_blowfish_context
|
||||
{
|
||||
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
|
||||
uint32_t S[4][256]; /*!< key dependent S-boxes */
|
||||
}
|
||||
mbedtls_blowfish_context;
|
||||
|
||||
#else /* MBEDTLS_BLOWFISH_ALT */
|
||||
#include "blowfish_alt.h"
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize a Blowfish context.
|
||||
*
|
||||
* \param ctx The Blowfish context to be initialized.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear a Blowfish context.
|
||||
*
|
||||
* \param ctx The Blowfish context to be cleared.
|
||||
* This may be \c NULL, in which case this function
|
||||
* returns immediately. If it is not \c NULL, it must
|
||||
* point to an initialized Blowfish context.
|
||||
*/
|
||||
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Perform a Blowfish key schedule operation.
|
||||
*
|
||||
* \param ctx The Blowfish context to perform the key schedule on.
|
||||
* \param key The encryption key. This must be a readable buffer of
|
||||
* length \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be between
|
||||
* \c 32 and \c 448 and a multiple of \c 8.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Perform a Blowfish-ECB block encryption/decryption operation.
|
||||
*
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param input The input block. This must be a readable buffer
|
||||
* of size \c 8 Bytes.
|
||||
* \param output The output block. This must be a writable buffer
|
||||
* of size \c 8 Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief Perform a Blowfish-CBC buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes. This must be
|
||||
* multiple of \c 8.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 8 Bytes. It is updated by this function.
|
||||
* \param input The input data. This must be a readable buffer of length
|
||||
* \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of length
|
||||
* \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief Perform a Blowfish CFB buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. Possible values are
|
||||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv_off The offset in the initialiation vector.
|
||||
* The value pointed to must be smaller than \c 8 Bytes.
|
||||
* It is updated by this function to support the aforementioned
|
||||
* streaming usage.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of size \c 8 Bytes. It is updated after use.
|
||||
* \param input The input data. This must be a readable buffer of length
|
||||
* \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of length
|
||||
* \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /*MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief Perform a Blowfish-CTR buffer encryption/decryption operation.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**64
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 4 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 4 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**32 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a Blowfish block is 8 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The Blowfish context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer
|
||||
* should be \c 0 at the start of a stream and must be
|
||||
* smaller than \c 8. It is updated by this function.
|
||||
* \param nonce_counter The 64-bit nonce and counter. This must point to a
|
||||
* read/write buffer of length \c 8 Bytes.
|
||||
* \param stream_block The saved stream-block for resuming. This must point to
|
||||
* a read/write buffer of length \c 8 Bytes.
|
||||
* \param input The input data. This must be a readable buffer of
|
||||
* length \p length Bytes.
|
||||
* \param output The output data. This must be a writable buffer of
|
||||
* length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* blowfish.h */
|
|
@ -1,916 +0,0 @@
|
|||
/**
|
||||
* \file bn_mul.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* Multiply source vector [s] with b, add result
|
||||
* to destination vector [d] and set carry c.
|
||||
*
|
||||
* Currently supports:
|
||||
*
|
||||
* . IA-32 (386+) . AMD64 / EM64T
|
||||
* . IA-32 (SSE2) . Motorola 68000
|
||||
* . PowerPC, 32-bit . MicroBlaze
|
||||
* . PowerPC, 64-bit . TriCore
|
||||
* . SPARC v8 . ARM v3+
|
||||
* . Alpha . MIPS32
|
||||
* . C, longlong . C, generic
|
||||
*/
|
||||
#ifndef MBEDTLS_BN_MUL_H
|
||||
#define MBEDTLS_BN_MUL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
#if defined(MBEDTLS_HAVE_ASM)
|
||||
|
||||
#ifndef asm
|
||||
#define asm __asm
|
||||
#endif
|
||||
|
||||
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
|
||||
#if defined(__GNUC__) && \
|
||||
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
|
||||
|
||||
/*
|
||||
* Disable use of the i386 assembly code below if option -O0, to disable all
|
||||
* compiler optimisations, is passed, detected with __OPTIMIZE__
|
||||
* This is done as the number of registers used in the assembly code doesn't
|
||||
* work with the -O0 option.
|
||||
*/
|
||||
#if defined(__i386__) && defined(__OPTIMIZE__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"movl %%ebx, %0 \n\t" \
|
||||
"movl %5, %%esi \n\t" \
|
||||
"movl %6, %%edi \n\t" \
|
||||
"movl %7, %%ecx \n\t" \
|
||||
"movl %8, %%ebx \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"lodsl \n\t" \
|
||||
"mull %%ebx \n\t" \
|
||||
"addl %%ecx, %%eax \n\t" \
|
||||
"adcl $0, %%edx \n\t" \
|
||||
"addl (%%edi), %%eax \n\t" \
|
||||
"adcl $0, %%edx \n\t" \
|
||||
"movl %%edx, %%ecx \n\t" \
|
||||
"stosl \n\t"
|
||||
|
||||
#if defined(MBEDTLS_HAVE_SSE2)
|
||||
|
||||
#define MULADDC_HUIT \
|
||||
"movd %%ecx, %%mm1 \n\t" \
|
||||
"movd %%ebx, %%mm0 \n\t" \
|
||||
"movd (%%edi), %%mm3 \n\t" \
|
||||
"paddq %%mm3, %%mm1 \n\t" \
|
||||
"movd (%%esi), %%mm2 \n\t" \
|
||||
"pmuludq %%mm0, %%mm2 \n\t" \
|
||||
"movd 4(%%esi), %%mm4 \n\t" \
|
||||
"pmuludq %%mm0, %%mm4 \n\t" \
|
||||
"movd 8(%%esi), %%mm6 \n\t" \
|
||||
"pmuludq %%mm0, %%mm6 \n\t" \
|
||||
"movd 12(%%esi), %%mm7 \n\t" \
|
||||
"pmuludq %%mm0, %%mm7 \n\t" \
|
||||
"paddq %%mm2, %%mm1 \n\t" \
|
||||
"movd 4(%%edi), %%mm3 \n\t" \
|
||||
"paddq %%mm4, %%mm3 \n\t" \
|
||||
"movd 8(%%edi), %%mm5 \n\t" \
|
||||
"paddq %%mm6, %%mm5 \n\t" \
|
||||
"movd 12(%%edi), %%mm4 \n\t" \
|
||||
"paddq %%mm4, %%mm7 \n\t" \
|
||||
"movd %%mm1, (%%edi) \n\t" \
|
||||
"movd 16(%%esi), %%mm2 \n\t" \
|
||||
"pmuludq %%mm0, %%mm2 \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"movd 20(%%esi), %%mm4 \n\t" \
|
||||
"pmuludq %%mm0, %%mm4 \n\t" \
|
||||
"paddq %%mm3, %%mm1 \n\t" \
|
||||
"movd 24(%%esi), %%mm6 \n\t" \
|
||||
"pmuludq %%mm0, %%mm6 \n\t" \
|
||||
"movd %%mm1, 4(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"movd 28(%%esi), %%mm3 \n\t" \
|
||||
"pmuludq %%mm0, %%mm3 \n\t" \
|
||||
"paddq %%mm5, %%mm1 \n\t" \
|
||||
"movd 16(%%edi), %%mm5 \n\t" \
|
||||
"paddq %%mm5, %%mm2 \n\t" \
|
||||
"movd %%mm1, 8(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"paddq %%mm7, %%mm1 \n\t" \
|
||||
"movd 20(%%edi), %%mm5 \n\t" \
|
||||
"paddq %%mm5, %%mm4 \n\t" \
|
||||
"movd %%mm1, 12(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"paddq %%mm2, %%mm1 \n\t" \
|
||||
"movd 24(%%edi), %%mm5 \n\t" \
|
||||
"paddq %%mm5, %%mm6 \n\t" \
|
||||
"movd %%mm1, 16(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"paddq %%mm4, %%mm1 \n\t" \
|
||||
"movd 28(%%edi), %%mm5 \n\t" \
|
||||
"paddq %%mm5, %%mm3 \n\t" \
|
||||
"movd %%mm1, 20(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"paddq %%mm6, %%mm1 \n\t" \
|
||||
"movd %%mm1, 24(%%edi) \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"paddq %%mm3, %%mm1 \n\t" \
|
||||
"movd %%mm1, 28(%%edi) \n\t" \
|
||||
"addl $32, %%edi \n\t" \
|
||||
"addl $32, %%esi \n\t" \
|
||||
"psrlq $32, %%mm1 \n\t" \
|
||||
"movd %%mm1, %%ecx \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"emms \n\t" \
|
||||
"movl %4, %%ebx \n\t" \
|
||||
"movl %%ecx, %1 \n\t" \
|
||||
"movl %%edi, %2 \n\t" \
|
||||
"movl %%esi, %3 \n\t" \
|
||||
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "eax", "ebx", "ecx", "edx", "esi", "edi" \
|
||||
);
|
||||
|
||||
#else
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"movl %4, %%ebx \n\t" \
|
||||
"movl %%ecx, %1 \n\t" \
|
||||
"movl %%edi, %2 \n\t" \
|
||||
"movl %%esi, %3 \n\t" \
|
||||
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "eax", "ebx", "ecx", "edx", "esi", "edi" \
|
||||
);
|
||||
#endif /* SSE2 */
|
||||
#endif /* i386 */
|
||||
|
||||
#if defined(__amd64__) || defined (__x86_64__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"xorq %%r8, %%r8\n"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"movq (%%rsi), %%rax\n" \
|
||||
"mulq %%rbx\n" \
|
||||
"addq $8, %%rsi\n" \
|
||||
"addq %%rcx, %%rax\n" \
|
||||
"movq %%r8, %%rcx\n" \
|
||||
"adcq $0, %%rdx\n" \
|
||||
"nop \n" \
|
||||
"addq %%rax, (%%rdi)\n" \
|
||||
"adcq %%rdx, %%rcx\n" \
|
||||
"addq $8, %%rdi\n"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
: "+c" (c), "+D" (d), "+S" (s) \
|
||||
: "b" (b) \
|
||||
: "rax", "rdx", "r8" \
|
||||
);
|
||||
|
||||
#endif /* AMD64 */
|
||||
|
||||
#if defined(__mc68020__) || defined(__mcpu32__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"movl %3, %%a2 \n\t" \
|
||||
"movl %4, %%a3 \n\t" \
|
||||
"movl %5, %%d3 \n\t" \
|
||||
"movl %6, %%d2 \n\t" \
|
||||
"moveq #0, %%d0 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d4:%%d1 \n\t" \
|
||||
"addl %%d3, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d4 \n\t" \
|
||||
"moveq #0, %%d3 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"addxl %%d4, %%d3 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"movl %%d3, %0 \n\t" \
|
||||
"movl %%a3, %1 \n\t" \
|
||||
"movl %%a2, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "d0", "d1", "d2", "d3", "d4", "a2", "a3" \
|
||||
);
|
||||
|
||||
#define MULADDC_HUIT \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d4:%%d1 \n\t" \
|
||||
"addxl %%d3, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d4 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d3:%%d1 \n\t" \
|
||||
"addxl %%d4, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d3 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d4:%%d1 \n\t" \
|
||||
"addxl %%d3, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d4 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d3:%%d1 \n\t" \
|
||||
"addxl %%d4, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d3 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d4:%%d1 \n\t" \
|
||||
"addxl %%d3, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d4 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d3:%%d1 \n\t" \
|
||||
"addxl %%d4, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d3 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d4:%%d1 \n\t" \
|
||||
"addxl %%d3, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d4 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"movel %%a2@+, %%d1 \n\t" \
|
||||
"mulul %%d2, %%d3:%%d1 \n\t" \
|
||||
"addxl %%d4, %%d1 \n\t" \
|
||||
"addxl %%d0, %%d3 \n\t" \
|
||||
"addl %%d1, %%a3@+ \n\t" \
|
||||
"addxl %%d0, %%d3 \n\t"
|
||||
|
||||
#endif /* MC68000 */
|
||||
|
||||
#if defined(__powerpc64__) || defined(__ppc64__)
|
||||
|
||||
#if defined(__MACH__) && defined(__APPLE__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ld r3, %3 \n\t" \
|
||||
"ld r4, %4 \n\t" \
|
||||
"ld r5, %5 \n\t" \
|
||||
"ld r6, %6 \n\t" \
|
||||
"addi r3, r3, -8 \n\t" \
|
||||
"addi r4, r4, -8 \n\t" \
|
||||
"addic r5, r5, 0 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldu r7, 8(r3) \n\t" \
|
||||
"mulld r8, r7, r6 \n\t" \
|
||||
"mulhdu r9, r7, r6 \n\t" \
|
||||
"adde r8, r8, r5 \n\t" \
|
||||
"ld r7, 8(r4) \n\t" \
|
||||
"addze r5, r9 \n\t" \
|
||||
"addc r8, r8, r7 \n\t" \
|
||||
"stdu r8, 8(r4) \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"addze r5, r5 \n\t" \
|
||||
"addi r4, r4, 8 \n\t" \
|
||||
"addi r3, r3, 8 \n\t" \
|
||||
"std r5, %0 \n\t" \
|
||||
"std r4, %1 \n\t" \
|
||||
"std r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
|
||||
);
|
||||
|
||||
|
||||
#else /* __MACH__ && __APPLE__ */
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ld %%r3, %3 \n\t" \
|
||||
"ld %%r4, %4 \n\t" \
|
||||
"ld %%r5, %5 \n\t" \
|
||||
"ld %%r6, %6 \n\t" \
|
||||
"addi %%r3, %%r3, -8 \n\t" \
|
||||
"addi %%r4, %%r4, -8 \n\t" \
|
||||
"addic %%r5, %%r5, 0 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldu %%r7, 8(%%r3) \n\t" \
|
||||
"mulld %%r8, %%r7, %%r6 \n\t" \
|
||||
"mulhdu %%r9, %%r7, %%r6 \n\t" \
|
||||
"adde %%r8, %%r8, %%r5 \n\t" \
|
||||
"ld %%r7, 8(%%r4) \n\t" \
|
||||
"addze %%r5, %%r9 \n\t" \
|
||||
"addc %%r8, %%r8, %%r7 \n\t" \
|
||||
"stdu %%r8, 8(%%r4) \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"addze %%r5, %%r5 \n\t" \
|
||||
"addi %%r4, %%r4, 8 \n\t" \
|
||||
"addi %%r3, %%r3, 8 \n\t" \
|
||||
"std %%r5, %0 \n\t" \
|
||||
"std %%r4, %1 \n\t" \
|
||||
"std %%r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
|
||||
);
|
||||
|
||||
#endif /* __MACH__ && __APPLE__ */
|
||||
|
||||
#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */
|
||||
|
||||
#if defined(__MACH__) && defined(__APPLE__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"lwz r3, %3 \n\t" \
|
||||
"lwz r4, %4 \n\t" \
|
||||
"lwz r5, %5 \n\t" \
|
||||
"lwz r6, %6 \n\t" \
|
||||
"addi r3, r3, -4 \n\t" \
|
||||
"addi r4, r4, -4 \n\t" \
|
||||
"addic r5, r5, 0 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"lwzu r7, 4(r3) \n\t" \
|
||||
"mullw r8, r7, r6 \n\t" \
|
||||
"mulhwu r9, r7, r6 \n\t" \
|
||||
"adde r8, r8, r5 \n\t" \
|
||||
"lwz r7, 4(r4) \n\t" \
|
||||
"addze r5, r9 \n\t" \
|
||||
"addc r8, r8, r7 \n\t" \
|
||||
"stwu r8, 4(r4) \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"addze r5, r5 \n\t" \
|
||||
"addi r4, r4, 4 \n\t" \
|
||||
"addi r3, r3, 4 \n\t" \
|
||||
"stw r5, %0 \n\t" \
|
||||
"stw r4, %1 \n\t" \
|
||||
"stw r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
|
||||
);
|
||||
|
||||
#else /* __MACH__ && __APPLE__ */
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"lwz %%r3, %3 \n\t" \
|
||||
"lwz %%r4, %4 \n\t" \
|
||||
"lwz %%r5, %5 \n\t" \
|
||||
"lwz %%r6, %6 \n\t" \
|
||||
"addi %%r3, %%r3, -4 \n\t" \
|
||||
"addi %%r4, %%r4, -4 \n\t" \
|
||||
"addic %%r5, %%r5, 0 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"lwzu %%r7, 4(%%r3) \n\t" \
|
||||
"mullw %%r8, %%r7, %%r6 \n\t" \
|
||||
"mulhwu %%r9, %%r7, %%r6 \n\t" \
|
||||
"adde %%r8, %%r8, %%r5 \n\t" \
|
||||
"lwz %%r7, 4(%%r4) \n\t" \
|
||||
"addze %%r5, %%r9 \n\t" \
|
||||
"addc %%r8, %%r8, %%r7 \n\t" \
|
||||
"stwu %%r8, 4(%%r4) \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"addze %%r5, %%r5 \n\t" \
|
||||
"addi %%r4, %%r4, 4 \n\t" \
|
||||
"addi %%r3, %%r3, 4 \n\t" \
|
||||
"stw %%r5, %0 \n\t" \
|
||||
"stw %%r4, %1 \n\t" \
|
||||
"stw %%r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
|
||||
);
|
||||
|
||||
#endif /* __MACH__ && __APPLE__ */
|
||||
|
||||
#endif /* PPC32 */
|
||||
|
||||
/*
|
||||
* The Sparc(64) assembly is reported to be broken.
|
||||
* Disable it for now, until we're able to fix it.
|
||||
*/
|
||||
#if 0 && defined(__sparc__)
|
||||
#if defined(__sparc64__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ldx %3, %%o0 \n\t" \
|
||||
"ldx %4, %%o1 \n\t" \
|
||||
"ld %5, %%o2 \n\t" \
|
||||
"ld %6, %%o3 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ld [%%o0], %%o4 \n\t" \
|
||||
"inc 4, %%o0 \n\t" \
|
||||
"ld [%%o1], %%o5 \n\t" \
|
||||
"umul %%o3, %%o4, %%o4 \n\t" \
|
||||
"addcc %%o4, %%o2, %%o4 \n\t" \
|
||||
"rd %%y, %%g1 \n\t" \
|
||||
"addx %%g1, 0, %%g1 \n\t" \
|
||||
"addcc %%o4, %%o5, %%o4 \n\t" \
|
||||
"st %%o4, [%%o1] \n\t" \
|
||||
"addx %%g1, 0, %%o2 \n\t" \
|
||||
"inc 4, %%o1 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"st %%o2, %0 \n\t" \
|
||||
"stx %%o1, %1 \n\t" \
|
||||
"stx %%o0, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "g1", "o0", "o1", "o2", "o3", "o4", \
|
||||
"o5" \
|
||||
);
|
||||
|
||||
#else /* __sparc64__ */
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ld %3, %%o0 \n\t" \
|
||||
"ld %4, %%o1 \n\t" \
|
||||
"ld %5, %%o2 \n\t" \
|
||||
"ld %6, %%o3 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ld [%%o0], %%o4 \n\t" \
|
||||
"inc 4, %%o0 \n\t" \
|
||||
"ld [%%o1], %%o5 \n\t" \
|
||||
"umul %%o3, %%o4, %%o4 \n\t" \
|
||||
"addcc %%o4, %%o2, %%o4 \n\t" \
|
||||
"rd %%y, %%g1 \n\t" \
|
||||
"addx %%g1, 0, %%g1 \n\t" \
|
||||
"addcc %%o4, %%o5, %%o4 \n\t" \
|
||||
"st %%o4, [%%o1] \n\t" \
|
||||
"addx %%g1, 0, %%o2 \n\t" \
|
||||
"inc 4, %%o1 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"st %%o2, %0 \n\t" \
|
||||
"st %%o1, %1 \n\t" \
|
||||
"st %%o0, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "g1", "o0", "o1", "o2", "o3", "o4", \
|
||||
"o5" \
|
||||
);
|
||||
|
||||
#endif /* __sparc64__ */
|
||||
#endif /* __sparc__ */
|
||||
|
||||
#if defined(__microblaze__) || defined(microblaze)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"lwi r3, %3 \n\t" \
|
||||
"lwi r4, %4 \n\t" \
|
||||
"lwi r5, %5 \n\t" \
|
||||
"lwi r6, %6 \n\t" \
|
||||
"andi r7, r6, 0xffff \n\t" \
|
||||
"bsrli r6, r6, 16 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"lhui r8, r3, 0 \n\t" \
|
||||
"addi r3, r3, 2 \n\t" \
|
||||
"lhui r9, r3, 0 \n\t" \
|
||||
"addi r3, r3, 2 \n\t" \
|
||||
"mul r10, r9, r6 \n\t" \
|
||||
"mul r11, r8, r7 \n\t" \
|
||||
"mul r12, r9, r7 \n\t" \
|
||||
"mul r13, r8, r6 \n\t" \
|
||||
"bsrli r8, r10, 16 \n\t" \
|
||||
"bsrli r9, r11, 16 \n\t" \
|
||||
"add r13, r13, r8 \n\t" \
|
||||
"add r13, r13, r9 \n\t" \
|
||||
"bslli r10, r10, 16 \n\t" \
|
||||
"bslli r11, r11, 16 \n\t" \
|
||||
"add r12, r12, r10 \n\t" \
|
||||
"addc r13, r13, r0 \n\t" \
|
||||
"add r12, r12, r11 \n\t" \
|
||||
"addc r13, r13, r0 \n\t" \
|
||||
"lwi r10, r4, 0 \n\t" \
|
||||
"add r12, r12, r10 \n\t" \
|
||||
"addc r13, r13, r0 \n\t" \
|
||||
"add r12, r12, r5 \n\t" \
|
||||
"addc r5, r13, r0 \n\t" \
|
||||
"swi r12, r4, 0 \n\t" \
|
||||
"addi r4, r4, 4 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"swi r5, %0 \n\t" \
|
||||
"swi r4, %1 \n\t" \
|
||||
"swi r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", \
|
||||
"r9", "r10", "r11", "r12", "r13" \
|
||||
);
|
||||
|
||||
#endif /* MicroBlaze */
|
||||
|
||||
#if defined(__tricore__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ld.a %%a2, %3 \n\t" \
|
||||
"ld.a %%a3, %4 \n\t" \
|
||||
"ld.w %%d4, %5 \n\t" \
|
||||
"ld.w %%d1, %6 \n\t" \
|
||||
"xor %%d5, %%d5 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ld.w %%d0, [%%a2+] \n\t" \
|
||||
"madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \
|
||||
"ld.w %%d0, [%%a3] \n\t" \
|
||||
"addx %%d2, %%d2, %%d0 \n\t" \
|
||||
"addc %%d3, %%d3, 0 \n\t" \
|
||||
"mov %%d4, %%d3 \n\t" \
|
||||
"st.w [%%a3+], %%d2 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"st.w %0, %%d4 \n\t" \
|
||||
"st.a %1, %%a3 \n\t" \
|
||||
"st.a %2, %%a2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "d0", "d1", "e2", "d4", "a2", "a3" \
|
||||
);
|
||||
|
||||
#endif /* TriCore */
|
||||
|
||||
/*
|
||||
* Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
|
||||
* our use of r7 below, unless -fomit-frame-pointer is passed.
|
||||
*
|
||||
* On the other hand, -fomit-frame-pointer is implied by any -Ox options with
|
||||
* x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
|
||||
* clang and armcc5 under the same conditions).
|
||||
*
|
||||
* So, only use the optimized assembly below for optimized build, which avoids
|
||||
* the build error and is pretty reasonable anyway.
|
||||
*/
|
||||
#if defined(__GNUC__) && !defined(__OPTIMIZE__)
|
||||
#define MULADDC_CANNOT_USE_R7
|
||||
#endif
|
||||
|
||||
#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
|
||||
|
||||
#if defined(__thumb__) && !defined(__thumb2__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ldr r0, %3 \n\t" \
|
||||
"ldr r1, %4 \n\t" \
|
||||
"ldr r2, %5 \n\t" \
|
||||
"ldr r3, %6 \n\t" \
|
||||
"lsr r7, r3, #16 \n\t" \
|
||||
"mov r9, r7 \n\t" \
|
||||
"lsl r7, r3, #16 \n\t" \
|
||||
"lsr r7, r7, #16 \n\t" \
|
||||
"mov r8, r7 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldmia r0!, {r6} \n\t" \
|
||||
"lsr r7, r6, #16 \n\t" \
|
||||
"lsl r6, r6, #16 \n\t" \
|
||||
"lsr r6, r6, #16 \n\t" \
|
||||
"mov r4, r8 \n\t" \
|
||||
"mul r4, r6 \n\t" \
|
||||
"mov r3, r9 \n\t" \
|
||||
"mul r6, r3 \n\t" \
|
||||
"mov r5, r9 \n\t" \
|
||||
"mul r5, r7 \n\t" \
|
||||
"mov r3, r8 \n\t" \
|
||||
"mul r7, r3 \n\t" \
|
||||
"lsr r3, r6, #16 \n\t" \
|
||||
"add r5, r5, r3 \n\t" \
|
||||
"lsr r3, r7, #16 \n\t" \
|
||||
"add r5, r5, r3 \n\t" \
|
||||
"add r4, r4, r2 \n\t" \
|
||||
"mov r2, #0 \n\t" \
|
||||
"adc r5, r2 \n\t" \
|
||||
"lsl r3, r6, #16 \n\t" \
|
||||
"add r4, r4, r3 \n\t" \
|
||||
"adc r5, r2 \n\t" \
|
||||
"lsl r3, r7, #16 \n\t" \
|
||||
"add r4, r4, r3 \n\t" \
|
||||
"adc r5, r2 \n\t" \
|
||||
"ldr r3, [r1] \n\t" \
|
||||
"add r4, r4, r3 \n\t" \
|
||||
"adc r2, r5 \n\t" \
|
||||
"stmia r1!, {r4} \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"str r2, %0 \n\t" \
|
||||
"str r1, %1 \n\t" \
|
||||
"str r0, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r0", "r1", "r2", "r3", "r4", "r5", \
|
||||
"r6", "r7", "r8", "r9", "cc" \
|
||||
);
|
||||
|
||||
#elif (__ARM_ARCH >= 6) && \
|
||||
defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm(
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldr r0, [%0], #4 \n\t" \
|
||||
"ldr r1, [%1] \n\t" \
|
||||
"umaal r1, %2, %3, r0 \n\t" \
|
||||
"str r1, [%1], #4 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
: "=r" (s), "=r" (d), "=r" (c) \
|
||||
: "r" (b), "0" (s), "1" (d), "2" (c) \
|
||||
: "r0", "r1", "memory" \
|
||||
);
|
||||
|
||||
#else
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ldr r0, %3 \n\t" \
|
||||
"ldr r1, %4 \n\t" \
|
||||
"ldr r2, %5 \n\t" \
|
||||
"ldr r3, %6 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldr r4, [r0], #4 \n\t" \
|
||||
"mov r5, #0 \n\t" \
|
||||
"ldr r6, [r1] \n\t" \
|
||||
"umlal r2, r5, r3, r4 \n\t" \
|
||||
"adds r7, r6, r2 \n\t" \
|
||||
"adc r2, r5, #0 \n\t" \
|
||||
"str r7, [r1], #4 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"str r2, %0 \n\t" \
|
||||
"str r1, %1 \n\t" \
|
||||
"str r0, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r0", "r1", "r2", "r3", "r4", "r5", \
|
||||
"r6", "r7", "cc" \
|
||||
);
|
||||
|
||||
#endif /* Thumb */
|
||||
|
||||
#endif /* ARMv3 */
|
||||
|
||||
#if defined(__alpha__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"ldq $1, %3 \n\t" \
|
||||
"ldq $2, %4 \n\t" \
|
||||
"ldq $3, %5 \n\t" \
|
||||
"ldq $4, %6 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"ldq $6, 0($1) \n\t" \
|
||||
"addq $1, 8, $1 \n\t" \
|
||||
"mulq $6, $4, $7 \n\t" \
|
||||
"umulh $6, $4, $6 \n\t" \
|
||||
"addq $7, $3, $7 \n\t" \
|
||||
"cmpult $7, $3, $3 \n\t" \
|
||||
"ldq $5, 0($2) \n\t" \
|
||||
"addq $7, $5, $7 \n\t" \
|
||||
"cmpult $7, $5, $5 \n\t" \
|
||||
"stq $7, 0($2) \n\t" \
|
||||
"addq $2, 8, $2 \n\t" \
|
||||
"addq $6, $3, $3 \n\t" \
|
||||
"addq $5, $3, $3 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"stq $3, %0 \n\t" \
|
||||
"stq $2, %1 \n\t" \
|
||||
"stq $1, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "$1", "$2", "$3", "$4", "$5", "$6", "$7" \
|
||||
);
|
||||
#endif /* Alpha */
|
||||
|
||||
#if defined(__mips__) && !defined(__mips64)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"lw $10, %3 \n\t" \
|
||||
"lw $11, %4 \n\t" \
|
||||
"lw $12, %5 \n\t" \
|
||||
"lw $13, %6 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
"lw $14, 0($10) \n\t" \
|
||||
"multu $13, $14 \n\t" \
|
||||
"addi $10, $10, 4 \n\t" \
|
||||
"mflo $14 \n\t" \
|
||||
"mfhi $9 \n\t" \
|
||||
"addu $14, $12, $14 \n\t" \
|
||||
"lw $15, 0($11) \n\t" \
|
||||
"sltu $12, $14, $12 \n\t" \
|
||||
"addu $15, $14, $15 \n\t" \
|
||||
"sltu $14, $15, $14 \n\t" \
|
||||
"addu $12, $12, $9 \n\t" \
|
||||
"sw $15, 0($11) \n\t" \
|
||||
"addu $12, $12, $14 \n\t" \
|
||||
"addi $11, $11, 4 \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"sw $12, %0 \n\t" \
|
||||
"sw $11, %1 \n\t" \
|
||||
"sw $10, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
|
||||
);
|
||||
|
||||
#endif /* MIPS */
|
||||
#endif /* GNUC */
|
||||
|
||||
#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
__asm mov esi, s \
|
||||
__asm mov edi, d \
|
||||
__asm mov ecx, c \
|
||||
__asm mov ebx, b
|
||||
|
||||
#define MULADDC_CORE \
|
||||
__asm lodsd \
|
||||
__asm mul ebx \
|
||||
__asm add eax, ecx \
|
||||
__asm adc edx, 0 \
|
||||
__asm add eax, [edi] \
|
||||
__asm adc edx, 0 \
|
||||
__asm mov ecx, edx \
|
||||
__asm stosd
|
||||
|
||||
#if defined(MBEDTLS_HAVE_SSE2)
|
||||
|
||||
#define EMIT __asm _emit
|
||||
|
||||
#define MULADDC_HUIT \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0xC9 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0xC3 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x1F \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x16 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCA \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xDC \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xEE \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xFC \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x0F \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \
|
||||
EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCD \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCF \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCA \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCC \
|
||||
EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xDD \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCE \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0xD4 EMIT 0xCB \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \
|
||||
EMIT 0x83 EMIT 0xC7 EMIT 0x20 \
|
||||
EMIT 0x83 EMIT 0xC6 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \
|
||||
EMIT 0x0F EMIT 0x7E EMIT 0xC9
|
||||
|
||||
#define MULADDC_STOP \
|
||||
EMIT 0x0F EMIT 0x77 \
|
||||
__asm mov c, ecx \
|
||||
__asm mov d, edi \
|
||||
__asm mov s, esi \
|
||||
|
||||
#else
|
||||
|
||||
#define MULADDC_STOP \
|
||||
__asm mov c, ecx \
|
||||
__asm mov d, edi \
|
||||
__asm mov s, esi \
|
||||
|
||||
#endif /* SSE2 */
|
||||
#endif /* MSVC */
|
||||
|
||||
#endif /* MBEDTLS_HAVE_ASM */
|
||||
|
||||
#if !defined(MULADDC_CORE)
|
||||
#if defined(MBEDTLS_HAVE_UDBL)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
{ \
|
||||
mbedtls_t_udbl r; \
|
||||
mbedtls_mpi_uint r0, r1;
|
||||
|
||||
#define MULADDC_CORE \
|
||||
r = *(s++) * (mbedtls_t_udbl) b; \
|
||||
r0 = (mbedtls_mpi_uint) r; \
|
||||
r1 = (mbedtls_mpi_uint)( r >> biL ); \
|
||||
r0 += c; r1 += (r0 < c); \
|
||||
r0 += *d; r1 += (r0 < *d); \
|
||||
c = r1; *(d++) = r0;
|
||||
|
||||
#define MULADDC_STOP \
|
||||
}
|
||||
|
||||
#else
|
||||
#define MULADDC_INIT \
|
||||
{ \
|
||||
mbedtls_mpi_uint s0, s1, b0, b1; \
|
||||
mbedtls_mpi_uint r0, r1, rx, ry; \
|
||||
b0 = ( b << biH ) >> biH; \
|
||||
b1 = ( b >> biH );
|
||||
|
||||
#define MULADDC_CORE \
|
||||
s0 = ( *s << biH ) >> biH; \
|
||||
s1 = ( *s >> biH ); s++; \
|
||||
rx = s0 * b1; r0 = s0 * b0; \
|
||||
ry = s1 * b0; r1 = s1 * b1; \
|
||||
r1 += ( rx >> biH ); \
|
||||
r1 += ( ry >> biH ); \
|
||||
rx <<= biH; ry <<= biH; \
|
||||
r0 += rx; r1 += (r0 < rx); \
|
||||
r0 += ry; r1 += (r0 < ry); \
|
||||
r0 += c; r1 += (r0 < c); \
|
||||
r0 += *d; r1 += (r0 < *d); \
|
||||
c = r1; *(d++) = r0;
|
||||
|
||||
#define MULADDC_STOP \
|
||||
}
|
||||
|
||||
#endif /* C (generic) */
|
||||
#endif /* C (longlong) */
|
||||
|
||||
#endif /* bn_mul.h */
|
|
@ -1,326 +0,0 @@
|
|||
/**
|
||||
* \file camellia.h
|
||||
*
|
||||
* \brief Camellia block cipher
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_CAMELLIA_H
|
||||
#define MBEDTLS_CAMELLIA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_CAMELLIA_ENCRYPT 1
|
||||
#define MBEDTLS_CAMELLIA_DECRYPT 0
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA context structure
|
||||
*/
|
||||
typedef struct mbedtls_camellia_context
|
||||
{
|
||||
int nr; /*!< number of rounds */
|
||||
uint32_t rk[68]; /*!< CAMELLIA round keys */
|
||||
}
|
||||
mbedtls_camellia_context;
|
||||
|
||||
#else /* MBEDTLS_CAMELLIA_ALT */
|
||||
#include "camellia_alt.h"
|
||||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize a CAMELLIA context.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to be initialized.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear a CAMELLIA context.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to be cleared. This may be \c NULL,
|
||||
* in which case this function returns immediately. If it is not
|
||||
* \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Perform a CAMELLIA key schedule operation for encryption.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized.
|
||||
* \param key The encryption key to use. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be either \c 128,
|
||||
* \c 192 or \c 256.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Perform a CAMELLIA key schedule operation for decryption.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized.
|
||||
* \param key The decryption key. This must be a readable buffer
|
||||
* of size \p keybits Bits.
|
||||
* \param keybits The length of \p key in Bits. This must be either \c 128,
|
||||
* \c 192 or \c 256.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param input The input block. This must be a readable buffer
|
||||
* of size \c 16 Bytes.
|
||||
* \param output The output block. This must be a writable buffer
|
||||
* of size \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param length The length in Bytes of the input data \p input.
|
||||
* This must be a multiple of \c 16 Bytes.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 16 Bytes. It is updated to allow streaming
|
||||
* use as explained above.
|
||||
* \param input The buffer holding the input data. This must point to a
|
||||
* readable buffer of length \p length Bytes.
|
||||
* \param output The buffer holding the output data. This must point to a
|
||||
* writable buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption
|
||||
* operation.
|
||||
*
|
||||
* \note Due to the nature of CFB mode, you should use the same
|
||||
* key for both encryption and decryption. In particular, calls
|
||||
* to this function should be preceded by a key-schedule via
|
||||
* mbedtls_camellia_setkey_enc() regardless of whether \p mode
|
||||
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
* \param length The length of the input data \p input. Any value is allowed.
|
||||
* \param iv_off The current offset in the IV. This must be smaller
|
||||
* than \c 16 Bytes. It is updated after this call to allow
|
||||
* the aforementioned streaming usage.
|
||||
* \param iv The initialization vector. This must be a read/write buffer
|
||||
* of length \c 16 Bytes. It is updated after this call to
|
||||
* allow the aforementioned streaming usage.
|
||||
* \param input The buffer holding the input data. This must be a readable
|
||||
* buffer of size \p length Bytes.
|
||||
* \param output The buffer to hold the output data. This must be a writable
|
||||
* buffer of length \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation.
|
||||
*
|
||||
* *note Due to the nature of CTR mode, you should use the same
|
||||
* key for both encryption and decryption. In particular, calls
|
||||
* to this function should be preceded by a key-schedule via
|
||||
* mbedtls_camellia_setkey_enc() regardless of whether \p mode
|
||||
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first \c 12 Bytes for the
|
||||
* per-message nonce, and the last \c 4 Bytes for internal use.
|
||||
* In that case, before calling this function on a new message you
|
||||
* need to set the first \c 12 Bytes of \p nonce_counter to your
|
||||
* chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
|
||||
* (which will cause \p stream_block to be ignored). That way, you
|
||||
* can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
|
||||
* each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be
|
||||
* unique. The recommended way to ensure uniqueness is to use a
|
||||
* message counter. An alternative is to generate random nonces,
|
||||
* but this limits the number of messages that can be securely
|
||||
* encrypted: for example, with 96-bit random nonces, you should
|
||||
* not encrypt more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a CAMELLIA block is \c 16 Bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The CAMELLIA context to use. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param length The length of the input data \p input in Bytes.
|
||||
* Any value is allowed.
|
||||
* \param nc_off The offset in the current \p stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be \c 0 at the start of a stream. It is updated
|
||||
* at the end of this call.
|
||||
* \param nonce_counter The 128-bit nonce and counter. This must be a read/write
|
||||
* buffer of length \c 16 Bytes.
|
||||
* \param stream_block The saved stream-block for resuming. This must be a
|
||||
* read/write buffer of length \c 16 Bytes.
|
||||
* \param input The input data stream. This must be a readable buffer of
|
||||
* size \p length Bytes.
|
||||
* \param output The output data stream. This must be a writable buffer
|
||||
* of size \p length Bytes.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[16],
|
||||
unsigned char stream_block[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_camellia_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* camellia.h */
|
|
@ -1,310 +0,0 @@
|
|||
/**
|
||||
* \file ccm.h
|
||||
*
|
||||
* \brief This file provides an API for the CCM authenticated encryption
|
||||
* mode for block ciphers.
|
||||
*
|
||||
* CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
*
|
||||
* Input to CCM includes the following elements:
|
||||
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
|
||||
* <li>Associated data (Adata) - data that is authenticated but not
|
||||
* encrypted, For example, a header.</li>
|
||||
* <li>Nonce - A unique value that is assigned to the payload and the
|
||||
* associated data.</li></ul>
|
||||
*
|
||||
* Definition of CCM:
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
|
||||
* RFC 3610 "Counter with CBC-MAC (CCM)"
|
||||
*
|
||||
* Related:
|
||||
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
|
||||
*
|
||||
* Definition of CCM*:
|
||||
* IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
|
||||
* Integer representation is fixed most-significant-octet-first order and
|
||||
* the representation of octets is most-significant-bit-first order. This is
|
||||
* consistent with RFC 3610.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CCM_H
|
||||
#define MBEDTLS_CCM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
|
||||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
|
||||
/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The CCM context-type definition. The CCM context is passed
|
||||
* to the APIs called.
|
||||
*/
|
||||
typedef struct mbedtls_ccm_context
|
||||
{
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
}
|
||||
mbedtls_ccm_context;
|
||||
|
||||
#else /* MBEDTLS_CCM_ALT */
|
||||
#include "ccm_alt.h"
|
||||
#endif /* MBEDTLS_CCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified CCM context,
|
||||
* to make references valid, and prepare the context
|
||||
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
|
||||
*
|
||||
* \param ctx The CCM context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function initializes the CCM context set in the
|
||||
* \p ctx parameter and sets the encryption key.
|
||||
*
|
||||
* \param ctx The CCM context to initialize. This must be an initialized
|
||||
* context.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key. This must not be \c NULL.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified CCM context
|
||||
* and underlying cipher sub-context.
|
||||
*
|
||||
* \param ctx The CCM context to clear. If this is \c NULL, the function
|
||||
* has no effect. Otherwise, this must be initialized.
|
||||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function encrypts a buffer using CCM.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field. If \p add_len is greater than
|
||||
* zero, \p add must be a readable buffer of at least that
|
||||
* length.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* This must be less than `2^16 - 2^8`.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function encrypts a buffer using CCM*.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \note When using this function in a variable tag length context,
|
||||
* the tag length has to be encoded into the \p iv passed to
|
||||
* this function.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field. This must be a readable buffer of
|
||||
* at least \p add_len Bytes.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 0, 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \warning Passing \c 0 as \p tag_len means that the message is no
|
||||
* longer authenticated.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function performs a CCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \param ctx The CCM context to use for decryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field. This must be a readable buffer
|
||||
* of at least that \p add_len Bytes..
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return \c 0 on success. This indicates that the message is authentic.
|
||||
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return A cipher-specific error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function performs a CCM* authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note When using this function in a variable tag length context,
|
||||
* the tag length has to be decoded from \p iv and passed to
|
||||
* this function as \p tag_len. (\p tag needs to be adjusted
|
||||
* accordingly.)
|
||||
*
|
||||
* \param ctx The CCM context to use for decryption. This must be
|
||||
* initialized and bound to a key.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv The initialization vector (nonce). This must be a readable
|
||||
* buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
|
||||
* or 13. The length L of the message length field is
|
||||
* 15 - \p iv_len.
|
||||
* \param add The additional data field. This must be a readable buffer of
|
||||
* at least that \p add_len Bytes.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* This must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, \p input must be a readable buffer of at least
|
||||
* that length.
|
||||
* \param output The buffer holding the output data. If \p length is greater
|
||||
* than zero, \p output must be a writable buffer of at least
|
||||
* that length.
|
||||
* \param tag The buffer holding the authentication field. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication field in Bytes.
|
||||
* 0, 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \warning Passing \c 0 as \p tag_len means that the message is nos
|
||||
* longer authenticated.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return A cipher-specific error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief The CCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ccm_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CCM_H */
|
|
@ -25,7 +25,7 @@
|
|||
#define MBEDTLS_CERTS_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
|
|
@ -1,226 +0,0 @@
|
|||
/**
|
||||
* \file chacha20.h
|
||||
*
|
||||
* \brief This file contains ChaCha20 definitions and functions.
|
||||
*
|
||||
* ChaCha20 is a stream cipher that can encrypt and decrypt
|
||||
* information. ChaCha was created by Daniel Bernstein as a variant of
|
||||
* its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
|
||||
* ChaCha20 is the variant with 20 rounds, that was also standardized
|
||||
* in RFC 7539.
|
||||
*
|
||||
* \author Daniel King <damaki.gh@gmail.com>
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHACHA20_H
|
||||
#define MBEDTLS_CHACHA20_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 /**< Invalid input parameter(s). */
|
||||
|
||||
/* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be
|
||||
* used. */
|
||||
#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */
|
||||
|
||||
/* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED -0x0055 /**< Chacha20 hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CHACHA20_ALT)
|
||||
|
||||
typedef struct mbedtls_chacha20_context
|
||||
{
|
||||
uint32_t state[16]; /*! The state (before round operations). */
|
||||
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
|
||||
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
|
||||
}
|
||||
mbedtls_chacha20_context;
|
||||
|
||||
#else /* MBEDTLS_CHACHA20_ALT */
|
||||
#include "chacha20_alt.h"
|
||||
#endif /* MBEDTLS_CHACHA20_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified ChaCha20 context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* It is usually followed by calls to
|
||||
* \c mbedtls_chacha20_setkey() and
|
||||
* \c mbedtls_chacha20_starts(), then one or more calls to
|
||||
* to \c mbedtls_chacha20_update(), and finally to
|
||||
* \c mbedtls_chacha20_free().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20 context.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to clear. This may be \c NULL,
|
||||
* in which case this function is a no-op. If it is not
|
||||
* \c NULL, it must point to an initialized context.
|
||||
*
|
||||
*/
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the encryption/decryption key.
|
||||
*
|
||||
* \note After using this function, you must also call
|
||||
* \c mbedtls_chacha20_starts() to set a nonce before you
|
||||
* start encrypting/decrypting data with
|
||||
* \c mbedtls_chacha_update().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the key should be bound.
|
||||
* It must be initialized.
|
||||
* \param key The encryption/decryption key. This must be \c 32 Bytes
|
||||
* in length.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
|
||||
*/
|
||||
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
||||
/**
|
||||
* \brief This function sets the nonce and initial counter value.
|
||||
*
|
||||
* \note A ChaCha20 context can be re-used with the same key by
|
||||
* calling this function to change the nonce.
|
||||
*
|
||||
* \warning You must never use the same nonce twice with the same key.
|
||||
* This would void any confidentiality guarantees for the
|
||||
* messages encrypted with the same nonce and key.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the nonce should be bound.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
|
||||
* NULL.
|
||||
*/
|
||||
int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
||||
const unsigned char nonce[12],
|
||||
uint32_t counter );
|
||||
|
||||
/**
|
||||
* \brief This function encrypts or decrypts data.
|
||||
*
|
||||
* Since ChaCha20 is a stream cipher, the same operation is
|
||||
* used for encrypting and decrypting data.
|
||||
*
|
||||
* \note The \p input and \p output pointers must either be equal or
|
||||
* point to non-overlapping buffers.
|
||||
*
|
||||
* \note \c mbedtls_chacha20_setkey() and
|
||||
* \c mbedtls_chacha20_starts() must be called at least once
|
||||
* to setup the context before this function can be called.
|
||||
*
|
||||
* \note This function can be called multiple times in a row in
|
||||
* order to encrypt of decrypt data piecewise with the same
|
||||
* key and nonce.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to use for encryption or decryption.
|
||||
* It must be initialized and bound to a key and nonce.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
||||
size_t size,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function encrypts or decrypts data with ChaCha20 and
|
||||
* the given key and nonce.
|
||||
*
|
||||
* Since ChaCha20 is a stream cipher, the same operation is
|
||||
* used for encrypting and decrypting data.
|
||||
*
|
||||
* \warning You must never use the same (key, nonce) pair more than
|
||||
* once. This would void any confidentiality guarantees for
|
||||
* the messages encrypted with the same nonce and key.
|
||||
*
|
||||
* \note The \p input and \p output pointers must either be equal or
|
||||
* point to non-overlapping buffers.
|
||||
*
|
||||
* \param key The encryption/decryption key.
|
||||
* This must be \c 32 Bytes in length.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_crypt( const unsigned char key[32],
|
||||
const unsigned char nonce[12],
|
||||
uint32_t counter,
|
||||
size_t size,
|
||||
const unsigned char* input,
|
||||
unsigned char* output );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief The ChaCha20 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CHACHA20_H */
|
|
@ -1,358 +0,0 @@
|
|||
/**
|
||||
* \file chachapoly.h
|
||||
*
|
||||
* \brief This file contains the AEAD-ChaCha20-Poly1305 definitions and
|
||||
* functions.
|
||||
*
|
||||
* ChaCha20-Poly1305 is an algorithm for Authenticated Encryption
|
||||
* with Associated Data (AEAD) that can be used to encrypt and
|
||||
* authenticate data. It is based on ChaCha20 and Poly1305 by Daniel
|
||||
* Bernstein and was standardized in RFC 7539.
|
||||
*
|
||||
* \author Daniel King <damaki.gh@gmail.com>
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHACHAPOLY_H
|
||||
#define MBEDTLS_CHACHAPOLY_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/* for shared error codes */
|
||||
#include "poly1305.h"
|
||||
|
||||
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 /**< The requested operation is not permitted in the current state. */
|
||||
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 /**< Authenticated decryption failed: data was not authentic. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
|
||||
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
|
||||
}
|
||||
mbedtls_chachapoly_mode_t;
|
||||
|
||||
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
|
||||
|
||||
#include "chacha20.h"
|
||||
|
||||
typedef struct mbedtls_chachapoly_context
|
||||
{
|
||||
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
|
||||
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
|
||||
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
|
||||
uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */
|
||||
int state; /**< The current state of the context. */
|
||||
mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */
|
||||
}
|
||||
mbedtls_chachapoly_context;
|
||||
|
||||
#else /* !MBEDTLS_CHACHAPOLY_ALT */
|
||||
#include "chachapoly_alt.h"
|
||||
#endif /* !MBEDTLS_CHACHAPOLY_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified ChaCha20-Poly1305 context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context. It must be followed by a call to
|
||||
* \c mbedtls_chachapoly_setkey() before any operation can be
|
||||
* done, and to \c mbedtls_chachapoly_free() once all
|
||||
* operations with that context have been finished.
|
||||
*
|
||||
* In order to encrypt or decrypt full messages at once, for
|
||||
* each message you should make a single call to
|
||||
* \c mbedtls_chachapoly_crypt_and_tag() or
|
||||
* \c mbedtls_chachapoly_auth_decrypt().
|
||||
*
|
||||
* In order to encrypt messages piecewise, for each
|
||||
* message you should make a call to
|
||||
* \c mbedtls_chachapoly_starts(), then 0 or more calls to
|
||||
* \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
|
||||
* \c mbedtls_chachapoly_update(), then one call to
|
||||
* \c mbedtls_chachapoly_finish().
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged! Always
|
||||
* use \c mbedtls_chachapoly_auth_decrypt() when possible!
|
||||
*
|
||||
* If however this is not possible because the data is too
|
||||
* large to fit in memory, you need to:
|
||||
*
|
||||
* - call \c mbedtls_chachapoly_starts() and (if needed)
|
||||
* \c mbedtls_chachapoly_update_aad() as above,
|
||||
* - call \c mbedtls_chachapoly_update() multiple times and
|
||||
* ensure its output (the plaintext) is NOT used in any other
|
||||
* way than placing it in temporary storage at this point,
|
||||
* - call \c mbedtls_chachapoly_finish() to compute the
|
||||
* authentication tag and compared it in constant time to the
|
||||
* tag received with the ciphertext.
|
||||
*
|
||||
* If the tags are not equal, you must immediately discard
|
||||
* all previous outputs of \c mbedtls_chachapoly_update(),
|
||||
* otherwise you can now safely use the plaintext.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20-Poly1305 context.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op.
|
||||
*/
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the ChaCha20-Poly1305
|
||||
* symmetric encryption key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to which the key should be
|
||||
* bound. This must be initialized.
|
||||
* \param key The \c 256 Bit (\c 32 Bytes) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
||||
/**
|
||||
* \brief This function starts a ChaCha20-Poly1305 encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* \warning You must never use the same nonce twice with the same key.
|
||||
* This would void any confidentiality and authenticity
|
||||
* guarantees for the messages encrypted with the same nonce
|
||||
* and key.
|
||||
*
|
||||
* \note If the context is being used for AAD only (no data to
|
||||
* encrypt or decrypt) then \p mode can be set to any value.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param nonce The nonce/IV to use for the message.
|
||||
* This must be a redable buffer of length \c 12 Bytes.
|
||||
* \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
|
||||
* #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char nonce[12],
|
||||
mbedtls_chachapoly_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief This function feeds additional data to be authenticated
|
||||
* into an ongoing ChaCha20-Poly1305 operation.
|
||||
*
|
||||
* The Additional Authenticated Data (AAD), also called
|
||||
* Associated Data (AD) is only authenticated but not
|
||||
* encrypted nor included in the encrypted output. It is
|
||||
* usually transmitted separately from the ciphertext or
|
||||
* computed locally by each party.
|
||||
*
|
||||
* \note This function is called before data is encrypted/decrypted.
|
||||
* I.e. call this function to process the AAD before calling
|
||||
* \c mbedtls_chachapoly_update().
|
||||
*
|
||||
* You may call this function multiple times to process
|
||||
* an arbitrary amount of AAD. It is permitted to call
|
||||
* this function 0 times, if no AAD is used.
|
||||
*
|
||||
* This function cannot be called any more if data has
|
||||
* been processed by \c mbedtls_chachapoly_update(),
|
||||
* or if the context has been finished.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param aad_len The length in Bytes of the AAD. The length has no
|
||||
* restrictions.
|
||||
* \param aad Buffer containing the AAD.
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p aad are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operations has not been started or has been
|
||||
* finished, or if the AAD has been finished.
|
||||
*/
|
||||
int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char *aad,
|
||||
size_t aad_len );
|
||||
|
||||
/**
|
||||
* \brief Thus function feeds data to be encrypted or decrypted
|
||||
* into an on-going ChaCha20-Poly1305
|
||||
* operation.
|
||||
*
|
||||
* The direction (encryption or decryption) depends on the
|
||||
* mode that was given when calling
|
||||
* \c mbedtls_chachapoly_starts().
|
||||
*
|
||||
* You may call this function multiple times to process
|
||||
* an arbitrary amount of data. It is permitted to call
|
||||
* this function 0 times, if no data is to be encrypted
|
||||
* or decrypted.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param len The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data is
|
||||
* written. This must be able to hold \p len bytes.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
||||
size_t len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function finished the ChaCha20-Poly1305 operation and
|
||||
* generates the MAC (authentication tag).
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param mac The buffer to where the 128-bit (16 bytes) MAC is written.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
||||
/**
|
||||
* \brief This function performs a complete ChaCha20-Poly1305
|
||||
* authenticated encryption with the previously-set key.
|
||||
*
|
||||
* \note Before using this function, you must set the key with
|
||||
* \c mbedtls_chachapoly_setkey().
|
||||
*
|
||||
* \warning You must never use the same nonce twice with the same key.
|
||||
* This would void any confidentiality and authenticity
|
||||
* guarantees for the messages encrypted with the same nonce
|
||||
* and key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* This must be initialized.
|
||||
* \param length The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated
|
||||
* data (AAD). This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data
|
||||
* is written. This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param tag The buffer to where the computed 128-bit (16 bytes) MAC
|
||||
* is written. This must not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char nonce[12],
|
||||
const unsigned char *aad,
|
||||
size_t aad_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned char tag[16] );
|
||||
|
||||
/**
|
||||
* \brief This function performs a complete ChaCha20-Poly1305
|
||||
* authenticated decryption with the previously-set key.
|
||||
*
|
||||
* \note Before using this function, you must set the key with
|
||||
* \c mbedtls_chachapoly_setkey().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* \param length The length (in Bytes) of the data to decrypt.
|
||||
* \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated data (AAD).
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param tag The buffer holding the authentication tag.
|
||||
* This must be a readable buffer of length \c 16 Bytes.
|
||||
* \param input The buffer containing the data to decrypt.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the decrypted data is written.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
|
||||
* if the data was not authentic.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char nonce[12],
|
||||
const unsigned char *aad,
|
||||
size_t aad_len,
|
||||
const unsigned char tag[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief The ChaCha20-Poly1305 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CHACHAPOLY_H */
|
|
@ -1,926 +0,0 @@
|
|||
/**
|
||||
* \file cipher.h
|
||||
*
|
||||
* \brief This file contains an abstraction interface for use with the cipher
|
||||
* primitives provided by the library. It provides a common interface to all of
|
||||
* the available cipher operations.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CIPHER_H
|
||||
#define MBEDTLS_CIPHER_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include "platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#define MBEDTLS_CIPHER_MODE_AEAD
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
|
||||
defined(MBEDTLS_CHACHA20_C)
|
||||
#define MBEDTLS_CIPHER_MODE_STREAM
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */
|
||||
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */
|
||||
|
||||
/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Supported cipher types.
|
||||
*
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
|
||||
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
|
||||
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
|
||||
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
|
||||
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
|
||||
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
|
||||
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
|
||||
} mbedtls_cipher_id_t;
|
||||
|
||||
/**
|
||||
* \brief Supported {cipher type, cipher mode} pairs.
|
||||
*
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
|
||||
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
|
||||
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
|
||||
MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
|
||||
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
|
||||
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
|
||||
MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
|
||||
MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
|
||||
MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
|
||||
MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
|
||||
MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
|
||||
MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
|
||||
MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
|
||||
MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
|
||||
MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
|
||||
} mbedtls_cipher_type_t;
|
||||
|
||||
/** Supported cipher modes. */
|
||||
typedef enum {
|
||||
MBEDTLS_MODE_NONE = 0, /**< None. */
|
||||
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
|
||||
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
|
||||
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
|
||||
MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
|
||||
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
|
||||
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
|
||||
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
|
||||
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
|
||||
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
|
||||
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
|
||||
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
|
||||
MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
|
||||
} mbedtls_cipher_mode_t;
|
||||
|
||||
/** Supported cipher padding types. */
|
||||
typedef enum {
|
||||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
|
||||
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
|
||||
} mbedtls_cipher_padding_t;
|
||||
|
||||
/** Type of operation. */
|
||||
typedef enum {
|
||||
MBEDTLS_OPERATION_NONE = -1,
|
||||
MBEDTLS_DECRYPT = 0,
|
||||
MBEDTLS_ENCRYPT,
|
||||
} mbedtls_operation_t;
|
||||
|
||||
enum {
|
||||
/** Undefined key length. */
|
||||
MBEDTLS_KEY_LENGTH_NONE = 0,
|
||||
/** Key length, in bits (including parity), for DES keys. */
|
||||
MBEDTLS_KEY_LENGTH_DES = 64,
|
||||
/** Key length in bits, including parity, for DES in two-key EDE. */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
|
||||
/** Key length in bits, including parity, for DES in three-key EDE. */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
|
||||
};
|
||||
|
||||
/** Maximum length of any IV, in Bytes. */
|
||||
#define MBEDTLS_MAX_IV_LENGTH 16
|
||||
/** Maximum block size of any cipher, in Bytes. */
|
||||
#define MBEDTLS_MAX_BLOCK_LENGTH 16
|
||||
|
||||
/**
|
||||
* Base cipher information (opaque struct).
|
||||
*/
|
||||
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
|
||||
|
||||
/**
|
||||
* CMAC context (opaque struct).
|
||||
*/
|
||||
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
||||
|
||||
/**
|
||||
* Cipher information. Allows calling cipher functions
|
||||
* in a generic way.
|
||||
*/
|
||||
typedef struct mbedtls_cipher_info_t
|
||||
{
|
||||
/** Full cipher identifier. For example,
|
||||
* MBEDTLS_CIPHER_AES_256_CBC.
|
||||
*/
|
||||
mbedtls_cipher_type_t type;
|
||||
|
||||
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
|
||||
mbedtls_cipher_mode_t mode;
|
||||
|
||||
/** The cipher key length, in bits. This is the
|
||||
* default length for variable sized ciphers.
|
||||
* Includes parity bits for ciphers like DES.
|
||||
*/
|
||||
unsigned int key_bitlen;
|
||||
|
||||
/** Name of the cipher. */
|
||||
const char * name;
|
||||
|
||||
/** IV or nonce size, in Bytes.
|
||||
* For ciphers that accept variable IV sizes,
|
||||
* this is the recommended size.
|
||||
*/
|
||||
unsigned int iv_size;
|
||||
|
||||
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
|
||||
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
|
||||
* cipher supports variable IV or variable key sizes, respectively.
|
||||
*/
|
||||
int flags;
|
||||
|
||||
/** The block size, in Bytes. */
|
||||
unsigned int block_size;
|
||||
|
||||
/** Struct for base cipher information and functions. */
|
||||
const mbedtls_cipher_base_t *base;
|
||||
|
||||
} mbedtls_cipher_info_t;
|
||||
|
||||
/**
|
||||
* Generic cipher context.
|
||||
*/
|
||||
typedef struct mbedtls_cipher_context_t
|
||||
{
|
||||
/** Information about the associated cipher. */
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
/** Key length to use. */
|
||||
int key_bitlen;
|
||||
|
||||
/** Operation that the key of the context has been
|
||||
* initialized for.
|
||||
*/
|
||||
mbedtls_operation_t operation;
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/** Padding functions to use, if relevant for
|
||||
* the specific cipher mode.
|
||||
*/
|
||||
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
|
||||
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
|
||||
#endif
|
||||
|
||||
/** Buffer for input that has not been processed yet. */
|
||||
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
|
||||
|
||||
/** Number of Bytes that have not been processed yet. */
|
||||
size_t unprocessed_len;
|
||||
|
||||
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
|
||||
* for XTS-mode. */
|
||||
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
|
||||
|
||||
/** IV size in Bytes, for ciphers with variable-length IVs. */
|
||||
size_t iv_size;
|
||||
|
||||
/** The cipher-specific context. */
|
||||
void *cipher_ctx;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
/** CMAC-specific context. */
|
||||
mbedtls_cmac_context_t *cmac_ctx;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/** Indicates whether the cipher operations should be performed
|
||||
* by Mbed TLS' own crypto library or an external implementation
|
||||
* of the PSA Crypto API.
|
||||
* This is unset if the cipher context was established through
|
||||
* mbedtls_cipher_setup(), and set if it was established through
|
||||
* mbedtls_cipher_setup_psa().
|
||||
*/
|
||||
unsigned char psa_enabled;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
} mbedtls_cipher_context_t;
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the list of ciphers supported
|
||||
* by the generic cipher module.
|
||||
*
|
||||
* For any cipher identifier in the returned list, you can
|
||||
* obtain the corresponding generic cipher information structure
|
||||
* via mbedtls_cipher_info_from_type(), which can then be used
|
||||
* to prepare a cipher context via mbedtls_cipher_setup().
|
||||
*
|
||||
*
|
||||
* \return A statically-allocated array of cipher identifiers
|
||||
* of type cipher_type_t. The last entry is zero.
|
||||
*/
|
||||
const int *mbedtls_cipher_list( void );
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher name.
|
||||
*
|
||||
* \param cipher_name Name of the cipher to search for. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_name.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher type.
|
||||
*
|
||||
* \param cipher_type Type of the cipher to search for.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_type.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher ID,
|
||||
* key size and mode.
|
||||
*
|
||||
* \param cipher_id The ID of the cipher to search for. For example,
|
||||
* #MBEDTLS_CIPHER_ID_AES.
|
||||
* \param key_bitlen The length of the key in bits.
|
||||
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_id.
|
||||
* \return \c NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
const mbedtls_cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief This function initializes a \p cipher_context as NONE.
|
||||
*
|
||||
* \param ctx The context to be initialized. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function frees and clears the cipher-specific
|
||||
* context of \p ctx. Freeing \p ctx itself remains the
|
||||
* responsibility of the caller.
|
||||
*
|
||||
* \param ctx The context to be freed. If this is \c NULL, the
|
||||
* function has no effect, otherwise this must point to an
|
||||
* initialized context.
|
||||
*/
|
||||
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
||||
/**
|
||||
* \brief This function initializes a cipher context for
|
||||
* use with the given cipher primitive.
|
||||
*
|
||||
* \param ctx The context to initialize. This must be initialized.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context fails.
|
||||
*
|
||||
* \internal Currently, the function also clears the structure.
|
||||
* In future versions, the caller will be required to call
|
||||
* mbedtls_cipher_init() on the structure first.
|
||||
*/
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
|
||||
const mbedtls_cipher_info_t *cipher_info );
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/**
|
||||
* \brief This function initializes a cipher context for
|
||||
* PSA-based use with the given cipher primitive.
|
||||
*
|
||||
* \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
|
||||
*
|
||||
* \param ctx The context to initialize. May not be \c NULL.
|
||||
* \param cipher_info The cipher to use.
|
||||
* \param taglen For AEAD ciphers, the length in bytes of the
|
||||
* authentication tag to use. Subsequent uses of
|
||||
* mbedtls_cipher_auth_encrypt() or
|
||||
* mbedtls_cipher_auth_decrypt() must provide
|
||||
* the same tag length.
|
||||
* For non-AEAD ciphers, the value must be \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context fails.
|
||||
*/
|
||||
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
|
||||
const mbedtls_cipher_info_t *cipher_info,
|
||||
size_t taglen );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/**
|
||||
* \brief This function returns the block size of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The block size of the underlying cipher.
|
||||
* \return \c 0 if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->block_size;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the mode of operation for
|
||||
* the cipher. For example, MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The mode of operation.
|
||||
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_MODE_NONE;
|
||||
|
||||
return ctx->cipher_info->mode;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the size of the IV or nonce
|
||||
* of the cipher, in Bytes.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The recommended IV size if no IV has been set.
|
||||
* \return \c 0 for ciphers not using an IV or a nonce.
|
||||
* \return The actual size if an IV has been set.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
if( ctx->iv_size != 0 )
|
||||
return (int) ctx->iv_size;
|
||||
|
||||
return (int) ctx->cipher_info->iv_size;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the type of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The type of the cipher.
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_CIPHER_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_CIPHER_NONE;
|
||||
|
||||
return ctx->cipher_info->type;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the name of the given cipher
|
||||
* as a string.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The name of the cipher.
|
||||
* \return NULL if \p ctx has not been not initialized.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->name;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the key length of the cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The key length of the cipher in bits.
|
||||
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* initialized.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_KEY_LENGTH_NONE;
|
||||
|
||||
return (int) ctx->cipher_info->key_bitlen;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function returns the operation of the given cipher.
|
||||
*
|
||||
* \param ctx The context of the cipher. This must be initialized.
|
||||
*
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
|
||||
const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET(
|
||||
ctx != NULL, MBEDTLS_OPERATION_NONE );
|
||||
if( ctx->cipher_info == NULL )
|
||||
return MBEDTLS_OPERATION_NONE;
|
||||
|
||||
return ctx->operation;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function sets the key to use with the given context.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param key The key to use. This must be a readable buffer of at
|
||||
* least \p key_bitlen Bits.
|
||||
* \param key_bitlen The key length to use, in Bits.
|
||||
* \param operation The operation that the key will be used for:
|
||||
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key,
|
||||
int key_bitlen,
|
||||
const mbedtls_operation_t operation );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/**
|
||||
* \brief This function sets the padding mode, for cipher modes
|
||||
* that use padding.
|
||||
*
|
||||
* The default passing mode is PKCS7 padding.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param mode The padding mode.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
|
||||
mbedtls_cipher_padding_t mode );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
/**
|
||||
* \brief This function sets the initialization vector (IV)
|
||||
* or nonce.
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
|
||||
* must be a readable buffer of at least \p iv_len Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len );
|
||||
|
||||
/**
|
||||
* \brief This function resets the cipher state.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
/**
|
||||
* \brief This function adds additional data for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* This must be called exactly once, after
|
||||
* mbedtls_cipher_reset().
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param ad The additional data to use. This must be a readable
|
||||
* buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len The length of \p ad in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len );
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
|
||||
/**
|
||||
* \brief The generic cipher update function. It encrypts or
|
||||
* decrypts using the given cipher context. Writes as
|
||||
* many block-sized blocks of data as possible to output.
|
||||
* Any data that cannot be written immediately is either
|
||||
* added to the next block, or flushed when
|
||||
* mbedtls_cipher_finish() is called.
|
||||
* Exception: For MBEDTLS_MODE_ECB, expects a single block
|
||||
* in size. For example, 16 Bytes for AES.
|
||||
*
|
||||
* \note If the underlying cipher is used in GCM mode, all calls
|
||||
* to this function, except for the last one before
|
||||
* mbedtls_cipher_finish(), must have \p ilen as a
|
||||
* multiple of the block size of the cipher.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least `ilen + block_size`. This must not be the
|
||||
* same buffer as \p input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen, unsigned char *output,
|
||||
size_t *olen );
|
||||
|
||||
/**
|
||||
* \brief The generic cipher finalization function. If data still
|
||||
* needs to be flushed from an incomplete block, the data
|
||||
* contained in it is padded to the size of
|
||||
* the last block, and written to the \p output buffer.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param output The buffer to write data to. This needs to be a writable
|
||||
* buffer of at least \p block_size Bytes.
|
||||
* \param olen The length of the data written to the \p output buffer.
|
||||
* This may not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
|
||||
/**
|
||||
* \brief This function writes a tag for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* This must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized,
|
||||
* bound to a key, and have just completed a cipher
|
||||
* operation through mbedtls_cipher_finish() the tag for
|
||||
* which should be written.
|
||||
* \param tag The buffer to write the tag to. This must be a writable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to write.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function checks the tag for AEAD ciphers.
|
||||
* Currently supported with GCM and ChaCha20+Poly1305.
|
||||
* This must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param tag The buffer holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to check.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
|
||||
/**
|
||||
* \brief The generic all-in-one encryption/decryption function,
|
||||
* for all ciphers except AEAD constructs.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size
|
||||
* IV.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least `ilen + block_size`. This must not be the
|
||||
* same buffer as \p input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, use \p iv = NULL and \p iv_len = 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
/**
|
||||
* \brief The generic autenticated encryption (AEAD) function.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to authenticate. This must be a
|
||||
* readable buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. This must be able to
|
||||
* hold at least \p ilen Bytes.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
* \param tag The buffer for the authentication tag. This must be a
|
||||
* writable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The desired length of the authentication tag.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief The generic autenticated decryption (AEAD) function.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* and bound to a key.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* This must be a readable buffer of at least \p iv_len
|
||||
* Bytes.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to be authenticated. This must be a
|
||||
* readable buffer of at least \p ad_len Bytes.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
* readable buffer of at least \p ilen Bytes.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data.
|
||||
* This must be able to hold at least \p ilen Bytes.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written. This must not be
|
||||
* \c NULL.
|
||||
* \param tag The buffer holding the authentication tag. This must be
|
||||
* a readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the authentication tag.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_H */
|
|
@ -1,153 +0,0 @@
|
|||
/**
|
||||
* \file cipher_internal.h
|
||||
*
|
||||
* \brief Cipher wrappers.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_CIPHER_WRAP_H
|
||||
#define MBEDTLS_CIPHER_WRAP_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Base cipher information. The non-mode specific functions and values.
|
||||
*/
|
||||
struct mbedtls_cipher_base_t
|
||||
{
|
||||
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
|
||||
mbedtls_cipher_id_t cipher;
|
||||
|
||||
/** Encrypt using ECB */
|
||||
int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
|
||||
const unsigned char *input, unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/** Encrypt using CBC */
|
||||
int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
|
||||
unsigned char *iv, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/** Encrypt using CFB (Full length) */
|
||||
int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
|
||||
unsigned char *iv, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
||||
/** Encrypt using OFB (Full length) */
|
||||
int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
|
||||
unsigned char *iv,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/** Encrypt using CTR */
|
||||
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
|
||||
unsigned char *nonce_counter, unsigned char *stream_block,
|
||||
const unsigned char *input, unsigned char *output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
/** Encrypt or decrypt using XTS. */
|
||||
int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
|
||||
const unsigned char data_unit[16],
|
||||
const unsigned char *input, unsigned char *output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
/** Encrypt using STREAM */
|
||||
int (*stream_func)( void *ctx, size_t length,
|
||||
const unsigned char *input, unsigned char *output );
|
||||
#endif
|
||||
|
||||
/** Set key for encryption purposes */
|
||||
int (*setkey_enc_func)( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen );
|
||||
|
||||
/** Set key for decryption purposes */
|
||||
int (*setkey_dec_func)( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen);
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
/** Free the given context */
|
||||
void (*ctx_free_func)( void *ctx );
|
||||
|
||||
};
|
||||
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_cipher_type_t type;
|
||||
const mbedtls_cipher_info_t *info;
|
||||
} mbedtls_cipher_definition_t;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
|
||||
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
|
||||
/* use raw key material internally imported */
|
||||
/* into a allocated key slot, and which */
|
||||
/* hence need to destroy that key slot */
|
||||
/* when they are no longer needed. */
|
||||
MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */
|
||||
/* which use a key from a key slot */
|
||||
/* provided by the user, and which */
|
||||
/* hence should not be destroyed when */
|
||||
/* the context is no longer needed. */
|
||||
} mbedtls_cipher_psa_key_ownership;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
psa_key_handle_t slot;
|
||||
mbedtls_cipher_psa_key_ownership slot_state;
|
||||
} mbedtls_cipher_context_psa;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
|
||||
|
||||
extern int mbedtls_cipher_supported[];
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_WRAP_H */
|
|
@ -1,213 +0,0 @@
|
|||
/**
|
||||
* \file cmac.h
|
||||
*
|
||||
* \brief This file contains CMAC definitions and functions.
|
||||
*
|
||||
* The Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_AES_BLOCK_SIZE 16
|
||||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT)
|
||||
|
||||
/**
|
||||
* The CMAC context structure.
|
||||
*/
|
||||
struct mbedtls_cmac_context_t
|
||||
{
|
||||
/** The internal state of the CMAC algorithm. */
|
||||
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Unprocessed data - either data that was not block aligned and is still
|
||||
* pending processing, or the final block. */
|
||||
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** The length of data pending processing. */
|
||||
size_t unprocessed_len;
|
||||
};
|
||||
|
||||
#else /* !MBEDTLS_CMAC_ALT */
|
||||
#include "cmac_alt.h"
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function sets the CMAC key, and prepares to authenticate
|
||||
* the input data.
|
||||
* Must be called with an initialized cipher context.
|
||||
*
|
||||
* \param ctx The cipher context used for the CMAC operation, initialized
|
||||
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
|
||||
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
|
||||
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||
* \param key The CMAC key.
|
||||
* \param keybits The length of the CMAC key in bits.
|
||||
* Must be supported by the cipher.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key, size_t keybits );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing CMAC
|
||||
* computation.
|
||||
*
|
||||
* It is called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
|
||||
* Can be called repeatedly.
|
||||
*
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the CMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* It is called after mbedtls_cipher_cmac_update().
|
||||
* It can be followed by mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
|
||||
*
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param output The output buffer for the CMAC checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function prepares the authentication of another
|
||||
* message with the same key as the previous CMAC
|
||||
* operation.
|
||||
*
|
||||
* It is called after mbedtls_cipher_cmac_finish()
|
||||
* and before mbedtls_cipher_cmac_update().
|
||||
*
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function calculates the full generic CMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The CMAC result is calculated as
|
||||
* output = generic CMAC(cmac key, input buffer).
|
||||
*
|
||||
*
|
||||
* \param cipher_info The cipher information.
|
||||
* \param key The CMAC key.
|
||||
* \param keylen The length of the CMAC key in bits.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the generic CMAC result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief This function implements the AES-CMAC-PRF-128 pseudorandom
|
||||
* function, as defined in
|
||||
* <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
|
||||
* Message Authentication Code-Pseudo-Random Function-128
|
||||
* (AES-CMAC-PRF-128) Algorithm for the Internet Key
|
||||
* Exchange Protocol (IKE).</em>
|
||||
*
|
||||
* \param key The key to use.
|
||||
* \param key_len The key length in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param in_len The length of the input data in Bytes.
|
||||
* \param output The buffer holding the generated 16 Bytes of
|
||||
* pseudorandom output.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char output[16] );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
|
||||
/**
|
||||
* \brief The CMAC checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_cmac_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CMAC_H */
|
|
@ -26,7 +26,7 @@
|
|||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
|
|
@ -295,7 +295,7 @@
|
|||
* the function mbedtls_param_failed() in your application.
|
||||
* See `platform_util.h` for its prototype.
|
||||
* - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
|
||||
* library defines #MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
|
||||
* library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
|
||||
* You can still supply an alternative definition of
|
||||
* MBEDTLS_PARAM_FAILED(), which may call `assert`.
|
||||
* - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
|
||||
|
@ -3546,6 +3546,6 @@
|
|||
#include MBEDTLS_USER_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "check_config.h"
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
|
|
|
@ -1,380 +0,0 @@
|
|||
/**
|
||||
* \file ctr_drbg.h
|
||||
*
|
||||
* \brief This file contains CTR_DRBG definitions and functions.
|
||||
*
|
||||
* CTR_DRBG is a standardized way of building a PRNG from a block-cipher
|
||||
* in counter mode operation, as defined in <em>NIST SP 800-90A:
|
||||
* Recommendation for Random Number Generation Using Deterministic Random
|
||||
* Bit Generators</em>.
|
||||
*
|
||||
* The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
|
||||
* as the underlying block cipher.
|
||||
*
|
||||
* \warning Using 128-bit keys for CTR_DRBG limits the security of generated
|
||||
* keys and operations that use random values generated to 128-bit security.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CTR_DRBG_H
|
||||
#define MBEDTLS_CTR_DRBG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< The requested random buffer length is too big. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< The input (entropy + additional data) is too large. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher (compile-time choice: 128 bits). */
|
||||
#else
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher (compile-time choice: 256 bits). */
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
|
||||
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them using the compiler command
|
||||
* line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
|
||||
/**< The amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#else
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
|
||||
/**< Amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
|
||||
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
|
||||
/**< The interval before reseed is performed by default. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
|
||||
/**< The maximum number of additional input Bytes. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
|
||||
/**< The maximum number of requested Bytes per call. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
|
||||
/**< The maximum size of seed or reseed buffer. */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0
|
||||
/**< Prediction resistance is disabled. */
|
||||
#define MBEDTLS_CTR_DRBG_PR_ON 1
|
||||
/**< Prediction resistance is enabled. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The CTR_DRBG context structure.
|
||||
*/
|
||||
typedef struct mbedtls_ctr_drbg_context
|
||||
{
|
||||
unsigned char counter[16]; /*!< The counter (V). */
|
||||
int reseed_counter; /*!< The reseed counter. */
|
||||
int prediction_resistance; /*!< This determines whether prediction
|
||||
resistance is enabled, that is
|
||||
whether to systematically reseed before
|
||||
each random generation. */
|
||||
size_t entropy_len; /*!< The amount of entropy grabbed on each
|
||||
seed or reseed operation. */
|
||||
int reseed_interval; /*!< The reseed interval. */
|
||||
|
||||
mbedtls_aes_context aes_ctx; /*!< The AES context. */
|
||||
|
||||
/*
|
||||
* Callbacks (Entropy)
|
||||
*/
|
||||
int (*f_entropy)(void *, unsigned char *, size_t);
|
||||
/*!< The entropy callback function. */
|
||||
|
||||
void *p_entropy; /*!< The context for the entropy function. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
}
|
||||
mbedtls_ctr_drbg_context;
|
||||
|
||||
/**
|
||||
* \brief This function initializes the CTR_DRBG context,
|
||||
* and prepares it for mbedtls_ctr_drbg_seed()
|
||||
* or mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* \param ctx The CTR_DRBG context to initialize.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function seeds and sets up the CTR_DRBG
|
||||
* entropy source for future reseeds.
|
||||
*
|
||||
* \note Personalization data can be provided in addition to the more generic
|
||||
* entropy source, to make this instantiation as unique as possible.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context to seed.
|
||||
* \param f_entropy The entropy callback, taking as arguments the
|
||||
* \p p_entropy context, the buffer to fill, and the
|
||||
length of the buffer.
|
||||
* \param p_entropy The entropy context.
|
||||
* \param custom Personalization data, that is device-specific
|
||||
identifiers. Can be NULL.
|
||||
* \param len The length of the personalization data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function clears CTR_CRBG context data.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context to clear.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function turns prediction resistance on or off.
|
||||
* The default value is off.
|
||||
*
|
||||
* \note If enabled, entropy is gathered at the beginning of
|
||||
* every call to mbedtls_ctr_drbg_random_with_add().
|
||||
* Only use this if your entropy source has sufficient
|
||||
* throughput.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
|
||||
int resistance );
|
||||
|
||||
/**
|
||||
* \brief This function sets the amount of entropy grabbed on each
|
||||
* seed or reseed. The default value is
|
||||
* #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param len The amount of entropy to grab.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function sets the reseed interval.
|
||||
* The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param interval The reseed interval.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
||||
int interval );
|
||||
|
||||
/**
|
||||
* \brief This function reseeds the CTR_DRBG context, that is
|
||||
* extracts data from the entropy source.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional Additional data to add to the state. Can be NULL.
|
||||
* \param len The length of the additional data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional in bytes. This must be at
|
||||
* most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
|
||||
* \p add_len is more than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
|
||||
* \return An error from the underlying AES cipher on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief This function updates a CTR_DRBG instance with additional
|
||||
* data and uses it to generate random data.
|
||||
*
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
* \param additional Additional data to update. Can be NULL.
|
||||
* \param add_len The length of the additional data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief This function uses CTR_DRBG to generate random data.
|
||||
*
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||
unsigned char *output, size_t output_len );
|
||||
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ctr_drbg_update_ret()
|
||||
* in 2.16.0.
|
||||
*
|
||||
* \note If \p add_len is greater than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
|
||||
mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len );
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief This function writes a seed file.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief This function reads and updates a seed file. The seed
|
||||
* is added to this instance.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief The CTR_DRBG checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
/* Internal functions (do not call directly) */
|
||||
int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
|
||||
int (*)(void *, unsigned char *, size_t), void *,
|
||||
const unsigned char *, size_t, size_t );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ctr_drbg.h */
|
|
@ -25,15 +25,15 @@
|
|||
#define MBEDTLS_DEBUG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "ecp.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
|
|
@ -1,356 +0,0 @@
|
|||
/**
|
||||
* \file des.h
|
||||
*
|
||||
* \brief DES block cipher
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_DES_H
|
||||
#define MBEDTLS_DES_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_DES_ENCRYPT 1
|
||||
#define MBEDTLS_DES_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
||||
|
||||
/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_DES_KEY_SIZE 8
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief DES context structure
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
typedef struct mbedtls_des_context
|
||||
{
|
||||
uint32_t sk[32]; /*!< DES subkeys */
|
||||
}
|
||||
mbedtls_des_context;
|
||||
|
||||
/**
|
||||
* \brief Triple-DES context structure
|
||||
*/
|
||||
typedef struct mbedtls_des3_context
|
||||
{
|
||||
uint32_t sk[96]; /*!< 3DES subkeys */
|
||||
}
|
||||
mbedtls_des3_context;
|
||||
|
||||
#else /* MBEDTLS_DES_ALT */
|
||||
#include "des_alt.h"
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize DES context
|
||||
*
|
||||
* \param ctx DES context to be initialized
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_init( mbedtls_des_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear DES context
|
||||
*
|
||||
* \param ctx DES context to be cleared
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_free( mbedtls_des_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initialize Triple-DES context
|
||||
*
|
||||
* \param ctx DES3 context to be initialized
|
||||
*/
|
||||
void mbedtls_des3_init( mbedtls_des3_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear Triple-DES context
|
||||
*
|
||||
* \param ctx DES3 context to be cleared
|
||||
*/
|
||||
void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set key parity on the given key to odd.
|
||||
*
|
||||
* DES keys are 56 bits long, but each byte is padded with
|
||||
* a parity bit to allow verification.
|
||||
*
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
* \brief Check that key parity on the given key is odd.
|
||||
*
|
||||
* DES keys are 56 bits long, but each byte is padded with
|
||||
* a parity bit to allow verification.
|
||||
*
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 is parity was ok, 1 if parity was not correct.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
* \brief Check that key is not a weak or semi-weak DES key
|
||||
*
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 if no weak key was found, 1 if a weak key was identified.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
* \brief DES key schedule (56-bit, encryption)
|
||||
*
|
||||
* \param ctx DES context to be initialized
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
* \brief DES key schedule (56-bit, decryption)
|
||||
*
|
||||
* \param ctx DES context to be initialized
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
/**
|
||||
* \brief Triple-DES key schedule (112-bit, encryption)
|
||||
*
|
||||
* \param ctx 3DES context to be initialized
|
||||
* \param key 16-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
||||
|
||||
/**
|
||||
* \brief Triple-DES key schedule (112-bit, decryption)
|
||||
*
|
||||
* \param ctx 3DES context to be initialized
|
||||
* \param key 16-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
||||
|
||||
/**
|
||||
* \brief Triple-DES key schedule (168-bit, encryption)
|
||||
*
|
||||
* \param ctx 3DES context to be initialized
|
||||
* \param key 24-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
||||
|
||||
/**
|
||||
* \brief Triple-DES key schedule (168-bit, decryption)
|
||||
*
|
||||
* \param ctx 3DES context to be initialized
|
||||
* \param key 24-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
||||
|
||||
/**
|
||||
* \brief DES-ECB block encryption/decryption
|
||||
*
|
||||
* \param ctx DES context
|
||||
* \param input 64-bit input block
|
||||
* \param output 64-bit output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||
const unsigned char input[8],
|
||||
unsigned char output[8] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief DES-CBC buffer encryption/decryption
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx DES context
|
||||
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[8],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
/**
|
||||
* \brief 3DES-ECB block encryption/decryption
|
||||
*
|
||||
* \param ctx 3DES context
|
||||
* \param input 64-bit input block
|
||||
* \param output 64-bit output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
||||
const unsigned char input[8],
|
||||
unsigned char output[8] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief 3DES-CBC buffer encryption/decryption
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx 3DES context
|
||||
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
|
||||
*/
|
||||
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[8],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
/**
|
||||
* \brief Internal function for key expansion.
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_DES_SETKEY_ALT)
|
||||
*
|
||||
* \param SK Round keys
|
||||
* \param key Base key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_setkey( uint32_t SK[32],
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_des_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* des.h */
|
File diff suppressed because it is too large
Load diff
|
@ -1,428 +0,0 @@
|
|||
/**
|
||||
* \file ecdh.h
|
||||
*
|
||||
* \brief This file contains ECDH definitions and functions.
|
||||
*
|
||||
* The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
|
||||
* key agreement protocol allowing two parties to establish a shared
|
||||
* secret over an insecure channel. Each party must have an
|
||||
* elliptic-curve public–private key pair.
|
||||
*
|
||||
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
|
||||
* Pair-Wise Key Establishment Schemes Using Discrete Logarithm
|
||||
* Cryptography</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDH_H
|
||||
#define MBEDTLS_ECDH_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Defines the source of the imported EC key.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECDH_OURS, /**< Our key. */
|
||||
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
|
||||
} mbedtls_ecdh_side;
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
/**
|
||||
* Defines the ECDH implementation used.
|
||||
*
|
||||
* Later versions of the library may add new variants, therefore users should
|
||||
* not make any assumptions about them.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
|
||||
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
|
||||
} mbedtls_ecdh_variant;
|
||||
|
||||
/**
|
||||
* The context used by the default ECDH implementation.
|
||||
*
|
||||
* Later versions might change the structure of this context, therefore users
|
||||
* should not make any assumptions about the structure of
|
||||
* mbedtls_ecdh_context_mbed.
|
||||
*/
|
||||
typedef struct mbedtls_ecdh_context_mbed
|
||||
{
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
||||
mbedtls_mpi z; /*!< The shared secret. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
||||
#endif
|
||||
} mbedtls_ecdh_context_mbed;
|
||||
#endif
|
||||
|
||||
/**
|
||||
*
|
||||
* \warning Performing multiple operations concurrently on the same
|
||||
* ECDSA context is not supported; objects of this type
|
||||
* should not be shared between multiple threads.
|
||||
* \brief The ECDH context structure.
|
||||
*/
|
||||
typedef struct mbedtls_ecdh_context
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
||||
mbedtls_mpi z; /*!< The shared secret. */
|
||||
int point_format; /*!< The format of point export in TLS messages. */
|
||||
mbedtls_ecp_point Vi; /*!< The blinding value. */
|
||||
mbedtls_ecp_point Vf; /*!< The unblinding value. */
|
||||
mbedtls_mpi _d; /*!< The previous \p d. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
int restart_enabled; /*!< The flag for restartable mode. */
|
||||
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
#else
|
||||
uint8_t point_format; /*!< The format of point export in TLS messages
|
||||
as defined in RFC 4492. */
|
||||
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
|
||||
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
|
||||
union
|
||||
{
|
||||
mbedtls_ecdh_context_mbed mbed_ecdh;
|
||||
} ctx; /*!< Implementation-specific context. The
|
||||
context in use is specified by the \c var
|
||||
field. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
|
||||
an alternative implementation not supporting
|
||||
restartable mode must return
|
||||
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
|
||||
if this flag is set. */
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
|
||||
}
|
||||
mbedtls_ecdh_context;
|
||||
|
||||
/**
|
||||
* \brief This function generates an ECDH keypair on an elliptic
|
||||
* curve.
|
||||
*
|
||||
* This function performs the first of two core computations
|
||||
* implemented during the ECDH key exchange. The second core
|
||||
* computation is performed by mbedtls_ecdh_compute_shared().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group to use. This must be initialized and have
|
||||
* domain parameters loaded, for example through
|
||||
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
||||
* \param d The destination MPI (private key).
|
||||
* This must be initialized.
|
||||
* \param Q The destination point (public key).
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function computes the shared secret.
|
||||
*
|
||||
* This function performs the second of two core computations
|
||||
* implemented during the ECDH key exchange. The first core
|
||||
* computation is performed by mbedtls_ecdh_gen_public().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \param grp The ECP group to use. This must be initialized and have
|
||||
* domain parameters loaded, for example through
|
||||
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
||||
* \param z The destination MPI (shared secret).
|
||||
* This must be initialized.
|
||||
* \param Q The public key from another party.
|
||||
* This must be initialized.
|
||||
* \param d Our secret exponent (private key).
|
||||
* This must be initialized.
|
||||
* \param f_rng The RNG function. This may be \c NULL if randomization
|
||||
* of intermediate results during the ECP computations is
|
||||
* not needed (discouraged). See the documentation of
|
||||
* mbedtls_ecp_mul() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a
|
||||
* context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function initializes an ECDH context.
|
||||
*
|
||||
* \param ctx The ECDH context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets up the ECDH context with the information
|
||||
* given.
|
||||
*
|
||||
* This function should be called after mbedtls_ecdh_init() but
|
||||
* before mbedtls_ecdh_make_params(). There is no need to call
|
||||
* this function before mbedtls_ecdh_read_params().
|
||||
*
|
||||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \param ctx The ECDH context to set up. This must be initialized.
|
||||
* \param grp_id The group id of the group to set up the context for.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
|
||||
mbedtls_ecp_group_id grp_id );
|
||||
|
||||
/**
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx The context to free. This may be \c NULL, in which
|
||||
* case this function does nothing. If it is not \c NULL,
|
||||
* it must point to an initialized ECDH context.
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates an EC key pair and exports its
|
||||
* in the format used in a TLS ServerKeyExchange handshake
|
||||
* message.
|
||||
*
|
||||
* This is the second function used by a TLS server for ECDHE
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup().)
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, for example via mbedtls_ecdh_setup().
|
||||
* \param olen The address at which to store the number of Bytes written.
|
||||
* \param buf The destination buffer. This must be a writable buffer of
|
||||
* length \p blen Bytes.
|
||||
* \param blen The length of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses the ECDHE parameters in a
|
||||
* TLS ServerKeyExchange handshake message.
|
||||
*
|
||||
* \note In a TLS handshake, this is the how the client
|
||||
* sets up its ECDHE context from the server's public
|
||||
* ECDHE key material.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDHE context to use. This must be initialized.
|
||||
* \param buf On input, \c *buf must be the start of the input buffer.
|
||||
* On output, \c *buf is updated to point to the end of the
|
||||
* data that has been read. On success, this is the first byte
|
||||
* past the end of the ServerKeyExchange parameters.
|
||||
* On error, this is the point at which an error has been
|
||||
* detected, which is usually not useful except to debug
|
||||
* failures.
|
||||
* \param end The end of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function sets up an ECDH context from an EC key.
|
||||
*
|
||||
* It is used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to set up. This must be initialized.
|
||||
* \param key The EC key to use. This must be initialized.
|
||||
* \param side Defines the source of the key. Possible values are:
|
||||
* - #MBEDTLS_ECDH_OURS: The key is ours.
|
||||
* - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and exports it
|
||||
* as a TLS ClientKeyExchange payload.
|
||||
*
|
||||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, the latter usually by
|
||||
* mbedtls_ecdh_read_params().
|
||||
* \param olen The address at which to store the number of Bytes written.
|
||||
* This must not be \c NULL.
|
||||
* \param buf The destination buffer. This must be a writable buffer
|
||||
* of length \p blen Bytes.
|
||||
* \param blen The size of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL in case \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes the ECDHE payload of a
|
||||
* TLS ClientKeyExchange message.
|
||||
*
|
||||
* This is the third function used by a TLS server for ECDH(E)
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup() and
|
||||
* mbedtls_ecdh_make_params().)
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and bound to a group, for example via mbedtls_ecdh_setup().
|
||||
* \param buf The pointer to the ClientKeyExchange payload. This must
|
||||
* be a readable buffer of length \p blen Bytes.
|
||||
* \param blen The length of the input buffer \p buf in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief This function derives and exports the shared secret.
|
||||
*
|
||||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \see ecp.h
|
||||
|
||||
* \param ctx The ECDH context to use. This must be initialized
|
||||
* and have its own private key generated and the peer's
|
||||
* public key imported.
|
||||
* \param olen The address at which to store the total number of
|
||||
* Bytes written on success. This must not be \c NULL.
|
||||
* \param buf The buffer to write the generated shared key to. This
|
||||
* must be a writable buffer of size \p blen Bytes.
|
||||
* \param blen The length of the destination buffer \p buf in Bytes.
|
||||
* \param f_rng The RNG function, for blinding purposes. This may
|
||||
* b \c NULL if blinding isn't needed.
|
||||
* \param p_rng The RNG context. This may be \c NULL if \p f_rng
|
||||
* doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief This function enables restartable EC computations for this
|
||||
* context. (Default: disabled.)
|
||||
*
|
||||
* \see \c mbedtls_ecp_set_max_ops()
|
||||
*
|
||||
* \note It is not possible to safely disable restartable
|
||||
* computations once enabled, except by free-ing the context,
|
||||
* which cancels possible in-progress operations.
|
||||
*
|
||||
* \param ctx The ECDH context to use. This must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ecdh.h */
|
|
@ -1,550 +0,0 @@
|
|||
/**
|
||||
* \file ecdsa.h
|
||||
*
|
||||
* \brief This file contains ECDSA definitions and functions.
|
||||
*
|
||||
* The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
|
||||
* <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* SEC1 Elliptic Curve Cryptography</em>.
|
||||
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
|
||||
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDSA_H
|
||||
#define MBEDTLS_ECDSA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
/**
|
||||
* \brief Maximum ECDSA signature size for a given curve bit size
|
||||
*
|
||||
* \param bits Curve size in bits
|
||||
* \return Maximum signature size in bytes
|
||||
*
|
||||
* \note This macro returns a compile-time constant if its argument
|
||||
* is one. It may evaluate its argument multiple times.
|
||||
*/
|
||||
/*
|
||||
* Ecdsa-Sig-Value ::= SEQUENCE {
|
||||
* r INTEGER,
|
||||
* s INTEGER
|
||||
* }
|
||||
*
|
||||
* For each of r and s, the value (V) may include an extra initial "0" bit.
|
||||
*/
|
||||
#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
|
||||
( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
|
||||
/*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
|
||||
/*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
|
||||
|
||||
/** The maximal size of an ECDSA signature in Bytes. */
|
||||
#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The ECDSA context structure.
|
||||
*
|
||||
* \warning Performing multiple operations concurrently on the same
|
||||
* ECDSA context is not supported; objects of this type
|
||||
* should not be shared between multiple threads.
|
||||
*/
|
||||
typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
|
||||
/**
|
||||
* \brief Internal restart context for ecdsa_verify()
|
||||
*
|
||||
* \note Opaque struct, defined in ecdsa.c
|
||||
*/
|
||||
typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
|
||||
|
||||
/**
|
||||
* \brief Internal restart context for ecdsa_sign()
|
||||
*
|
||||
* \note Opaque struct, defined in ecdsa.c
|
||||
*/
|
||||
typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/**
|
||||
* \brief Internal restart context for ecdsa_sign_det()
|
||||
*
|
||||
* \note Opaque struct, defined in ecdsa.c
|
||||
*/
|
||||
typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief General context for resuming ECDSA operations
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
|
||||
shared administrative info */
|
||||
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
|
||||
mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
|
||||
#endif
|
||||
} mbedtls_ecdsa_restart_ctx;
|
||||
|
||||
#else /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/* Now we can declare functions that take a pointer to that */
|
||||
typedef void mbedtls_ecdsa_restart_ctx;
|
||||
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/**
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note The deterministic version implemented in
|
||||
* mbedtls_ecdsa_sign_det() is usually preferred.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The context for the elliptic curve to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param r The MPI context in which to store the first part
|
||||
* the signature. This must be initialized.
|
||||
* \param s The MPI context in which to store the second part
|
||||
* the signature. This must be initialized.
|
||||
* \param d The private signing key. This must be initialized.
|
||||
* \param buf The content to be signed. This is usually the hash of
|
||||
* the original data to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param f_rng The RNG function. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context parameter.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX
|
||||
* or \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/**
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message, deterministic version.
|
||||
*
|
||||
* For more information, see <em>RFC-6979: Deterministic
|
||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The context for the elliptic curve to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param r The MPI context in which to store the first part
|
||||
* the signature. This must be initialized.
|
||||
* \param s The MPI context in which to store the second part
|
||||
* the signature. This must be initialized.
|
||||
* \param d The private signing key. This must be initialized
|
||||
* and setup, for example through mbedtls_ecp_gen_privkey().
|
||||
* \param buf The hashed content to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param md_alg The hash algorithm used to hash the original data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
|
||||
mbedtls_mpi *s, const mbedtls_mpi *d,
|
||||
const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief This function verifies the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
* \param buf The hashed content that was signed. This must be a readable
|
||||
* buffer of length \p blen Bytes. It may be \c NULL if
|
||||
* \p blen is zero.
|
||||
* \param blen The length of \p buf in Bytes.
|
||||
* \param Q The public key to use for verification. This must be
|
||||
* initialized and setup.
|
||||
* \param r The first integer of the signature.
|
||||
* This must be initialized.
|
||||
* \param s The second integer of the signature.
|
||||
* This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
|
||||
* is invalid.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
|
||||
const mbedtls_mpi *s);
|
||||
|
||||
/**
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
* to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \note The deterministic version is used if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
|
||||
* information, see <em>RFC-6979: Deterministic Usage
|
||||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param f_rng The RNG function. This must not be \c NULL if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
|
||||
* it is unused and may be set to \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
* to a buffer, in a restartable way.
|
||||
*
|
||||
* \see \c mbedtls_ecdsa_write_signature()
|
||||
*
|
||||
* \note This function is like \c mbedtls_ecdsa_write_signature()
|
||||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param f_rng The RNG function. This must not be \c NULL if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
|
||||
* it is unused and may be set to \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't use a context.
|
||||
* \param rs_ctx The restart context to use. This may be \c NULL to disable
|
||||
* restarting. If it is not \c NULL, it must point to an
|
||||
* initialized restart context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_ecdsa_restart_ctx *rs_ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function computes an ECDSA signature and writes
|
||||
* it to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA)
|
||||
* and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
||||
* Mbed TLS version 2.0 and later.
|
||||
*
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and private key bound to it, for example
|
||||
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
|
||||
* \param hash The message hash to be signed. This must be a readable
|
||||
* buffer of length \p blen Bytes.
|
||||
* \param hlen The length of the hash \p hash in Bytes.
|
||||
* \param sig The buffer to which to write the signature. This must be a
|
||||
* writable buffer of length at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param slen The address at which to store the actual length of
|
||||
* the signature written. Must not be \c NULL.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief This function reads and verifies an ECDSA signature.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and public key bound to it.
|
||||
* \param hash The message hash that was signed. This must be a readable
|
||||
* buffer of length \p size Bytes.
|
||||
* \param hlen The size of the hash \p hash.
|
||||
* \param sig The signature to read and verify. This must be a readable
|
||||
* buffer of length \p slen Bytes.
|
||||
* \param slen The size of \p sig in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
const unsigned char *sig, size_t slen );
|
||||
|
||||
/**
|
||||
* \brief This function reads and verifies an ECDSA signature,
|
||||
* in a restartable way.
|
||||
*
|
||||
* \see \c mbedtls_ecdsa_read_signature()
|
||||
*
|
||||
* \note This function is like \c mbedtls_ecdsa_read_signature()
|
||||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx The ECDSA context to use. This must be initialized
|
||||
* and have a group and public key bound to it.
|
||||
* \param hash The message hash that was signed. This must be a readable
|
||||
* buffer of length \p size Bytes.
|
||||
* \param hlen The size of the hash \p hash.
|
||||
* \param sig The signature to read and verify. This must be a readable
|
||||
* buffer of length \p slen Bytes.
|
||||
* \param slen The size of \p sig in Bytes.
|
||||
* \param rs_ctx The restart context to use. This may be \c NULL to disable
|
||||
* restarting. If it is not \c NULL, it must point to an
|
||||
* initialized restart context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
* \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
const unsigned char *sig, size_t slen,
|
||||
mbedtls_ecdsa_restart_ctx *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates an ECDSA keypair on the given curve.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* This must be initialized.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng doesn't need a context argument.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function sets up an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to setup. This must be initialized.
|
||||
* \param key The EC key to use. This must be initialized and hold
|
||||
* a private-public key pair or a public key. In the former
|
||||
* case, the ECDSA context may be used for signature creation
|
||||
* and verification after this call. In the latter case, it
|
||||
* may be used for signature verification.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
|
||||
const mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief This function initializes an ECDSA context.
|
||||
*
|
||||
* \param ctx The ECDSA context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function frees an ECDSA context.
|
||||
*
|
||||
* \param ctx The ECDSA context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Initialize a restart context.
|
||||
*
|
||||
* \param ctx The restart context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a restart context.
|
||||
*
|
||||
* \param ctx The restart context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must be initialized.
|
||||
*/
|
||||
void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ecdsa.h */
|
|
@ -1,277 +0,0 @@
|
|||
/**
|
||||
* \file ecjpake.h
|
||||
*
|
||||
* \brief Elliptic curve J-PAKE
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ECJPAKE_H
|
||||
#define MBEDTLS_ECJPAKE_H
|
||||
|
||||
/*
|
||||
* J-PAKE is a password-authenticated key exchange that allows deriving a
|
||||
* strong shared secret from a (potentially low entropy) pre-shared
|
||||
* passphrase, with forward secrecy and mutual authentication.
|
||||
* https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
|
||||
*
|
||||
* This file implements the Elliptic Curve variant of J-PAKE,
|
||||
* as defined in Chapter 7.4 of the Thread v1.0 Specification,
|
||||
* available to members of the Thread Group http://threadgroup.org/
|
||||
*
|
||||
* As the J-PAKE algorithm is inherently symmetric, so is our API.
|
||||
* Each party needs to send its first round message, in any order, to the
|
||||
* other party, then each sends its second round message, in any order.
|
||||
* The payloads are serialized in a way suitable for use in TLS, but could
|
||||
* also be use outside TLS.
|
||||
*/
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Roles in the EC J-PAKE exchange
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
|
||||
MBEDTLS_ECJPAKE_SERVER, /**< Server */
|
||||
} mbedtls_ecjpake_role;
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
/**
|
||||
* EC J-PAKE context structure.
|
||||
*
|
||||
* J-PAKE is a symmetric protocol, except for the identifiers used in
|
||||
* Zero-Knowledge Proofs, and the serialization of the second message
|
||||
* (KeyExchange) as defined by the Thread spec.
|
||||
*
|
||||
* In order to benefit from this symmetry, we choose a different naming
|
||||
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
|
||||
* description as a pair C: client name, S: server name
|
||||
*/
|
||||
typedef struct mbedtls_ecjpake_context
|
||||
{
|
||||
const mbedtls_md_info_t *md_info; /**< Hash to use */
|
||||
mbedtls_ecp_group grp; /**< Elliptic curve */
|
||||
mbedtls_ecjpake_role role; /**< Are we client or server? */
|
||||
int point_format; /**< Format for point export */
|
||||
|
||||
mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
|
||||
mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
|
||||
mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
|
||||
mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
|
||||
mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
|
||||
|
||||
mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
|
||||
mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
|
||||
|
||||
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
|
||||
} mbedtls_ecjpake_context;
|
||||
|
||||
#else /* MBEDTLS_ECJPAKE_ALT */
|
||||
#include "ecjpake_alt.h"
|
||||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize an ECJPAKE context.
|
||||
*
|
||||
* \param ctx The ECJPAKE context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set up an ECJPAKE context for use.
|
||||
*
|
||||
* \note Currently the only values for hash/curve allowed by the
|
||||
* standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
|
||||
*
|
||||
* \param ctx The ECJPAKE context to set up. This must be initialized.
|
||||
* \param role The role of the caller. This must be either
|
||||
* #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
|
||||
* \param hash The identifier of the hash function to use,
|
||||
* for example #MBEDTLS_MD_SHA256.
|
||||
* \param curve The identifier of the elliptic curve to use,
|
||||
* for example #MBEDTLS_ECP_DP_SECP256R1.
|
||||
* \param secret The pre-shared secret (passphrase). This must be
|
||||
* a readable buffer of length \p len Bytes. It need
|
||||
* only be valid for the duration of this call.
|
||||
* \param len The length of the pre-shared secret \p secret.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
||||
mbedtls_ecjpake_role role,
|
||||
mbedtls_md_type_t hash,
|
||||
mbedtls_ecp_group_id curve,
|
||||
const unsigned char *secret,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Check if an ECJPAKE context is ready for use.
|
||||
*
|
||||
* \param ctx The ECJPAKE context to check. This must be
|
||||
* initialized.
|
||||
*
|
||||
* \return \c 0 if the context is ready for use.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
|
||||
*/
|
||||
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate and write the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes).
|
||||
*
|
||||
* \param ctx The ECJPAKE context to use. This must be
|
||||
* initialized and set up.
|
||||
* \param buf The buffer to write the contents to. This must be a
|
||||
* writable buffer of length \p len Bytes.
|
||||
* \param len The length of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number
|
||||
* of Bytes written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Read and process the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes).
|
||||
*
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized
|
||||
* and set up.
|
||||
* \param buf The buffer holding the first round message. This must
|
||||
* be a readable buffer of length \p len Bytes.
|
||||
* \param len The length in Bytes of \p buf.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Generate and write the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange).
|
||||
*
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized,
|
||||
* set up, and already have performed round one.
|
||||
* \param buf The buffer to write the round two contents to.
|
||||
* This must be a writable buffer of length \p len Bytes.
|
||||
* \param len The size of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number of Bytes
|
||||
* written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Read and process the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange).
|
||||
*
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized
|
||||
* and set up and already have performed round one.
|
||||
* \param buf The buffer holding the second round message. This must
|
||||
* be a readable buffer of length \p len Bytes.
|
||||
* \param len The length in Bytes of \p buf.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Derive the shared secret
|
||||
* (TLS: Pre-Master Secret).
|
||||
*
|
||||
* \param ctx The ECJPAKE context to use. This must be initialized,
|
||||
* set up and have performed both round one and two.
|
||||
* \param buf The buffer to write the derived secret to. This must
|
||||
* be a writable buffer of length \p len Bytes.
|
||||
* \param len The length of \p buf in Bytes.
|
||||
* \param olen The address at which to store the total number of Bytes
|
||||
* written to \p buf. This must not be \c NULL.
|
||||
* \param f_rng The RNG function to use. This must not be \c NULL.
|
||||
* \param p_rng The RNG parameter to be passed to \p f_rng. This
|
||||
* may be \c NULL if \p f_rng doesn't use a context.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This clears an ECJPAKE context and frees any
|
||||
* embedded data structure.
|
||||
*
|
||||
* \param ctx The ECJPAKE context to free. This may be \c NULL,
|
||||
* in which case this function does nothing. If it is not
|
||||
* \c NULL, it must point to an initialized ECJPAKE context.
|
||||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_ecjpake_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* ecjpake.h */
|
File diff suppressed because it is too large
Load diff
|
@ -1,299 +0,0 @@
|
|||
/**
|
||||
* \file ecp_internal.h
|
||||
*
|
||||
* \brief Function declarations for alternative implementation of elliptic curve
|
||||
* point arithmetic.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* References:
|
||||
*
|
||||
* [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records.
|
||||
* <http://cr.yp.to/ecdh/curve25519-20060209.pdf>
|
||||
*
|
||||
* [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
|
||||
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
|
||||
* Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
|
||||
* <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
|
||||
*
|
||||
* [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
|
||||
* render ECC resistant against Side Channel Attacks. IACR Cryptology
|
||||
* ePrint Archive, 2004, vol. 2004, p. 342.
|
||||
* <http://eprint.iacr.org/2004/342.pdf>
|
||||
*
|
||||
* [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters.
|
||||
* <http://www.secg.org/sec2-v2.pdf>
|
||||
*
|
||||
* [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic
|
||||
* Curve Cryptography.
|
||||
*
|
||||
* [6] Digital Signature Standard (DSS), FIPS 186-4.
|
||||
* <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
|
||||
*
|
||||
* [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
|
||||
* Security (TLS), RFC 4492.
|
||||
* <https://tools.ietf.org/search/rfc4492>
|
||||
*
|
||||
* [8] <http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html>
|
||||
*
|
||||
* [9] COHEN, Henri. A Course in Computational Algebraic Number Theory.
|
||||
* Springer Science & Business Media, 1 Aug 2000
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECP_INTERNAL_H
|
||||
#define MBEDTLS_ECP_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
|
||||
/**
|
||||
* \brief Indicate if the Elliptic Curve Point module extension can
|
||||
* handle the group.
|
||||
*
|
||||
* \param grp The pointer to the elliptic curve group that will be the
|
||||
* basis of the cryptographic computations.
|
||||
*
|
||||
* \return Non-zero if successful.
|
||||
*/
|
||||
unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
|
||||
|
||||
/**
|
||||
* \brief Initialise the Elliptic Curve Point module extension.
|
||||
*
|
||||
* If mbedtls_internal_ecp_grp_capable returns true for a
|
||||
* group, this function has to be able to initialise the
|
||||
* module for it.
|
||||
*
|
||||
* This module can be a driver to a crypto hardware
|
||||
* accelerator, for which this could be an initialise function.
|
||||
*
|
||||
* \param grp The pointer to the group the module needs to be
|
||||
* initialised for.
|
||||
*
|
||||
* \return 0 if successful.
|
||||
*/
|
||||
int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
|
||||
|
||||
/**
|
||||
* \brief Frees and deallocates the Elliptic Curve Point module
|
||||
* extension.
|
||||
*
|
||||
* \param grp The pointer to the group the module was initialised for.
|
||||
*/
|
||||
void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
|
||||
|
||||
#if defined(ECP_SHORTWEIERSTRASS)
|
||||
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
|
||||
/**
|
||||
* \brief Randomize jacobian coordinates:
|
||||
* (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l.
|
||||
*
|
||||
* \param grp Pointer to the group representing the curve.
|
||||
*
|
||||
* \param pt The point on the curve to be randomised, given with Jacobian
|
||||
* coordinates.
|
||||
*
|
||||
* \param f_rng A function pointer to the random number generator.
|
||||
*
|
||||
* \param p_rng A pointer to the random number generator state.
|
||||
*
|
||||
* \return 0 if successful.
|
||||
*/
|
||||
int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
|
||||
/**
|
||||
* \brief Addition: R = P + Q, mixed affine-Jacobian coordinates.
|
||||
*
|
||||
* The coordinates of Q must be normalized (= affine),
|
||||
* but those of P don't need to. R is not normalized.
|
||||
*
|
||||
* This function is used only as a subrutine of
|
||||
* ecp_mul_comb().
|
||||
*
|
||||
* Special cases: (1) P or Q is zero, (2) R is zero,
|
||||
* (3) P == Q.
|
||||
* None of these cases can happen as intermediate step in
|
||||
* ecp_mul_comb():
|
||||
* - at each step, P, Q and R are multiples of the base
|
||||
* point, the factor being less than its order, so none of
|
||||
* them is zero;
|
||||
* - Q is an odd multiple of the base point, P an even
|
||||
* multiple, due to the choice of precomputed points in the
|
||||
* modified comb method.
|
||||
* So branches for these cases do not leak secret information.
|
||||
*
|
||||
* We accept Q->Z being unset (saving memory in tables) as
|
||||
* meaning 1.
|
||||
*
|
||||
* Cost in field operations if done by [5] 3.22:
|
||||
* 1A := 8M + 3S
|
||||
*
|
||||
* \param grp Pointer to the group representing the curve.
|
||||
*
|
||||
* \param R Pointer to a point structure to hold the result.
|
||||
*
|
||||
* \param P Pointer to the first summand, given with Jacobian
|
||||
* coordinates
|
||||
*
|
||||
* \param Q Pointer to the second summand, given with affine
|
||||
* coordinates.
|
||||
*
|
||||
* \return 0 if successful.
|
||||
*/
|
||||
int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Point doubling R = 2 P, Jacobian coordinates.
|
||||
*
|
||||
* Cost: 1D := 3M + 4S (A == 0)
|
||||
* 4M + 4S (A == -3)
|
||||
* 3M + 6S + 1a otherwise
|
||||
* when the implementation is based on the "dbl-1998-cmo-2"
|
||||
* doubling formulas in [8] and standard optimizations are
|
||||
* applied when curve parameter A is one of { 0, -3 }.
|
||||
*
|
||||
* \param grp Pointer to the group representing the curve.
|
||||
*
|
||||
* \param R Pointer to a point structure to hold the result.
|
||||
*
|
||||
* \param P Pointer to the point that has to be doubled, given with
|
||||
* Jacobian coordinates.
|
||||
*
|
||||
* \return 0 if successful.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
|
||||
int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Normalize jacobian coordinates of an array of (pointers to)
|
||||
* points.
|
||||
*
|
||||
* Using Montgomery's trick to perform only one inversion mod P
|
||||
* the cost is:
|
||||
* 1N(t) := 1I + (6t - 3)M + 1S
|
||||
* (See for example Algorithm 10.3.4. in [9])
|
||||
*
|
||||
* This function is used only as a subrutine of
|
||||
* ecp_mul_comb().
|
||||
*
|
||||
* Warning: fails (returning an error) if one of the points is
|
||||
* zero!
|
||||
* This should never happen, see choice of w in ecp_mul_comb().
|
||||
*
|
||||
* \param grp Pointer to the group representing the curve.
|
||||
*
|
||||
* \param T Array of pointers to the points to normalise.
|
||||
*
|
||||
* \param t_len Number of elements in the array.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* an error if one of the points is zero.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
|
||||
int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *T[], size_t t_len );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Normalize jacobian coordinates so that Z == 0 || Z == 1.
|
||||
*
|
||||
* Cost in field operations if done by [5] 3.2.1:
|
||||
* 1N := 1I + 3M + 1S
|
||||
*
|
||||
* \param grp Pointer to the group representing the curve.
|
||||
*
|
||||
* \param pt pointer to the point to be normalised. This is an
|
||||
* input/output parameter.
|
||||
*
|
||||
* \return 0 if successful.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
|
||||
int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt );
|
||||
#endif
|
||||
|
||||
#endif /* ECP_SHORTWEIERSTRASS */
|
||||
|
||||
#if defined(ECP_MONTGOMERY)
|
||||
|
||||
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
|
||||
int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Randomize projective x/z coordinates:
|
||||
* (X, Z) -> (l X, l Z) for random l
|
||||
*
|
||||
* \param grp pointer to the group representing the curve
|
||||
*
|
||||
* \param P the point on the curve to be randomised given with
|
||||
* projective coordinates. This is an input/output parameter.
|
||||
*
|
||||
* \param f_rng a function pointer to the random number generator
|
||||
*
|
||||
* \param p_rng a pointer to the random number generator state
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
|
||||
int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Normalize Montgomery x/z coordinates: X = X/Z, Z = 1.
|
||||
*
|
||||
* \param grp pointer to the group representing the curve
|
||||
*
|
||||
* \param P pointer to the point to be normalised. This is an
|
||||
* input/output parameter.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
|
||||
int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *P );
|
||||
#endif
|
||||
|
||||
#endif /* ECP_MONTGOMERY */
|
||||
|
||||
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
|
||||
|
||||
#endif /* ecp_internal.h */
|
||||
|
|
@ -1,289 +0,0 @@
|
|||
/**
|
||||
* \file entropy.h
|
||||
*
|
||||
* \brief Entropy accumulator implementation
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ENTROPY_H
|
||||
#define MBEDTLS_ENTROPY_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
|
||||
#include "sha512.h"
|
||||
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
|
||||
#else
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
|
||||
#include "sha256.h"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
#include "havege.h"
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
|
||||
#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
|
||||
#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
|
||||
#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */
|
||||
#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
|
||||
#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
|
||||
#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
|
||||
#else
|
||||
#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
|
||||
#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
|
||||
|
||||
#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */
|
||||
#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Entropy poll callback pointer
|
||||
*
|
||||
* \param data Callback-specific data pointer
|
||||
* \param output Data to fill
|
||||
* \param len Maximum size to provide
|
||||
* \param olen The actual amount of bytes put into the buffer (Can be 0)
|
||||
*
|
||||
* \return 0 if no critical failures occurred,
|
||||
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
|
||||
*/
|
||||
typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
|
||||
size_t *olen);
|
||||
|
||||
/**
|
||||
* \brief Entropy source state
|
||||
*/
|
||||
typedef struct mbedtls_entropy_source_state
|
||||
{
|
||||
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
|
||||
void * p_source; /**< The callback data pointer */
|
||||
size_t size; /**< Amount received in bytes */
|
||||
size_t threshold; /**< Minimum bytes required before release */
|
||||
int strong; /**< Is the source strong? */
|
||||
}
|
||||
mbedtls_entropy_source_state;
|
||||
|
||||
/**
|
||||
* \brief Entropy context structure
|
||||
*/
|
||||
typedef struct mbedtls_entropy_context
|
||||
{
|
||||
int accumulator_started;
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_context accumulator;
|
||||
#else
|
||||
mbedtls_sha256_context accumulator;
|
||||
#endif
|
||||
int source_count;
|
||||
mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
mbedtls_havege_state havege_data;
|
||||
#endif
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex; /*!< mutex */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
int initial_entropy_run;
|
||||
#endif
|
||||
}
|
||||
mbedtls_entropy_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize the context
|
||||
*
|
||||
* \param ctx Entropy context to initialize
|
||||
*/
|
||||
void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the data in the context
|
||||
*
|
||||
* \param ctx Entropy context to free
|
||||
*/
|
||||
void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Adds an entropy source to poll
|
||||
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param f_source Entropy function
|
||||
* \param p_source Function data
|
||||
* \param threshold Minimum required from source before entropy is released
|
||||
* ( with mbedtls_entropy_func() ) (in bytes)
|
||||
* \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
|
||||
* MBEDTLS_ENTROPY_SOURCE_WEAK.
|
||||
* At least one strong source needs to be added.
|
||||
* Weaker sources (such as the cycle counter) can be used as
|
||||
* a complement.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
|
||||
*/
|
||||
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
|
||||
mbedtls_entropy_f_source_ptr f_source, void *p_source,
|
||||
size_t threshold, int strong );
|
||||
|
||||
/**
|
||||
* \brief Trigger an extra gather poll for the accumulator
|
||||
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Retrieve entropy from the accumulator
|
||||
* (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
|
||||
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
||||
*
|
||||
* \param data Entropy context
|
||||
* \param output Buffer to fill
|
||||
* \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Add data to the accumulator manually
|
||||
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param data Data to add
|
||||
* \param len Length of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
|
||||
const unsigned char *data, size_t len );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
/**
|
||||
* \brief Trigger an update of the seed file in NV by using the
|
||||
* current entropy pool.
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
|
||||
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
|
||||
* read from the seed file. The rest is ignored.
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
|
||||
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* This module self-test also calls the entropy self-test,
|
||||
* mbedtls_entropy_source_self_test();
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_entropy_self_test( int verbose );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* Verifies the integrity of the hardware entropy source
|
||||
* provided by the function 'mbedtls_hardware_poll()'.
|
||||
*
|
||||
* Note this is the only hardware entropy source that is known
|
||||
* at link time, and other entropy sources configured
|
||||
* dynamically at runtime by the function
|
||||
* mbedtls_entropy_add_source() will not be tested.
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_entropy_source_self_test( int verbose );
|
||||
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* entropy.h */
|
|
@ -1,110 +0,0 @@
|
|||
/**
|
||||
* \file entropy_poll.h
|
||||
*
|
||||
* \brief Platform-specific and custom entropy polling functions
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ENTROPY_POLL_H
|
||||
#define MBEDTLS_ENTROPY_POLL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Default thresholds for built-in sources, in bytes
|
||||
*/
|
||||
#define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */
|
||||
#define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */
|
||||
#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */
|
||||
#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
|
||||
#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Entropy poll callback that provides 0 entropy.
|
||||
*/
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
int mbedtls_null_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
||||
/**
|
||||
* \brief Platform-specific entropy poll callback
|
||||
*/
|
||||
int mbedtls_platform_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
/**
|
||||
* \brief HAVEGE based entropy poll callback
|
||||
*
|
||||
* Requires an HAVEGE state as its data pointer.
|
||||
*/
|
||||
int mbedtls_havege_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
/**
|
||||
* \brief mbedtls_timing_hardclock-based entropy poll callback
|
||||
*/
|
||||
int mbedtls_hardclock_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
/**
|
||||
* \brief Entropy poll callback for a hardware source
|
||||
*
|
||||
* \warning This is not provided by mbed TLS!
|
||||
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
|
||||
*
|
||||
* \note This must accept NULL as its first argument.
|
||||
*/
|
||||
int mbedtls_hardware_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
/**
|
||||
* \brief Entropy poll callback for a non-volatile seed file
|
||||
*
|
||||
* \note This must accept NULL as its first argument.
|
||||
*/
|
||||
int mbedtls_nv_seed_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* entropy_poll.h */
|
|
@ -25,7 +25,7 @@
|
|||
#define MBEDTLS_ERROR_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
|
|
@ -1,326 +0,0 @@
|
|||
/**
|
||||
* \file gcm.h
|
||||
*
|
||||
* \brief This file contains GCM definitions and functions.
|
||||
*
|
||||
* The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
*
|
||||
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
|
||||
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_GCM_H
|
||||
#define MBEDTLS_GCM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_GCM_ENCRYPT 1
|
||||
#define MBEDTLS_GCM_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
|
||||
|
||||
/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
/**
|
||||
* \brief The GCM context structure.
|
||||
*/
|
||||
typedef struct mbedtls_gcm_context
|
||||
{
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
uint64_t HL[16]; /*!< Precalculated HTable low. */
|
||||
uint64_t HH[16]; /*!< Precalculated HTable high. */
|
||||
uint64_t len; /*!< The total length of the encrypted data. */
|
||||
uint64_t add_len; /*!< The total length of the additional data. */
|
||||
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
|
||||
unsigned char y[16]; /*!< The Y working value. */
|
||||
unsigned char buf[16]; /*!< The buf working value. */
|
||||
int mode; /*!< The operation to perform:
|
||||
#MBEDTLS_GCM_ENCRYPT or
|
||||
#MBEDTLS_GCM_DECRYPT. */
|
||||
}
|
||||
mbedtls_gcm_context;
|
||||
|
||||
#else /* !MBEDTLS_GCM_ALT */
|
||||
#include "gcm_alt.h"
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified GCM context,
|
||||
* to make references valid, and prepares the context
|
||||
* for mbedtls_gcm_setkey() or mbedtls_gcm_free().
|
||||
*
|
||||
* The function does not bind the GCM context to a particular
|
||||
* cipher, nor set the key. For this purpose, use
|
||||
* mbedtls_gcm_setkey().
|
||||
*
|
||||
* \param ctx The GCM context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function associates a GCM context with a
|
||||
* cipher algorithm and a key.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key. This must be a readable buffer of at
|
||||
* least \p keybits bits.
|
||||
* \param keybits The key size in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function performs GCM encryption or decryption of a buffer.
|
||||
*
|
||||
* \note For encryption, the output buffer can be the same as the
|
||||
* input buffer. For decryption, the output buffer cannot be
|
||||
* the same as input buffer. If the buffers overlap, the output
|
||||
* buffer must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \warning When this function performs a decryption, it outputs the
|
||||
* authentication tag and does not verify that the data is
|
||||
* authentic. You should use this function to perform encryption
|
||||
* only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
|
||||
*
|
||||
* \param ctx The GCM context to use for encryption or decryption. This
|
||||
* must be initialized.
|
||||
* \param mode The operation to perform:
|
||||
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
|
||||
* The ciphertext is written to \p output and the
|
||||
* authentication tag is written to \p tag.
|
||||
* - #MBEDTLS_GCM_DECRYPT to perform decryption.
|
||||
* The plaintext is written to \p output and the
|
||||
* authentication tag is written to \p tag.
|
||||
* Note that this mode is not recommended, because it does
|
||||
* not verify the authenticity of the data. For this reason,
|
||||
* you should use mbedtls_gcm_auth_decrypt() instead of
|
||||
* calling this function in decryption mode.
|
||||
* \param length The length of the input data, which is equal to the length
|
||||
* of the output data.
|
||||
* \param iv The initialization vector. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data. This must be of at
|
||||
* least that size in Bytes.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param output The buffer for holding the output data. If \p length is greater
|
||||
* than zero, this must be a writable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param tag_len The length of the tag to generate.
|
||||
* \param tag The buffer for holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
*
|
||||
* \return \c 0 if the encryption or decryption was performed
|
||||
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
|
||||
* this does not indicate that the data is authentic.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||
* not valid or a cipher-specific error code if the encryption
|
||||
* or decryption failed.
|
||||
*/
|
||||
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len,
|
||||
const unsigned char *add,
|
||||
size_t add_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
size_t tag_len,
|
||||
unsigned char *tag );
|
||||
|
||||
/**
|
||||
* \brief This function performs a GCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param length The length of the ciphertext to decrypt, which is also
|
||||
* the length of the decrypted plaintext.
|
||||
* \param iv The initialization vector. This must be a readable buffer
|
||||
* of at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data. This must be of at
|
||||
* least that size in Bytes.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param tag The buffer holding the tag to verify. This must be a
|
||||
* readable buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to verify.
|
||||
* \param input The buffer holding the ciphertext. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size.
|
||||
* \param output The buffer for holding the decrypted plaintext. If \p length
|
||||
* is greater than zero, this must be a writable buffer of at
|
||||
* least that size.
|
||||
*
|
||||
* \return \c 0 if successful and authenticated.
|
||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||
* not valid or a cipher-specific error code if the decryption
|
||||
* failed.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len,
|
||||
const unsigned char *add,
|
||||
size_t add_len,
|
||||
const unsigned char *tag,
|
||||
size_t tag_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function starts a GCM encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or \c NULL
|
||||
* if \p add_len is \c 0.
|
||||
* \param add_len The length of the additional data. If \c 0,
|
||||
* \p add may be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len,
|
||||
const unsigned char *add,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing GCM
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* ` The function expects input to be a multiple of 16
|
||||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param output The buffer for holding the output data. If \p length is
|
||||
* greater than zero, this must be a writable buffer of at
|
||||
* least that size in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the GCM operation and generates
|
||||
* the authentication tag.
|
||||
*
|
||||
* It wraps up the GCM stream, and generates the
|
||||
* tag. The tag can have a maximum length of 16 Bytes.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param tag The buffer for holding the tag. This must be a readable
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to generate. This must be at least
|
||||
* four.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function clears a GCM context and the underlying
|
||||
* cipher sub-context.
|
||||
*
|
||||
* \param ctx The GCM context to clear. If this is \c NULL, the call has
|
||||
* no effect. Otherwise, this must be initialized.
|
||||
*/
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief The GCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_gcm_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* gcm.h */
|
|
@ -1,82 +0,0 @@
|
|||
/**
|
||||
* \file havege.h
|
||||
*
|
||||
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_HAVEGE_H
|
||||
#define MBEDTLS_HAVEGE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief HAVEGE state structure
|
||||
*/
|
||||
typedef struct mbedtls_havege_state
|
||||
{
|
||||
uint32_t PT1, PT2, offset[2];
|
||||
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
|
||||
uint32_t WALK[8192];
|
||||
}
|
||||
mbedtls_havege_state;
|
||||
|
||||
/**
|
||||
* \brief HAVEGE initialization
|
||||
*
|
||||
* \param hs HAVEGE state to be initialized
|
||||
*/
|
||||
void mbedtls_havege_init( mbedtls_havege_state *hs );
|
||||
|
||||
/**
|
||||
* \brief Clear HAVEGE state
|
||||
*
|
||||
* \param hs HAVEGE state to be cleared
|
||||
*/
|
||||
void mbedtls_havege_free( mbedtls_havege_state *hs );
|
||||
|
||||
/**
|
||||
* \brief HAVEGE rand function
|
||||
*
|
||||
* \param p_rng A HAVEGE state
|
||||
* \param output Buffer to fill
|
||||
* \param len Length of buffer
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* havege.h */
|
|
@ -1,141 +0,0 @@
|
|||
/**
|
||||
* \file hkdf.h
|
||||
*
|
||||
* \brief This file contains the HKDF interface.
|
||||
*
|
||||
* The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is
|
||||
* specified by RFC 5869.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_HKDF_H
|
||||
#define MBEDTLS_HKDF_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
|
||||
/**
|
||||
* \name HKDF Error codes
|
||||
* \{
|
||||
*/
|
||||
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 /**< Bad input parameters to function. */
|
||||
/* \} name */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This is the HMAC-based Extract-and-Expand Key Derivation Function
|
||||
* (HKDF).
|
||||
*
|
||||
* \param md A hash function; md.size denotes the length of the hash
|
||||
* function output in bytes.
|
||||
* \param salt An optional salt value (a non-secret random value);
|
||||
* if the salt is not provided, a string of all zeros of
|
||||
* md.size length is used as the salt.
|
||||
* \param salt_len The length in bytes of the optional \p salt.
|
||||
* \param ikm The input keying material.
|
||||
* \param ikm_len The length in bytes of \p ikm.
|
||||
* \param info An optional context and application specific information
|
||||
* string. This can be a zero-length string.
|
||||
* \param info_len The length of \p info in bytes.
|
||||
* \param okm The output keying material of \p okm_len bytes.
|
||||
* \param okm_len The length of the output keying material in bytes. This
|
||||
* must be less than or equal to 255 * md.size bytes.
|
||||
*
|
||||
* \return 0 on success.
|
||||
* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
|
||||
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
|
||||
* MD layer.
|
||||
*/
|
||||
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
|
||||
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
unsigned char *okm, size_t okm_len );
|
||||
|
||||
/**
|
||||
* \brief Take the input keying material \p ikm and extract from it a
|
||||
* fixed-length pseudorandom key \p prk.
|
||||
*
|
||||
* \warning This function should only be used if the security of it has been
|
||||
* studied and established in that particular context (eg. TLS 1.3
|
||||
* key schedule). For standard HKDF security guarantees use
|
||||
* \c mbedtls_hkdf instead.
|
||||
*
|
||||
* \param md A hash function; md.size denotes the length of the
|
||||
* hash function output in bytes.
|
||||
* \param salt An optional salt value (a non-secret random value);
|
||||
* if the salt is not provided, a string of all zeros
|
||||
* of md.size length is used as the salt.
|
||||
* \param salt_len The length in bytes of the optional \p salt.
|
||||
* \param ikm The input keying material.
|
||||
* \param ikm_len The length in bytes of \p ikm.
|
||||
* \param[out] prk A pseudorandom key of at least md.size bytes.
|
||||
*
|
||||
* \return 0 on success.
|
||||
* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
|
||||
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
|
||||
* MD layer.
|
||||
*/
|
||||
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
unsigned char *prk );
|
||||
|
||||
/**
|
||||
* \brief Expand the supplied \p prk into several additional pseudorandom
|
||||
* keys, which is the output of the HKDF.
|
||||
*
|
||||
* \warning This function should only be used if the security of it has been
|
||||
* studied and established in that particular context (eg. TLS 1.3
|
||||
* key schedule). For standard HKDF security guarantees use
|
||||
* \c mbedtls_hkdf instead.
|
||||
*
|
||||
* \param md A hash function; md.size denotes the length of the hash
|
||||
* function output in bytes.
|
||||
* \param prk A pseudorandom key of at least md.size bytes. \p prk is
|
||||
* usually the output from the HKDF extract step.
|
||||
* \param prk_len The length in bytes of \p prk.
|
||||
* \param info An optional context and application specific information
|
||||
* string. This can be a zero-length string.
|
||||
* \param info_len The length of \p info in bytes.
|
||||
* \param okm The output keying material of \p okm_len bytes.
|
||||
* \param okm_len The length of the output keying material in bytes. This
|
||||
* must be less than or equal to 255 * md.size bytes.
|
||||
*
|
||||
* \return 0 on success.
|
||||
* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
|
||||
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
|
||||
* MD layer.
|
||||
*/
|
||||
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
|
||||
size_t prk_len, const unsigned char *info,
|
||||
size_t info_len, unsigned char *okm, size_t okm_len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* hkdf.h */
|
|
@ -1,334 +0,0 @@
|
|||
/**
|
||||
* \file hmac_drbg.h
|
||||
*
|
||||
* \brief HMAC_DRBG (NIST SP 800-90A)
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_HMAC_DRBG_H
|
||||
#define MBEDTLS_HMAC_DRBG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Error codes
|
||||
*/
|
||||
#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003 /**< Too many random requested in single call. */
|
||||
#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005 /**< Input too large (Entropy + additional). */
|
||||
#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007 /**< Read/write error in file. */
|
||||
#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009 /**< The entropy source failed. */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
|
||||
#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
|
||||
#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
|
||||
#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
|
||||
#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */
|
||||
#define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* HMAC_DRBG context.
|
||||
*/
|
||||
typedef struct mbedtls_hmac_drbg_context
|
||||
{
|
||||
/* Working state: the key K is not stored explicitly,
|
||||
* but is implied by the HMAC context */
|
||||
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
|
||||
unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
|
||||
int reseed_counter; /*!< reseed counter */
|
||||
|
||||
/* Administrative state */
|
||||
size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
|
||||
int prediction_resistance; /*!< enable prediction resistance (Automatic
|
||||
reseed before every random generation) */
|
||||
int reseed_interval; /*!< reseed interval */
|
||||
|
||||
/* Callbacks */
|
||||
int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
} mbedtls_hmac_drbg_context;
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG context initialization
|
||||
* Makes the context ready for mbedtls_hmac_drbg_seed(),
|
||||
* mbedtls_hmac_drbg_seed_buf() or
|
||||
* mbedtls_hmac_drbg_free().
|
||||
*
|
||||
* \param ctx HMAC_DRBG context to be initialized
|
||||
*/
|
||||
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG initial seeding
|
||||
* Seed and setup entropy source for future reseeds.
|
||||
*
|
||||
* \param ctx HMAC_DRBG context to be seeded
|
||||
* \param md_info MD algorithm to use for HMAC_DRBG
|
||||
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
|
||||
* length)
|
||||
* \param p_entropy Entropy context
|
||||
* \param custom Personalization data (Device specific identifiers)
|
||||
* (Can be NULL)
|
||||
* \param len Length of personalization data
|
||||
*
|
||||
* \note The "security strength" as defined by NIST is set to:
|
||||
* 128 bits if md_alg is SHA-1,
|
||||
* 192 bits if md_alg is SHA-224,
|
||||
* 256 bits if md_alg is SHA-256 or higher.
|
||||
* Note that SHA-256 is just as efficient as SHA-224.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_MD_ALLOC_FAILED, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
|
||||
*/
|
||||
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
||||
const mbedtls_md_info_t * md_info,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
|
||||
* (For use with deterministic ECDSA.)
|
||||
*
|
||||
* \param ctx HMAC_DRBG context to be initialised
|
||||
* \param md_info MD algorithm to use for HMAC_DRBG
|
||||
* \param data Concatenation of entropy string and additional data
|
||||
* \param data_len Length of data in bytes
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_MD_ALLOC_FAILED.
|
||||
*/
|
||||
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
|
||||
const mbedtls_md_info_t * md_info,
|
||||
const unsigned char *data, size_t data_len );
|
||||
|
||||
/**
|
||||
* \brief Enable / disable prediction resistance (Default: Off)
|
||||
*
|
||||
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
|
||||
* Only use this if you have ample supply of good entropy!
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param resistance MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
|
||||
*/
|
||||
void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
|
||||
int resistance );
|
||||
|
||||
/**
|
||||
* \brief Set the amount of entropy grabbed on each reseed
|
||||
* (Default: given by the security strength, which
|
||||
* depends on the hash used, see \c mbedtls_hmac_drbg_init() )
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param len Amount of entropy to grab, in bytes
|
||||
*/
|
||||
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Set the reseed interval
|
||||
* (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param interval Reseed interval
|
||||
*/
|
||||
void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
|
||||
int interval );
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG update state
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param additional Additional data to update state with, or NULL
|
||||
* \param add_len Length of additional data, or 0
|
||||
*
|
||||
* \return \c 0 on success, or an error from the underlying
|
||||
* hash calculation.
|
||||
*
|
||||
* \note Additional data is optional, pass NULL and 0 as second
|
||||
* third argument if no additional data is being used.
|
||||
*/
|
||||
int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG reseeding (extracts data from entropy source)
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param additional Additional data to add to state (Can be NULL)
|
||||
* \param len Length of additional data
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG generate random with additional update input
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
|
||||
*
|
||||
* \param p_rng HMAC_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param additional Additional data to update with (can be NULL)
|
||||
* \param add_len Length of additional data (can be 0)
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
|
||||
*/
|
||||
int mbedtls_hmac_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief HMAC_DRBG generate random
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
|
||||
*
|
||||
* \param p_rng HMAC_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param out_len Length of the buffer
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
|
||||
*/
|
||||
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
|
||||
|
||||
/**
|
||||
* \brief Free an HMAC_DRBG context
|
||||
*
|
||||
* \param ctx HMAC_DRBG context to free.
|
||||
*/
|
||||
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief HMAC_DRBG update state
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
|
||||
* in 2.16.0.
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param additional Additional data to update state with, or NULL
|
||||
* \param add_len Length of additional data, or 0
|
||||
*
|
||||
* \note Additional data is optional, pass NULL and 0 as second
|
||||
* third argument if no additional data is being used.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
|
||||
mbedtls_hmac_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful, 1 on file error, or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance
|
||||
*
|
||||
* \param ctx HMAC_DRBG context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful, 1 on file error,
|
||||
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
|
||||
*/
|
||||
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_hmac_drbg_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* hmac_drbg.h */
|
|
@ -1,474 +0,0 @@
|
|||
/**
|
||||
* \file md.h
|
||||
*
|
||||
* \brief This file contains the generic message-digest wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_MD_H
|
||||
#define MBEDTLS_MD_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
|
||||
|
||||
/* MBEDTLS_ERR_MD_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Supported message digests.
|
||||
*
|
||||
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
|
||||
* their use constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_MD_NONE=0, /**< None. */
|
||||
MBEDTLS_MD_MD2, /**< The MD2 message digest. */
|
||||
MBEDTLS_MD_MD4, /**< The MD4 message digest. */
|
||||
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
|
||||
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
|
||||
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
|
||||
MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
|
||||
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
|
||||
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
|
||||
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
|
||||
} mbedtls_md_type_t;
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
|
||||
#else
|
||||
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
|
||||
#else
|
||||
#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Opaque struct defined in md_internal.h.
|
||||
*/
|
||||
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
|
||||
|
||||
/**
|
||||
* The generic message-digest context.
|
||||
*/
|
||||
typedef struct mbedtls_md_context_t
|
||||
{
|
||||
/** Information about the associated message digest. */
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
/** The digest-specific context. */
|
||||
void *md_ctx;
|
||||
|
||||
/** The HMAC part of the context. */
|
||||
void *hmac_ctx;
|
||||
} mbedtls_md_context_t;
|
||||
|
||||
/**
|
||||
* \brief This function returns the list of digests supported by the
|
||||
* generic digest module.
|
||||
*
|
||||
* \return A statically allocated array of digests. Each element
|
||||
* in the returned list is an integer belonging to the
|
||||
* message-digest enumeration #mbedtls_md_type_t.
|
||||
* The last entry is 0.
|
||||
*/
|
||||
const int *mbedtls_md_list( void );
|
||||
|
||||
/**
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest name.
|
||||
*
|
||||
* \param md_name The name of the digest to search for.
|
||||
*
|
||||
* \return The message-digest information associated with \p md_name.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
||||
|
||||
/**
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest type.
|
||||
*
|
||||
* \param md_type The type of digest to search for.
|
||||
*
|
||||
* \return The message-digest information associated with \p md_type.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
|
||||
|
||||
/**
|
||||
* \brief This function initializes a message-digest context without
|
||||
* binding it to a particular message-digest algorithm.
|
||||
*
|
||||
* This function should always be called first. It prepares the
|
||||
* context for mbedtls_md_setup() for binding it to a
|
||||
* message-digest algorithm.
|
||||
*/
|
||||
void mbedtls_md_init( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears the internal structure of \p ctx and
|
||||
* frees any embedded internal structure, but does not free
|
||||
* \p ctx itself.
|
||||
*
|
||||
* If you have called mbedtls_md_setup() on \p ctx, you must
|
||||
* call mbedtls_md_free() when you are no longer using the
|
||||
* context.
|
||||
* Calling this function if you have previously
|
||||
* called mbedtls_md_init() and nothing else is optional.
|
||||
* You must not call this function if you have not called
|
||||
* mbedtls_md_init().
|
||||
*/
|
||||
void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* It should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md_setup() in 2.0.0
|
||||
*
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* It should be called after mbedtls_md_init() or
|
||||
* mbedtls_md_free(). Makes it necessary to call
|
||||
* mbedtls_md_free() later.
|
||||
*
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
|
||||
* or non-zero: HMAC is used with this context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of an message-digest
|
||||
* context.
|
||||
*
|
||||
* \note You must call mbedtls_md_setup() on \c dst before calling
|
||||
* this function.
|
||||
*
|
||||
* \note The two contexts must have the same type,
|
||||
* for example, both are SHA-256.
|
||||
*
|
||||
* \warning This function clones the message-digest state, not the
|
||||
* HMAC state.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to be cloned.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
||||
/**
|
||||
* \brief This function extracts the message-digest size from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return The size of the message-digest output in Bytes.
|
||||
*/
|
||||
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief This function extracts the message-digest type from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return The type of the message digest.
|
||||
*/
|
||||
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief This function extracts the message-digest name from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return The name of the message digest.
|
||||
*/
|
||||
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief This function starts a message-digest computation.
|
||||
*
|
||||
* You must call this function after setting up the context
|
||||
* with mbedtls_md_setup(), and before passing data with
|
||||
* mbedtls_md_update().
|
||||
*
|
||||
* \param ctx The generic message-digest context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* message-digest computation.
|
||||
*
|
||||
* You must call mbedtls_md_starts() before calling this
|
||||
* function. You may call this function multiple times.
|
||||
* Afterwards, call mbedtls_md_finish().
|
||||
*
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the digest operation,
|
||||
* and writes the result to the output buffer.
|
||||
*
|
||||
* Call this function after a call to mbedtls_md_starts(),
|
||||
* followed by any number of calls to mbedtls_md_update().
|
||||
* Afterwards, you may either clear the context with
|
||||
* mbedtls_md_free(), or call mbedtls_md_starts() to reuse
|
||||
* the context for another digest operation with the same
|
||||
* algorithm.
|
||||
*
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param output The buffer for the generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief This function calculates the message-digest of a buffer,
|
||||
* with respect to a configurable message-digest algorithm
|
||||
* in a single call.
|
||||
*
|
||||
* The result is calculated as
|
||||
* Output = message_digest(input buffer).
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief This function calculates the message-digest checksum
|
||||
* result of the contents of the provided file.
|
||||
*
|
||||
* The result is calculated as
|
||||
* Output = message_digest(file contents).
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param path The input file name.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
|
||||
* the file pointed by \p path.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
*/
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief This function sets the HMAC key and prepares to
|
||||
* authenticate a new message.
|
||||
*
|
||||
* Call this function after mbedtls_md_setup(), to use
|
||||
* the MD context for an HMAC calculation, then call
|
||||
* mbedtls_md_hmac_update() to provide the input data, and
|
||||
* mbedtls_md_hmac_finish() to get the HMAC value.
|
||||
*
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC key in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing HMAC
|
||||
* computation.
|
||||
*
|
||||
* Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* before calling this function.
|
||||
* You may call this function multiple times to pass the
|
||||
* input piecewise.
|
||||
* Afterwards, call mbedtls_md_hmac_finish().
|
||||
*
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the HMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* Call this function after mbedtls_md_hmac_starts() and
|
||||
* mbedtls_md_hmac_update() to get the HMAC value. Afterwards
|
||||
* you may either call mbedtls_md_free() to clear the context,
|
||||
* or call mbedtls_md_hmac_reset() to reuse the context with
|
||||
* the same HMAC key.
|
||||
*
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param output The generic HMAC checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief This function prepares to authenticate a new message with
|
||||
* the same key as the previous HMAC operation.
|
||||
*
|
||||
* You may call this function after mbedtls_md_hmac_finish().
|
||||
* Afterwards call mbedtls_md_hmac_update() to pass the new
|
||||
* input.
|
||||
*
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function calculates the full generic HMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The HMAC result is calculated as
|
||||
* output = generic HMAC(hmac key, input buffer).
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC secret key in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic HMAC result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/* Internal use */
|
||||
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_H */
|
|
@ -1,306 +0,0 @@
|
|||
/**
|
||||
* \file md2.h
|
||||
*
|
||||
* \brief MD2 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD2_H
|
||||
#define MBEDTLS_MD2_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/* MBEDTLS_ERR_MD2_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD2 context structure
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_md2_context
|
||||
{
|
||||
unsigned char cksum[16]; /*!< checksum of the data block */
|
||||
unsigned char state[48]; /*!< intermediate digest state */
|
||||
unsigned char buffer[16]; /*!< data block being processed */
|
||||
size_t left; /*!< amount of data in buffer */
|
||||
}
|
||||
mbedtls_md2_context;
|
||||
|
||||
#else /* MBEDTLS_MD2_ALT */
|
||||
#include "md2_alt.h"
|
||||
#endif /* MBEDTLS_MD2_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_init( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be cleared
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_free( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) an MD2 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
||||
const mbedtls_md2_context *src );
|
||||
|
||||
/**
|
||||
* \brief MD2 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD2 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_md2.h */
|
|
@ -1,311 +0,0 @@
|
|||
/**
|
||||
* \file md4.h
|
||||
*
|
||||
* \brief MD4 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD4_H
|
||||
#define MBEDTLS_MD4_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_MD4_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD4 context structure
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_md4_context
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[4]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
}
|
||||
mbedtls_md4_context;
|
||||
|
||||
#else /* MBEDTLS_MD4_ALT */
|
||||
#include "md4_alt.h"
|
||||
#endif /* MBEDTLS_MD4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_init( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be cleared
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_free( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) an MD4 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
||||
const mbedtls_md4_context *src );
|
||||
|
||||
/**
|
||||
* \brief MD4 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*/
|
||||
int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD4 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_md4.h */
|
|
@ -1,311 +0,0 @@
|
|||
/**
|
||||
* \file md5.h
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_MD5_H
|
||||
#define MBEDTLS_MD5_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_MD5_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_md5_context
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[4]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
}
|
||||
mbedtls_md5_context;
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_init( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be cleared
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_free( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) an MD5 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
||||
const mbedtls_md5_context *src );
|
||||
|
||||
/**
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_md5.h */
|
|
@ -1,115 +0,0 @@
|
|||
/**
|
||||
* \file md_internal.h
|
||||
*
|
||||
* \brief Message digest wrappers.
|
||||
*
|
||||
* \warning This in an internal header. Do not include directly.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_MD_WRAP_H
|
||||
#define MBEDTLS_MD_WRAP_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Message digest information.
|
||||
* Allows message digest functions to be called in a generic way.
|
||||
*/
|
||||
struct mbedtls_md_info_t
|
||||
{
|
||||
/** Digest identifier */
|
||||
mbedtls_md_type_t type;
|
||||
|
||||
/** Name of the message digest */
|
||||
const char * name;
|
||||
|
||||
/** Output length of the digest function in bytes */
|
||||
int size;
|
||||
|
||||
/** Block length of the digest function in bytes */
|
||||
int block_size;
|
||||
|
||||
/** Digest initialisation function */
|
||||
int (*starts_func)( void *ctx );
|
||||
|
||||
/** Digest update function */
|
||||
int (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/** Digest finalisation function */
|
||||
int (*finish_func)( void *ctx, unsigned char *output );
|
||||
|
||||
/** Generic digest function */
|
||||
int (*digest_func)( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
/** Free the given context */
|
||||
void (*ctx_free_func)( void *ctx );
|
||||
|
||||
/** Clone state from a context */
|
||||
void (*clone_func)( void *dst, const void *src );
|
||||
|
||||
/** Internal use only */
|
||||
int (*process_func)( void *ctx, const unsigned char *input );
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
extern const mbedtls_md_info_t mbedtls_md2_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
extern const mbedtls_md_info_t mbedtls_md4_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
extern const mbedtls_md_info_t mbedtls_md5_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
extern const mbedtls_md_info_t mbedtls_ripemd160_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
extern const mbedtls_md_info_t mbedtls_sha1_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
extern const mbedtls_md_info_t mbedtls_sha224_info;
|
||||
extern const mbedtls_md_info_t mbedtls_sha256_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
extern const mbedtls_md_info_t mbedtls_sha384_info;
|
||||
extern const mbedtls_md_info_t mbedtls_sha512_info;
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_WRAP_H */
|
|
@ -1,151 +0,0 @@
|
|||
/**
|
||||
* \file memory_buffer_alloc.h
|
||||
*
|
||||
* \brief Buffer-based memory allocator
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
|
||||
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
|
||||
#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_MEMORY_VERIFY_NONE 0
|
||||
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
|
||||
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
|
||||
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Initialize use of stack-based memory allocator.
|
||||
* The stack-based allocator does memory management inside the
|
||||
* presented buffer and does not call calloc() and free().
|
||||
* It sets the global mbedtls_calloc() and mbedtls_free() pointers
|
||||
* to its own functions.
|
||||
* (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
|
||||
* MBEDTLS_THREADING_C is defined)
|
||||
*
|
||||
* \note This code is not optimized and provides a straight-forward
|
||||
* implementation of a stack-based memory allocator.
|
||||
*
|
||||
* \param buf buffer to use as heap
|
||||
* \param len size of the buffer
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Free the mutex for thread-safety and clear remaining memory
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_free( void );
|
||||
|
||||
/**
|
||||
* \brief Determine when the allocator should automatically verify the state
|
||||
* of the entire chain of headers / meta-data.
|
||||
* (Default: MBEDTLS_MEMORY_VERIFY_NONE)
|
||||
*
|
||||
* \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
|
||||
* MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
|
||||
*/
|
||||
void mbedtls_memory_buffer_set_verify( int verify );
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
/**
|
||||
* \brief Print out the status of the allocated memory (primarily for use
|
||||
* after a program should have de-allocated all memory)
|
||||
* Prints out a list of 'still allocated' blocks and their stack
|
||||
* trace if MBEDTLS_MEMORY_BACKTRACE is defined.
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_status( void );
|
||||
|
||||
/**
|
||||
* \brief Get the peak heap usage so far
|
||||
*
|
||||
* \param max_used Peak number of bytes in use or committed. This
|
||||
* includes bytes in allocated blocks too small to split
|
||||
* into smaller blocks but larger than the requested size.
|
||||
* \param max_blocks Peak number of blocks in use, including free and used
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
|
||||
|
||||
/**
|
||||
* \brief Reset peak statistics
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_max_reset( void );
|
||||
|
||||
/**
|
||||
* \brief Get the current heap usage
|
||||
*
|
||||
* \param cur_used Current number of bytes in use or committed. This
|
||||
* includes bytes in allocated blocks too small to split
|
||||
* into smaller blocks but larger than the requested size.
|
||||
* \param cur_blocks Current number of blocks in use, including free and used
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
|
||||
#endif /* MBEDTLS_MEMORY_DEBUG */
|
||||
|
||||
/**
|
||||
* \brief Verifies that all headers in the memory buffer are correct
|
||||
* and contain sane values. Helps debug buffer-overflow errors.
|
||||
*
|
||||
* Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
|
||||
* Prints out full header information if MBEDTLS_MEMORY_DEBUG
|
||||
* is defined. (Includes stack trace information for each block if
|
||||
* MBEDTLS_MEMORY_BACKTRACE is defined as well).
|
||||
*
|
||||
* \return 0 if verified, 1 otherwise
|
||||
*/
|
||||
int mbedtls_memory_buffer_alloc_verify( void );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_memory_buffer_alloc_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* memory_buffer_alloc.h */
|
|
@ -24,13 +24,13 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "net_sockets.h"
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
|
|
|
@ -41,12 +41,12 @@
|
|||
#define MBEDTLS_NET_SOCKETS_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
|
|
@ -1,184 +0,0 @@
|
|||
/**
|
||||
* \file nist_kw.h
|
||||
*
|
||||
* \brief This file provides an API for key wrapping (KW) and key wrapping with
|
||||
* padding (KWP) as defined in NIST SP 800-38F.
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
|
||||
*
|
||||
* Key wrapping specifies a deterministic authenticated-encryption mode
|
||||
* of operation, according to <em>NIST SP 800-38F: Recommendation for
|
||||
* Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
|
||||
* purpose is to protect cryptographic keys.
|
||||
*
|
||||
* Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
|
||||
* https://tools.ietf.org/html/rfc3394
|
||||
* https://tools.ietf.org/html/rfc5649
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_NIST_KW_H
|
||||
#define MBEDTLS_NIST_KW_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_KW_MODE_KW = 0,
|
||||
MBEDTLS_KW_MODE_KWP = 1
|
||||
} mbedtls_nist_kw_mode_t;
|
||||
|
||||
#if !defined(MBEDTLS_NIST_KW_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The key wrapping context-type definition. The key wrapping context is passed
|
||||
* to the APIs called.
|
||||
*
|
||||
* \note The definition of this type may change in future library versions.
|
||||
* Don't make any assumptions on this context!
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
} mbedtls_nist_kw_context;
|
||||
|
||||
#else /* MBEDTLS_NIST_key wrapping_ALT */
|
||||
#include "nist_kw_alt.h"
|
||||
#endif /* MBEDTLS_NIST_KW_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified key wrapping context
|
||||
* to make references valid and prepare the context
|
||||
* for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
|
||||
*
|
||||
* \param ctx The key wrapping context to initialize.
|
||||
*
|
||||
*/
|
||||
void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function initializes the key wrapping context set in the
|
||||
* \p ctx parameter and sets the encryption key.
|
||||
*
|
||||
* \param ctx The key wrapping context.
|
||||
* \param cipher The 128-bit block cipher to use. Only AES is supported.
|
||||
* \param key The Key Encryption Key (KEK).
|
||||
* \param keybits The KEK size in bits. This must be acceptable by the cipher.
|
||||
* \param is_wrap Specify whether the operation within the context is wrapping or unwrapping
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
|
||||
* \return \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
|
||||
* which are not supported.
|
||||
* \return cipher-specific error code on failure of the underlying cipher.
|
||||
*/
|
||||
int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits,
|
||||
const int is_wrap );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified key wrapping context
|
||||
* and underlying cipher sub-context.
|
||||
*
|
||||
* \param ctx The key wrapping context to clear.
|
||||
*/
|
||||
void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function encrypts a buffer using key wrapping.
|
||||
*
|
||||
* \param ctx The key wrapping context to use for encryption.
|
||||
* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
|
||||
* \param input The buffer holding the input data.
|
||||
* \param in_len The length of the input data in Bytes.
|
||||
* The input uses units of 8 Bytes called semiblocks.
|
||||
* <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
|
||||
* <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
|
||||
* \param[out] output The buffer holding the output data.
|
||||
* <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
|
||||
* <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
|
||||
* 8 bytes for KWP (15 bytes at most).</li></ul>
|
||||
* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
|
||||
* \param[in] out_size The capacity of the output buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
|
||||
* \return cipher-specific error code on failure of the underlying cipher.
|
||||
*/
|
||||
int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char *output, size_t* out_len, size_t out_size );
|
||||
|
||||
/**
|
||||
* \brief This function decrypts a buffer using key wrapping.
|
||||
*
|
||||
* \param ctx The key wrapping context to use for decryption.
|
||||
* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
|
||||
* \param input The buffer holding the input data.
|
||||
* \param in_len The length of the input data in Bytes.
|
||||
* The input uses units of 8 Bytes called semiblocks.
|
||||
* The input must be a multiple of semiblocks.
|
||||
* <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
|
||||
* <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
|
||||
* \param[out] output The buffer holding the output data.
|
||||
* The output buffer's minimal length is 8 bytes shorter than \p in_len.
|
||||
* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
|
||||
* For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
|
||||
* depending on how much padding was added to the data.
|
||||
* \param[in] out_size The capacity of the output buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
|
||||
* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
|
||||
* \return cipher-specific error code on failure of the underlying cipher.
|
||||
*/
|
||||
int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char *output, size_t* out_len, size_t out_size);
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief The key wrapping checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_nist_kw_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_NIST_KW_H */
|
|
@ -1,649 +0,0 @@
|
|||
/**
|
||||
* \file oid.h
|
||||
*
|
||||
* \brief Object Identifier (OID) database
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_OID_H
|
||||
#define MBEDTLS_OID_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
#include "pk.h"
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
#include "cipher.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#include "md.h"
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
|
||||
#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
|
||||
|
||||
/* This is for the benefit of X.509, but defined here in order to avoid
|
||||
* having a "backwards" include of x.509.h here */
|
||||
/*
|
||||
* X.509 extension types (internal, arbitrary values for bitsets)
|
||||
*/
|
||||
#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
|
||||
#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
|
||||
#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
|
||||
#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
|
||||
#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
|
||||
#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
|
||||
#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
|
||||
#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
|
||||
#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
|
||||
#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
|
||||
#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
|
||||
#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
|
||||
#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
|
||||
#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
|
||||
#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
|
||||
#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
|
||||
|
||||
/*
|
||||
* Top level OID tuples
|
||||
*/
|
||||
#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
|
||||
#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
|
||||
#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
|
||||
#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
|
||||
|
||||
/*
|
||||
* ISO Member bodies OID parts
|
||||
*/
|
||||
#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
|
||||
#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
|
||||
#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
|
||||
MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
|
||||
#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
|
||||
#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
|
||||
MBEDTLS_OID_ORG_ANSI_X9_62
|
||||
|
||||
/*
|
||||
* ISO Identified organization OID parts
|
||||
*/
|
||||
#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
|
||||
#define MBEDTLS_OID_ORG_OIW "\x0e"
|
||||
#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
|
||||
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
|
||||
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
|
||||
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
|
||||
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
|
||||
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
|
||||
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
|
||||
|
||||
/*
|
||||
* ISO ITU OID parts
|
||||
*/
|
||||
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
|
||||
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
|
||||
|
||||
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
|
||||
#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
|
||||
|
||||
#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
|
||||
#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
|
||||
|
||||
/* ISO arc for standard certificate and CRL extensions */
|
||||
#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
|
||||
|
||||
#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
|
||||
|
||||
/**
|
||||
* Private Internet Extensions
|
||||
* { iso(1) identified-organization(3) dod(6) internet(1)
|
||||
* security(5) mechanisms(5) pkix(7) }
|
||||
*/
|
||||
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
|
||||
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
|
||||
|
||||
/*
|
||||
* Arc for standard naming attributes
|
||||
*/
|
||||
#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
|
||||
#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
|
||||
#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
|
||||
#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
|
||||
#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
|
||||
#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
|
||||
#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
|
||||
#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
|
||||
#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
|
||||
#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
|
||||
#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
|
||||
#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
|
||||
#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
|
||||
#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
|
||||
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
|
||||
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
|
||||
#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
|
||||
#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
|
||||
|
||||
#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
|
||||
|
||||
/*
|
||||
* OIDs for standard certificate extensions
|
||||
*/
|
||||
#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
|
||||
#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
|
||||
#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
|
||||
#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
|
||||
#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
|
||||
#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
|
||||
#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
|
||||
#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
|
||||
#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
|
||||
#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
|
||||
#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
|
||||
#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
|
||||
#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
|
||||
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
|
||||
#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
|
||||
|
||||
/*
|
||||
* Certificate policies
|
||||
*/
|
||||
#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
|
||||
|
||||
/*
|
||||
* Netscape certificate extensions
|
||||
*/
|
||||
#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
|
||||
#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
|
||||
#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
|
||||
#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
|
||||
#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
|
||||
#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
|
||||
#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
|
||||
#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
|
||||
#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
|
||||
#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
|
||||
#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
|
||||
|
||||
/*
|
||||
* OIDs for CRL extensions
|
||||
*/
|
||||
#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
|
||||
#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
|
||||
|
||||
/*
|
||||
* X.509 v3 Extended key usage OIDs
|
||||
*/
|
||||
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
|
||||
|
||||
#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
|
||||
#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
|
||||
#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
|
||||
#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
|
||||
#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
|
||||
#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
|
||||
#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
|
||||
|
||||
/**
|
||||
* Wi-SUN Alliance Field Area Network
|
||||
* { iso(1) identified-organization(3) dod(6) internet(1)
|
||||
* private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
|
||||
*/
|
||||
#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
|
||||
|
||||
#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
|
||||
#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
|
||||
|
||||
/*
|
||||
* PKCS definition OIDs
|
||||
*/
|
||||
|
||||
#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
|
||||
#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
|
||||
#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
|
||||
#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
|
||||
#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
|
||||
|
||||
/*
|
||||
* PKCS#1 OIDs
|
||||
*/
|
||||
#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
|
||||
#define MBEDTLS_OID_PKCS1_MD2 MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
|
||||
#define MBEDTLS_OID_PKCS1_MD4 MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
|
||||
#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
|
||||
#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
|
||||
#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
|
||||
#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
|
||||
#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
|
||||
#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
|
||||
|
||||
#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
|
||||
|
||||
#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
|
||||
|
||||
/* RFC 4055 */
|
||||
#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
|
||||
#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
|
||||
|
||||
/*
|
||||
* Digest algorithms
|
||||
*/
|
||||
#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
|
||||
#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
|
||||
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
|
||||
|
||||
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
*/
|
||||
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
|
||||
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
|
||||
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
|
||||
|
||||
/*
|
||||
* Key Wrapping algorithms
|
||||
*/
|
||||
/*
|
||||
* RFC 5649
|
||||
*/
|
||||
#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
|
||||
#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
|
||||
#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
|
||||
#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
|
||||
#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
|
||||
#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
|
||||
/*
|
||||
* PKCS#5 OIDs
|
||||
*/
|
||||
#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
|
||||
#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
|
||||
#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
|
||||
|
||||
/*
|
||||
* PKCS#5 PBES1 algorithms
|
||||
*/
|
||||
#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
|
||||
#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
|
||||
#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
|
||||
#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
|
||||
#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
|
||||
#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
|
||||
|
||||
/*
|
||||
* PKCS#8 OIDs
|
||||
*/
|
||||
#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
|
||||
|
||||
/*
|
||||
* PKCS#12 PBE OIDs
|
||||
*/
|
||||
#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
|
||||
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
|
||||
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
|
||||
|
||||
/*
|
||||
* EC key algorithms from RFC 5480
|
||||
*/
|
||||
|
||||
/* id-ecPublicKey OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
|
||||
#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
|
||||
|
||||
/* id-ecDH OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132)
|
||||
* schemes(1) ecdh(12) } */
|
||||
#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
|
||||
|
||||
/*
|
||||
* ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
|
||||
*/
|
||||
|
||||
/* secp192r1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
|
||||
|
||||
/* secp224r1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
|
||||
|
||||
/* secp256r1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
|
||||
|
||||
/* secp384r1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
|
||||
|
||||
/* secp521r1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
|
||||
|
||||
/* secp192k1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
|
||||
|
||||
/* secp224k1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
|
||||
|
||||
/* secp256k1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
|
||||
#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
|
||||
|
||||
/* RFC 5639 4.1
|
||||
* ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
|
||||
* identified-organization(3) teletrust(36) algorithm(3) signature-
|
||||
* algorithm(3) ecSign(2) 8}
|
||||
* ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
|
||||
* versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
|
||||
#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
|
||||
|
||||
/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
|
||||
#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
|
||||
|
||||
/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
|
||||
#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
|
||||
|
||||
/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
|
||||
#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
|
||||
|
||||
/*
|
||||
* SEC1 C.1
|
||||
*
|
||||
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
|
||||
* id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
|
||||
*/
|
||||
#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
|
||||
#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
|
||||
|
||||
/*
|
||||
* ECDSA signature identifiers, from RFC 5480
|
||||
*/
|
||||
#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
|
||||
#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
|
||||
|
||||
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
|
||||
#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
|
||||
|
||||
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||
* ecdsa-with-SHA2(3) 1 } */
|
||||
#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
|
||||
|
||||
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||
* ecdsa-with-SHA2(3) 2 } */
|
||||
#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
|
||||
|
||||
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||
* ecdsa-with-SHA2(3) 3 } */
|
||||
#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
|
||||
|
||||
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
|
||||
* ecdsa-with-SHA2(3) 4 } */
|
||||
#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Base OID descriptor structure
|
||||
*/
|
||||
typedef struct mbedtls_oid_descriptor_t
|
||||
{
|
||||
const char *asn1; /*!< OID ASN.1 representation */
|
||||
size_t asn1_len; /*!< length of asn1 */
|
||||
const char *name; /*!< official name (e.g. from RFC) */
|
||||
const char *description; /*!< human friendly description */
|
||||
} mbedtls_oid_descriptor_t;
|
||||
|
||||
/**
|
||||
* \brief Translate an ASN.1 OID into its numeric representation
|
||||
* (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
|
||||
*
|
||||
* \param buf buffer to put representation in
|
||||
* \param size size of the buffer
|
||||
* \param oid OID to translate
|
||||
*
|
||||
* \return Length of the string written (excluding final NULL) or
|
||||
* MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
|
||||
*/
|
||||
int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
|
||||
|
||||
/**
|
||||
* \brief Translate an X.509 extension OID into local values
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param ext_type place to store the extension type
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
|
||||
|
||||
/**
|
||||
* \brief Translate an X.509 attribute type OID into the short name
|
||||
* (e.g. the OID for an X520 Common Name into "CN")
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param short_name place to store the string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
|
||||
|
||||
/**
|
||||
* \brief Translate PublicKeyAlgorithm OID into pk_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param pk_alg place to store public key algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate pk_type into PublicKeyAlgorithm OID
|
||||
*
|
||||
* \param pk_alg Public key type to look for
|
||||
* \param oid place to store ASN.1 OID string pointer
|
||||
* \param olen length of the OID
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
|
||||
const char **oid, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* \brief Translate NamedCurve OID into an EC group identifier
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param grp_id place to store group id
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
|
||||
|
||||
/**
|
||||
* \brief Translate EC group identifier into NamedCurve OID
|
||||
*
|
||||
* \param grp_id EC group identifier
|
||||
* \param oid place to store ASN.1 OID string pointer
|
||||
* \param olen length of the OID
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
|
||||
const char **oid, size_t *olen );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
/**
|
||||
* \brief Translate SignatureAlgorithm OID into md_type and pk_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_alg place to store message digest algorithm
|
||||
* \param pk_alg place to store public key algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
|
||||
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate SignatureAlgorithm OID into description
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
|
||||
|
||||
/**
|
||||
* \brief Translate md_type and pk_type into SignatureAlgorithm OID
|
||||
*
|
||||
* \param md_alg message digest algorithm
|
||||
* \param pk_alg public key algorithm
|
||||
* \param oid place to store ASN.1 OID string pointer
|
||||
* \param olen length of the OID
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
|
||||
const char **oid, size_t *olen );
|
||||
|
||||
/**
|
||||
* \brief Translate hash algorithm OID into md_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_alg place to store message digest algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate hmac algorithm OID into md_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_hmac place to store message hmac algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/**
|
||||
* \brief Translate Extended Key Usage OID into description
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
|
||||
|
||||
/**
|
||||
* \brief Translate certificate policies OID into description
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
|
||||
|
||||
/**
|
||||
* \brief Translate md_type into hash algorithm OID
|
||||
*
|
||||
* \param md_alg message digest algorithm
|
||||
* \param oid place to store ASN.1 OID string pointer
|
||||
* \param olen length of the OID
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
/**
|
||||
* \brief Translate encryption algorithm OID into cipher_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param cipher_alg place to store cipher algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
/**
|
||||
* \brief Translate PKCS#12 PBE algorithm OID into md_type and
|
||||
* cipher_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_alg place to store message digest algorithm
|
||||
* \param cipher_alg place to store cipher algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
|
||||
mbedtls_cipher_type_t *cipher_alg );
|
||||
#endif /* MBEDTLS_PKCS12_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* oid.h */
|
|
@ -1,126 +0,0 @@
|
|||
/**
|
||||
* \file padlock.h
|
||||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
|
||||
* processors
|
||||
*
|
||||
* \warning These functions are only for internal use by other library
|
||||
* functions; you must not call them directly.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PADLOCK_H
|
||||
#define MBEDTLS_PADLOCK_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(address_sanitizer)
|
||||
#define MBEDTLS_HAVE_ASAN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Some versions of ASan result in errors about not enough registers */
|
||||
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
|
||||
!defined(MBEDTLS_HAVE_ASAN)
|
||||
|
||||
#ifndef MBEDTLS_HAVE_X86
|
||||
#define MBEDTLS_HAVE_X86
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_PADLOCK_RNG 0x000C
|
||||
#define MBEDTLS_PADLOCK_ACE 0x00C0
|
||||
#define MBEDTLS_PADLOCK_PHE 0x0C00
|
||||
#define MBEDTLS_PADLOCK_PMM 0x3000
|
||||
|
||||
#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock detection routine
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param feature The feature to detect
|
||||
*
|
||||
* \return 1 if CPU has support for the feature, 0 otherwise
|
||||
*/
|
||||
int mbedtls_padlock_has_support( int feature );
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock AES-ECB block en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
*
|
||||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock AES-CBC buffer en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_X86 */
|
||||
|
||||
#endif /* padlock.h */
|
|
@ -1,146 +0,0 @@
|
|||
/**
|
||||
* \file pem.h
|
||||
*
|
||||
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PEM_H
|
||||
#define MBEDTLS_PEM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/**
|
||||
* \name PEM Error codes
|
||||
* These error codes are returned in case of errors reading the
|
||||
* PEM data.
|
||||
* \{
|
||||
*/
|
||||
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */
|
||||
#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
|
||||
#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
|
||||
#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */
|
||||
#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
|
||||
#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
|
||||
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
||||
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */
|
||||
/* \} name */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
/**
|
||||
* \brief PEM context structure
|
||||
*/
|
||||
typedef struct mbedtls_pem_context
|
||||
{
|
||||
unsigned char *buf; /*!< buffer for decoded data */
|
||||
size_t buflen; /*!< length of the buffer */
|
||||
unsigned char *info; /*!< buffer for extra header information */
|
||||
}
|
||||
mbedtls_pem_context;
|
||||
|
||||
/**
|
||||
* \brief PEM context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
void mbedtls_pem_init( mbedtls_pem_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Read a buffer for PEM information and store the resulting
|
||||
* data into the specified context buffers.
|
||||
*
|
||||
* \param ctx context to use
|
||||
* \param header header string to seek and expect
|
||||
* \param footer footer string to seek and expect
|
||||
* \param data source data to look in (must be nul-terminated)
|
||||
* \param pwd password for decryption (can be NULL)
|
||||
* \param pwdlen length of password
|
||||
* \param use_len destination for total length used (set after header is
|
||||
* correctly read, so unless you get
|
||||
* MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
|
||||
* MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
||||
* the length to skip)
|
||||
*
|
||||
* \note Attempts to check password correctness by verifying if
|
||||
* the decrypted text starts with an ASN.1 sequence of
|
||||
* appropriate length
|
||||
*
|
||||
* \return 0 on success, or a specific PEM error code
|
||||
*/
|
||||
int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
|
||||
const unsigned char *data,
|
||||
const unsigned char *pwd,
|
||||
size_t pwdlen, size_t *use_len );
|
||||
|
||||
/**
|
||||
* \brief PEM context memory freeing
|
||||
*
|
||||
* \param ctx context to be freed
|
||||
*/
|
||||
void mbedtls_pem_free( mbedtls_pem_context *ctx );
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||
/**
|
||||
* \brief Write a buffer of PEM information from a DER encoded
|
||||
* buffer.
|
||||
*
|
||||
* \param header The header string to write.
|
||||
* \param footer The footer string to write.
|
||||
* \param der_data The DER data to encode.
|
||||
* \param der_len The length of the DER data \p der_data in Bytes.
|
||||
* \param buf The buffer to write to.
|
||||
* \param buf_len The length of the output buffer \p buf in Bytes.
|
||||
* \param olen The address at which to store the total length written
|
||||
* or required (if \p buf_len is not enough).
|
||||
*
|
||||
* \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
|
||||
* to request the length of the resulting PEM buffer in
|
||||
* `*olen`.
|
||||
*
|
||||
* \note This function may be called with overlapping \p der_data
|
||||
* and \p buf buffers.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
|
||||
* enough to hold the PEM buffer. In this case, `*olen` holds
|
||||
* the required minimum size of \p buf.
|
||||
* \return Another PEM or BASE64 error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
||||
const unsigned char *der_data, size_t der_len,
|
||||
unsigned char *buf, size_t buf_len, size_t *olen );
|
||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* pem.h */
|
|
@ -1,826 +0,0 @@
|
|||
/**
|
||||
* \file pk.h
|
||||
*
|
||||
* \brief Public Key abstraction layer
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PK_H
|
||||
#define MBEDTLS_PK_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "rsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#include "ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
|
||||
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
|
||||
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */
|
||||
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */
|
||||
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */
|
||||
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
|
||||
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */
|
||||
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */
|
||||
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
|
||||
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
|
||||
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
|
||||
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
|
||||
|
||||
/* MBEDTLS_ERR_PK_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Public key types
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_PK_NONE=0,
|
||||
MBEDTLS_PK_RSA,
|
||||
MBEDTLS_PK_ECKEY,
|
||||
MBEDTLS_PK_ECKEY_DH,
|
||||
MBEDTLS_PK_ECDSA,
|
||||
MBEDTLS_PK_RSA_ALT,
|
||||
MBEDTLS_PK_RSASSA_PSS,
|
||||
MBEDTLS_PK_OPAQUE,
|
||||
} mbedtls_pk_type_t;
|
||||
|
||||
/**
|
||||
* \brief Options for RSASSA-PSS signature verification.
|
||||
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
|
||||
*/
|
||||
typedef struct mbedtls_pk_rsassa_pss_options
|
||||
{
|
||||
mbedtls_md_type_t mgf1_hash_id;
|
||||
int expected_salt_len;
|
||||
|
||||
} mbedtls_pk_rsassa_pss_options;
|
||||
|
||||
/**
|
||||
* \brief Types for interfacing with the debug module
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_PK_DEBUG_NONE = 0,
|
||||
MBEDTLS_PK_DEBUG_MPI,
|
||||
MBEDTLS_PK_DEBUG_ECP,
|
||||
} mbedtls_pk_debug_type;
|
||||
|
||||
/**
|
||||
* \brief Item to send to the debug module
|
||||
*/
|
||||
typedef struct mbedtls_pk_debug_item
|
||||
{
|
||||
mbedtls_pk_debug_type type;
|
||||
const char *name;
|
||||
void *value;
|
||||
} mbedtls_pk_debug_item;
|
||||
|
||||
/** Maximum number of item send for debugging, plus 1 */
|
||||
#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
|
||||
|
||||
/**
|
||||
* \brief Public key information and operations
|
||||
*/
|
||||
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
|
||||
|
||||
/**
|
||||
* \brief Public key container
|
||||
*/
|
||||
typedef struct mbedtls_pk_context
|
||||
{
|
||||
const mbedtls_pk_info_t * pk_info; /**< Public key information */
|
||||
void * pk_ctx; /**< Underlying public key context */
|
||||
} mbedtls_pk_context;
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Context for resuming operations
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
const mbedtls_pk_info_t * pk_info; /**< Public key information */
|
||||
void * rs_ctx; /**< Underlying restart context */
|
||||
} mbedtls_pk_restart_ctx;
|
||||
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
/* Now we can declare functions that take a pointer to that */
|
||||
typedef void mbedtls_pk_restart_ctx;
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/**
|
||||
* Quick access to an RSA context inside a PK context.
|
||||
*
|
||||
* \warning You must make sure the PK context actually holds an RSA context
|
||||
* before using this function!
|
||||
*/
|
||||
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
|
||||
{
|
||||
return( (mbedtls_rsa_context *) (pk).pk_ctx );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* Quick access to an EC context inside a PK context.
|
||||
*
|
||||
* \warning You must make sure the PK context actually holds an EC context
|
||||
* before using this function!
|
||||
*/
|
||||
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
|
||||
{
|
||||
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/**
|
||||
* \brief Types for RSA-alt abstraction
|
||||
*/
|
||||
typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
size_t output_max_len );
|
||||
typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig );
|
||||
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
|
||||
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
||||
|
||||
/**
|
||||
* \brief Return information associated with the given PK type
|
||||
*
|
||||
* \param pk_type PK type to search for.
|
||||
*
|
||||
* \return The PK info associated with the type or NULL if not found.
|
||||
*/
|
||||
const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a #mbedtls_pk_context (as NONE).
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_pk_init( mbedtls_pk_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a #mbedtls_pk_context.
|
||||
*
|
||||
* \param ctx The context to clear. It must have been initialized.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
*
|
||||
* \note For contexts that have been set up with
|
||||
* mbedtls_pk_setup_opaque(), this does not free the underlying
|
||||
* key slot and you still need to call psa_destroy_key()
|
||||
* independently if you want to destroy that key.
|
||||
*/
|
||||
void mbedtls_pk_free( mbedtls_pk_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Initialize a restart context
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a restart context
|
||||
*
|
||||
* \param ctx The context to clear. It must have been initialized.
|
||||
* If this is \c NULL, this function does nothing.
|
||||
*/
|
||||
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/**
|
||||
* \brief Initialize a PK context with the information given
|
||||
* and allocates the type-specific PK subcontext.
|
||||
*
|
||||
* \param ctx Context to initialize. It must not have been set
|
||||
* up yet (type #MBEDTLS_PK_NONE).
|
||||
* \param info Information to use
|
||||
*
|
||||
* \return 0 on success,
|
||||
* MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
|
||||
* MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
|
||||
*
|
||||
* \note For contexts holding an RSA-alt key, use
|
||||
* \c mbedtls_pk_setup_rsa_alt() instead.
|
||||
*/
|
||||
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/**
|
||||
* \brief Initialize a PK context to wrap a PSA key slot.
|
||||
*
|
||||
* \note This function replaces mbedtls_pk_setup() for contexts
|
||||
* that wrap a (possibly opaque) PSA key slot instead of
|
||||
* storing and manipulating the key material directly.
|
||||
*
|
||||
* \param ctx The context to initialize. It must be empty (type NONE).
|
||||
* \param key The PSA key slot to wrap, which must hold an ECC key pair
|
||||
* (see notes below).
|
||||
*
|
||||
* \note The wrapped key slot must remain valid as long as the
|
||||
* wrapping PK context is in use, that is at least between
|
||||
* the point this function is called and the point
|
||||
* mbedtls_pk_free() is called on this context. The wrapped
|
||||
* key slot might then be independently used or destroyed.
|
||||
*
|
||||
* \note This function is currently only available for ECC key
|
||||
* pairs (that is, ECC keys containing private key material).
|
||||
* Support for other key types may be added later.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
|
||||
* (context already used, invalid key slot).
|
||||
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
|
||||
* ECC key pair.
|
||||
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
|
||||
*/
|
||||
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/**
|
||||
* \brief Initialize an RSA-alt context
|
||||
*
|
||||
* \param ctx Context to initialize. It must not have been set
|
||||
* up yet (type #MBEDTLS_PK_NONE).
|
||||
* \param key RSA key pointer
|
||||
* \param decrypt_func Decryption function
|
||||
* \param sign_func Signing function
|
||||
* \param key_len_func Function returning key length in bytes
|
||||
*
|
||||
* \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
|
||||
* context wasn't already initialized as RSA_ALT.
|
||||
*
|
||||
* \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
|
||||
*/
|
||||
int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
|
||||
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
|
||||
mbedtls_pk_rsa_alt_sign_func sign_func,
|
||||
mbedtls_pk_rsa_alt_key_len_func key_len_func );
|
||||
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
||||
|
||||
/**
|
||||
* \brief Get the size in bits of the underlying key
|
||||
*
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
*
|
||||
* \return Key size in bits, or 0 on error
|
||||
*/
|
||||
size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Get the length in bytes of the underlying key
|
||||
*
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
*
|
||||
* \return Key length in bytes, or 0 on error
|
||||
*/
|
||||
static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
|
||||
{
|
||||
return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Tell if a context can do the operation given by type
|
||||
*
|
||||
* \param ctx The context to query. It must have been initialized.
|
||||
* \param type The desired type.
|
||||
*
|
||||
* \return 1 if the context can do operations on the given type.
|
||||
* \return 0 if the context cannot do the operations on the given
|
||||
* type. This is always the case for a context that has
|
||||
* been initialized but not set up, or that has been
|
||||
* cleared with mbedtls_pk_free().
|
||||
*/
|
||||
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
|
||||
|
||||
/**
|
||||
* \brief Verify signature (including padding if relevant).
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
|
||||
* to verify RSASSA_PSS signatures.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
* is used instead, or an error returned if it is invalid.
|
||||
*
|
||||
* \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
|
||||
*/
|
||||
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_pk_verify()
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_pk_verify(), but can
|
||||
* return early and restart according to the limit set with
|
||||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_verify().
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
* \param rs_ctx Restart context (NULL to disable restart)
|
||||
*
|
||||
* \return See \c mbedtls_pk_verify(), or
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len,
|
||||
mbedtls_pk_restart_ctx *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief Verify signature, with options.
|
||||
* (Includes verification of the padding depending on type.)
|
||||
*
|
||||
* \param type Signature type (inc. possible padding type) to verify
|
||||
* \param options Pointer to type-specific options, or NULL
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
|
||||
* used for this type of signatures,
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
* is used instead, or an error returned if it is invalid.
|
||||
*
|
||||
* \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
|
||||
*
|
||||
* \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
|
||||
* to a mbedtls_pk_rsassa_pss_options structure,
|
||||
* otherwise it must be NULL.
|
||||
*/
|
||||
int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
||||
mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len );
|
||||
|
||||
/**
|
||||
* \brief Make signature, including padding if relevant.
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Place to write the signature
|
||||
* \param sig_len Number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* There is no interface in the PK module to make RSASSA-PSS
|
||||
* signatures yet.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
* is used instead, or an error returned if it is invalid.
|
||||
*
|
||||
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
|
||||
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
|
||||
*
|
||||
* \note In order to ensure enough space for the signature, the
|
||||
* \p sig buffer size must be of at least
|
||||
* `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
|
||||
*/
|
||||
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_pk_sign()
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_pk_sign(), but can
|
||||
* return early and restart according to the limit set with
|
||||
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
|
||||
* operations. For RSA, same as \c mbedtls_pk_sign().
|
||||
*
|
||||
* \note In order to ensure enough space for the signature, the
|
||||
* \p sig buffer size must be of at least
|
||||
* `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Place to write the signature
|
||||
* \param sig_len Number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param rs_ctx Restart context (NULL to disable restart)
|
||||
*
|
||||
* \return See \c mbedtls_pk_sign(), or
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
mbedtls_pk_restart_ctx *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief Decrypt message (including padding if relevant).
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up
|
||||
* with a private key.
|
||||
* \param input Input to decrypt
|
||||
* \param ilen Input size
|
||||
* \param output Decrypted output
|
||||
* \param olen Decrypted message length
|
||||
* \param osize Size of the output buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Encrypt message (including padding if relevant).
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been set up.
|
||||
* \param input Message to encrypt
|
||||
* \param ilen Message size
|
||||
* \param output Encrypted output
|
||||
* \param olen Encrypted output length
|
||||
* \param osize Size of the output buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check if a public-private pair of keys matches.
|
||||
*
|
||||
* \param pub Context holding a public key.
|
||||
* \param prv Context holding a private (and public) key.
|
||||
*
|
||||
* \return \c 0 on success (keys were checked and match each other).
|
||||
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
|
||||
* be checked - in that case they may or may not match.
|
||||
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
|
||||
* \return Another non-zero value if the keys do not match.
|
||||
*/
|
||||
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
|
||||
|
||||
/**
|
||||
* \brief Export debug information
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
* \param items Place to write debug items
|
||||
*
|
||||
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
|
||||
*/
|
||||
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
|
||||
|
||||
/**
|
||||
* \brief Access the type name
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
*
|
||||
* \return Type name on success, or "invalid PK"
|
||||
*/
|
||||
const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Get the key type
|
||||
*
|
||||
* \param ctx The PK context to use. It must have been initialized.
|
||||
*
|
||||
* \return Type on success.
|
||||
* \return #MBEDTLS_PK_NONE for a context that has not been set up.
|
||||
*/
|
||||
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C)
|
||||
/** \ingroup pk_module */
|
||||
/**
|
||||
* \brief Parse a private key in PEM or DER format
|
||||
*
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param key Input buffer to parse.
|
||||
* The buffer must contain the input exactly, with no
|
||||
* extra trailing material. For PEM, the buffer must
|
||||
* contain a null-terminated string.
|
||||
* \param keylen Size of \b key in bytes.
|
||||
* For PEM data, this includes the terminating null byte,
|
||||
* so \p keylen must be equal to `strlen(key) + 1`.
|
||||
* \param pwd Optional password for decryption.
|
||||
* Pass \c NULL if expecting a non-encrypted key.
|
||||
* Pass a string of \p pwdlen bytes if expecting an encrypted
|
||||
* key; a non-encrypted key will also be accepted.
|
||||
* The empty password is not supported.
|
||||
* \param pwdlen Size of the password in bytes.
|
||||
* Ignored if \p pwd is \c NULL.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
* specific key type, check the result with mbedtls_pk_can_do().
|
||||
*
|
||||
* \note The key is also checked for correctness.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK or PEM error code
|
||||
*/
|
||||
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
|
||||
const unsigned char *key, size_t keylen,
|
||||
const unsigned char *pwd, size_t pwdlen );
|
||||
|
||||
/** \ingroup pk_module */
|
||||
/**
|
||||
* \brief Parse a public key in PEM or DER format
|
||||
*
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param key Input buffer to parse.
|
||||
* The buffer must contain the input exactly, with no
|
||||
* extra trailing material. For PEM, the buffer must
|
||||
* contain a null-terminated string.
|
||||
* \param keylen Size of \b key in bytes.
|
||||
* For PEM data, this includes the terminating null byte,
|
||||
* so \p keylen must be equal to `strlen(key) + 1`.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
* specific key type, check the result with mbedtls_pk_can_do().
|
||||
*
|
||||
* \note The key is also checked for correctness.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK or PEM error code
|
||||
*/
|
||||
int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
||||
const unsigned char *key, size_t keylen );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/** \ingroup pk_module */
|
||||
/**
|
||||
* \brief Load and parse a private key
|
||||
*
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param path filename to read the private key from
|
||||
* \param password Optional password to decrypt the file.
|
||||
* Pass \c NULL if expecting a non-encrypted key.
|
||||
* Pass a null-terminated string if expecting an encrypted
|
||||
* key; a non-encrypted key will also be accepted.
|
||||
* The empty password is not supported.
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
* specific key type, check the result with mbedtls_pk_can_do().
|
||||
*
|
||||
* \note The key is also checked for correctness.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK or PEM error code
|
||||
*/
|
||||
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
||||
const char *path, const char *password );
|
||||
|
||||
/** \ingroup pk_module */
|
||||
/**
|
||||
* \brief Load and parse a public key
|
||||
*
|
||||
* \param ctx The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
* \param path filename to read the public key from
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
|
||||
* you need a specific key type, check the result with
|
||||
* mbedtls_pk_can_do().
|
||||
*
|
||||
* \note The key is also checked for correctness.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK or PEM error code
|
||||
*/
|
||||
int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_PK_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_PK_WRITE_C)
|
||||
/**
|
||||
* \brief Write a private key to a PKCS#1 or SEC1 DER structure
|
||||
* Note: data is written at the end of the buffer! Use the
|
||||
* return value to determine where you should start
|
||||
* using the buffer
|
||||
*
|
||||
* \param ctx PK context which must contain a valid private key.
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
*
|
||||
* \return length of data written if successful, or a specific
|
||||
* error code
|
||||
*/
|
||||
int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
|
||||
|
||||
/**
|
||||
* \brief Write a public key to a SubjectPublicKeyInfo DER structure
|
||||
* Note: data is written at the end of the buffer! Use the
|
||||
* return value to determine where you should start
|
||||
* using the buffer
|
||||
*
|
||||
* \param ctx PK context which must contain a valid public or private key.
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
*
|
||||
* \return length of data written if successful, or a specific
|
||||
* error code
|
||||
*/
|
||||
int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
|
||||
|
||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||
/**
|
||||
* \brief Write a public key to a PEM string
|
||||
*
|
||||
* \param ctx PK context which must contain a valid public or private key.
|
||||
* \param buf Buffer to write to. The output includes a
|
||||
* terminating null byte.
|
||||
* \param size Size of the buffer in bytes.
|
||||
*
|
||||
* \return 0 if successful, or a specific error code
|
||||
*/
|
||||
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
|
||||
|
||||
/**
|
||||
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
|
||||
*
|
||||
* \param ctx PK context which must contain a valid private key.
|
||||
* \param buf Buffer to write to. The output includes a
|
||||
* terminating null byte.
|
||||
* \param size Size of the buffer in bytes.
|
||||
*
|
||||
* \return 0 if successful, or a specific error code
|
||||
*/
|
||||
int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
|
||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
#endif /* MBEDTLS_PK_WRITE_C */
|
||||
|
||||
/*
|
||||
* WARNING: Low-level functions. You probably do not want to use these unless
|
||||
* you are certain you do ;)
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C)
|
||||
/**
|
||||
* \brief Parse a SubjectPublicKeyInfo DER structure
|
||||
*
|
||||
* \param p the position in the ASN.1 data
|
||||
* \param end end of the buffer
|
||||
* \param pk The PK context to fill. It must have been initialized
|
||||
* but not set up.
|
||||
*
|
||||
* \return 0 if successful, or a specific PK error code
|
||||
*/
|
||||
int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
||||
mbedtls_pk_context *pk );
|
||||
#endif /* MBEDTLS_PK_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_PK_WRITE_C)
|
||||
/**
|
||||
* \brief Write a subjectPublicKey to ASN.1 data
|
||||
* Note: function works backwards in data buffer
|
||||
*
|
||||
* \param p reference to current position pointer
|
||||
* \param start start of the buffer (for bounds-checking)
|
||||
* \param key PK context which must contain a valid public or private key.
|
||||
*
|
||||
* \return the length written or a negative error code
|
||||
*/
|
||||
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
||||
const mbedtls_pk_context *key );
|
||||
#endif /* MBEDTLS_PK_WRITE_C */
|
||||
|
||||
/*
|
||||
* Internal module functions. You probably do not want to use these unless you
|
||||
* know you do.
|
||||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/**
|
||||
* \brief Turn an EC key into an Opaque one
|
||||
*
|
||||
* \warning This is a temporary utility function for tests. It might
|
||||
* change or be removed at any time without notice.
|
||||
*
|
||||
* \note Only ECDSA keys are supported so far. Signing with the
|
||||
* specified hash is the only allowed use of that key.
|
||||
*
|
||||
* \param pk Input: the EC key to transfer to a PSA key slot.
|
||||
* Output: a PK context wrapping that PSA key slot.
|
||||
* \param slot Output: the chosen slot for storing the key.
|
||||
* It's the caller's responsibility to destroy that slot
|
||||
* after calling mbedtls_pk_free() on the PK context.
|
||||
* \param hash_alg The hash algorithm to allow for use with that key.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return An Mbed TLS error code otherwise.
|
||||
*/
|
||||
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
|
||||
psa_key_handle_t *slot,
|
||||
psa_algorithm_t hash_alg );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PK_H */
|
|
@ -1,142 +0,0 @@
|
|||
/**
|
||||
* \file pk_internal.h
|
||||
*
|
||||
* \brief Public Key abstraction layer: wrapper functions
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PK_WRAP_H
|
||||
#define MBEDTLS_PK_WRAP_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "pk.h"
|
||||
|
||||
struct mbedtls_pk_info_t
|
||||
{
|
||||
/** Public key type */
|
||||
mbedtls_pk_type_t type;
|
||||
|
||||
/** Type name */
|
||||
const char *name;
|
||||
|
||||
/** Get key size in bits */
|
||||
size_t (*get_bitlen)( const void * );
|
||||
|
||||
/** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
|
||||
int (*can_do)( mbedtls_pk_type_t type );
|
||||
|
||||
/** Verify signature */
|
||||
int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len );
|
||||
|
||||
/** Make signature */
|
||||
int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/** Verify signature (restartable) */
|
||||
int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len,
|
||||
void *rs_ctx );
|
||||
|
||||
/** Make signature (restartable) */
|
||||
int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng, void *rs_ctx );
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/** Decrypt message */
|
||||
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Encrypt message */
|
||||
int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Check public-private key pair */
|
||||
int (*check_pair_func)( const void *pub, const void *prv );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
/** Free the given context */
|
||||
void (*ctx_free_func)( void *ctx );
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/** Allocate the restart context */
|
||||
void * (*rs_alloc_func)( void );
|
||||
|
||||
/** Free the restart context */
|
||||
void (*rs_free_func)( void *rs_ctx );
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/** Interface with the debug module */
|
||||
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
|
||||
|
||||
};
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/* Container for RSA-alt */
|
||||
typedef struct
|
||||
{
|
||||
void *key;
|
||||
mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
|
||||
mbedtls_pk_rsa_alt_sign_func sign_func;
|
||||
mbedtls_pk_rsa_alt_key_len_func key_len_func;
|
||||
} mbedtls_rsa_alt_context;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
extern const mbedtls_pk_info_t mbedtls_rsa_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
extern const mbedtls_pk_info_t mbedtls_eckey_info;
|
||||
extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PK_WRAP_H */
|
|
@ -27,14 +27,14 @@
|
|||
#define MBEDTLS_PKCS11_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS11_C)
|
||||
|
||||
#include "x509_crt.h"
|
||||
#include "mbedtls/x509_crt.h"
|
||||
|
||||
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
|
||||
|
||||
|
|
|
@ -1,130 +0,0 @@
|
|||
/**
|
||||
* \file pkcs12.h
|
||||
*
|
||||
* \brief PKCS#12 Personal Information Exchange Syntax
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PKCS12_H
|
||||
#define MBEDTLS_PKCS12_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
#include "cipher.h"
|
||||
#include "asn1.h"
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
|
||||
#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
|
||||
#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
|
||||
|
||||
#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
|
||||
#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
|
||||
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
|
||||
|
||||
#define MBEDTLS_PKCS12_PBE_DECRYPT 0
|
||||
#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
/**
|
||||
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||
* for pbeWithSHAAnd128BitRC4
|
||||
*
|
||||
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
||||
* \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
|
||||
* \param pwd the password used (may be NULL if no password is used)
|
||||
* \param pwdlen length of the password (may be 0)
|
||||
* \param input the input data
|
||||
* \param len data length
|
||||
* \param output the output buffer
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
||||
*/
|
||||
int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *input, size_t len,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||
* for cipher-based and mbedtls_md-based PBE's
|
||||
*
|
||||
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
||||
* \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
|
||||
* \param cipher_type the cipher used
|
||||
* \param md_type the mbedtls_md used
|
||||
* \param pwd the password used (may be NULL if no password is used)
|
||||
* \param pwdlen length of the password (may be 0)
|
||||
* \param input the input data
|
||||
* \param len data length
|
||||
* \param output the output buffer
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
||||
*/
|
||||
int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *input, size_t len,
|
||||
unsigned char *output );
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief The PKCS#12 derivation function uses a password and a salt
|
||||
* to produce pseudo-random bits for a particular "purpose".
|
||||
*
|
||||
* Depending on the given id, this function can produce an
|
||||
* encryption/decryption key, an nitialization vector or an
|
||||
* integrity key.
|
||||
*
|
||||
* \param data buffer to store the derived data in
|
||||
* \param datalen length to fill
|
||||
* \param pwd password to use (may be NULL if no password is used)
|
||||
* \param pwdlen length of the password (may be 0)
|
||||
* \param salt salt buffer to use
|
||||
* \param saltlen length of the salt
|
||||
* \param mbedtls_md mbedtls_md type to use during the derivation
|
||||
* \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
|
||||
* MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
|
||||
* \param iterations number of iterations
|
||||
*
|
||||
* \return 0 if successful, or a MD, BIGNUM type error.
|
||||
*/
|
||||
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *salt, size_t saltlen,
|
||||
mbedtls_md_type_t mbedtls_md, int id, int iterations );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* pkcs12.h */
|
|
@ -1,109 +0,0 @@
|
|||
/**
|
||||
* \file pkcs5.h
|
||||
*
|
||||
* \brief PKCS#5 functions
|
||||
*
|
||||
* \author Mathias Olsson <mathias@kompetensum.com>
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PKCS5_H
|
||||
#define MBEDTLS_PKCS5_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
#include "md.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */
|
||||
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */
|
||||
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */
|
||||
|
||||
#define MBEDTLS_PKCS5_DECRYPT 0
|
||||
#define MBEDTLS_PKCS5_ENCRYPT 1
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
/**
|
||||
* \brief PKCS#5 PBES2 function
|
||||
*
|
||||
* \param pbe_params the ASN.1 algorithm parameters
|
||||
* \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
|
||||
* \param pwd password to use when generating key
|
||||
* \param pwdlen length of password
|
||||
* \param data data to process
|
||||
* \param datalen length of data
|
||||
* \param output output buffer
|
||||
*
|
||||
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
|
||||
*/
|
||||
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output );
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief PKCS#5 PBKDF2 using HMAC
|
||||
*
|
||||
* \param ctx Generic HMAC context
|
||||
* \param password Password to use when generating key
|
||||
* \param plen Length of password
|
||||
* \param salt Salt to use when generating key
|
||||
* \param slen Length of salt
|
||||
* \param iteration_count Iteration count
|
||||
* \param key_length Length of generated key in bytes
|
||||
* \param output Generated key. Must be at least as big as key_length
|
||||
*
|
||||
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
|
||||
*/
|
||||
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
|
||||
size_t plen, const unsigned char *salt, size_t slen,
|
||||
unsigned int iteration_count,
|
||||
uint32_t key_length, unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_pkcs5_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* pkcs5.h */
|
|
@ -1,419 +0,0 @@
|
|||
/**
|
||||
* \file platform.h
|
||||
*
|
||||
* \brief This file contains the definitions and functions of the
|
||||
* Mbed TLS platform abstraction layer.
|
||||
*
|
||||
* The platform abstraction layer removes the need for the library
|
||||
* to directly link to standard C library functions or operating
|
||||
* system services, making the library easier to port and embed.
|
||||
* Application developers and users of the library can provide their own
|
||||
* implementations of these functions, or implementations specific to
|
||||
* their platform, which can be statically linked to the library or
|
||||
* dynamically configured at runtime.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_H
|
||||
#define MBEDTLS_PLATFORM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "platform_time.h"
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
/* The older Microsoft Windows common runtime provides non-conforming
|
||||
* implementations of some standard library functions, including snprintf
|
||||
* and vsnprintf. This affects MSVC and MinGW builds.
|
||||
*/
|
||||
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
|
||||
#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
|
||||
#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
|
||||
#else
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */
|
||||
#else
|
||||
#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
|
||||
#endif
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
|
||||
#include MBEDTLS_PLATFORM_STD_MEM_HDR
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
|
||||
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
|
||||
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
|
||||
#else
|
||||
/* For size_t */
|
||||
#include <stddef.h>
|
||||
extern void *mbedtls_calloc( size_t n, size_t size );
|
||||
extern void mbedtls_free( void *ptr );
|
||||
|
||||
/**
|
||||
* \brief This function dynamically sets the memory-management
|
||||
* functions used by the library, during runtime.
|
||||
*
|
||||
* \param calloc_func The \c calloc function implementation.
|
||||
* \param free_func The \c free function implementation.
|
||||
*
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
||||
void (*free_func)( void * ) );
|
||||
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
|
||||
#else /* !MBEDTLS_PLATFORM_MEMORY */
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_calloc calloc
|
||||
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
|
||||
|
||||
/*
|
||||
* The function pointers for fprintf
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
|
||||
/* We need FILE * */
|
||||
#include <stdio.h>
|
||||
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function dynamically configures the fprintf
|
||||
* function that is called when the
|
||||
* mbedtls_fprintf() function is invoked by the library.
|
||||
*
|
||||
* \param fprintf_func The \c fprintf function implementation.
|
||||
*
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
|
||||
... ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
|
||||
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_fprintf fprintf
|
||||
#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for printf
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
|
||||
extern int (*mbedtls_printf)( const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function dynamically configures the snprintf
|
||||
* function that is called when the mbedtls_snprintf()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param printf_func The \c printf function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
|
||||
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
|
||||
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for snprintf
|
||||
*
|
||||
* The snprintf implementation should conform to C99:
|
||||
* - it *must* always correctly zero-terminate the buffer
|
||||
* (except when n == 0, then it must leave the buffer untouched)
|
||||
* - however it is acceptable to return -1 instead of the required length when
|
||||
* the destination buffer is too short.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
|
||||
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
|
||||
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
|
||||
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring a custom
|
||||
* \c snprintf function pointer.
|
||||
*
|
||||
* \param snprintf_func The \c snprintf function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
const char * format, ... ) );
|
||||
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for vsnprintf
|
||||
*
|
||||
* The vsnprintf implementation should conform to C99:
|
||||
* - it *must* always correctly zero-terminate the buffer
|
||||
* (except when n == 0, then it must leave the buffer untouched)
|
||||
* - however it is acceptable to return -1 instead of the required length when
|
||||
* the destination buffer is too short.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
|
||||
#include <stdarg.h>
|
||||
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
|
||||
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
|
||||
#include <stdarg.h>
|
||||
extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
|
||||
|
||||
/**
|
||||
* \brief Set your own snprintf function pointer
|
||||
*
|
||||
* \param vsnprintf_func The \c vsnprintf function implementation
|
||||
*
|
||||
* \return \c 0
|
||||
*/
|
||||
int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
|
||||
const char * format, va_list arg ) );
|
||||
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_vsnprintf vsnprintf
|
||||
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for exit
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
|
||||
extern void (*mbedtls_exit)( int status );
|
||||
|
||||
/**
|
||||
* \brief This function dynamically configures the exit
|
||||
* function that is called when the mbedtls_exit()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param exit_func The \c exit function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
|
||||
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
|
||||
#else
|
||||
#define mbedtls_exit exit
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
|
||||
/*
|
||||
* The default exit values
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
|
||||
#else
|
||||
#define MBEDTLS_EXIT_SUCCESS 0
|
||||
#endif
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
|
||||
#else
|
||||
#define MBEDTLS_EXIT_FAILURE 1
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The function pointers for reading from and writing a seed file to
|
||||
* Non-Volatile storage (NV) in a platform-independent way
|
||||
*
|
||||
* Only enabled when the NV seed entropy source is enabled
|
||||
*/
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Internal standard platform definitions */
|
||||
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
|
||||
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
|
||||
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring custom seed file writing and
|
||||
* reading functions.
|
||||
*
|
||||
* \param nv_seed_read_func The seed reading function implementation.
|
||||
* \param nv_seed_write_func The seed writing function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
|
||||
);
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
|
||||
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
|
||||
#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
|
||||
#else
|
||||
#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
|
||||
#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
|
||||
|
||||
/**
|
||||
* \brief The platform context structure.
|
||||
*
|
||||
* \note This structure may be used to assist platform-specific
|
||||
* setup or teardown operations.
|
||||
*/
|
||||
typedef struct mbedtls_platform_context
|
||||
{
|
||||
char dummy; /**< A placeholder member, as empty structs are not portable. */
|
||||
}
|
||||
mbedtls_platform_context;
|
||||
|
||||
#else
|
||||
#include "platform_alt.h"
|
||||
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function performs any platform-specific initialization
|
||||
* operations.
|
||||
*
|
||||
* \note This function should be called before any other library functions.
|
||||
*
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
|
||||
/**
|
||||
* \brief This function performs any platform teardown operations.
|
||||
*
|
||||
* \note This function should be called after every other Mbed TLS module
|
||||
* has been correctly freed using the appropriate free function.
|
||||
*
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* platform.h */
|
|
@ -1,82 +0,0 @@
|
|||
/**
|
||||
* \file platform_time.h
|
||||
*
|
||||
* \brief mbed TLS Platform time abstraction
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_TIME_H
|
||||
#define MBEDTLS_PLATFORM_TIME_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
/*
|
||||
* The time_t datatype
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
|
||||
typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
|
||||
#else
|
||||
/* For time_t */
|
||||
#include <time.h>
|
||||
typedef time_t mbedtls_time_t;
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
|
||||
|
||||
/*
|
||||
* The function pointers for time
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
|
||||
|
||||
/**
|
||||
* \brief Set your own time function pointer
|
||||
*
|
||||
* \param time_func the time function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
|
||||
#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
|
||||
#else
|
||||
#define mbedtls_time time
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* platform_time.h */
|
|
@ -1,196 +0,0 @@
|
|||
/**
|
||||
* \file platform_util.h
|
||||
*
|
||||
* \brief Common and shared functions used by multiple modules in the Mbed TLS
|
||||
* library.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_UTIL_H
|
||||
#define MBEDTLS_PLATFORM_UTIL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
#include "platform_time.h"
|
||||
#include <time.h>
|
||||
#endif /* MBEDTLS_HAVE_TIME_DATE */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS)
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
|
||||
/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
|
||||
* (which is what our config.h suggests). */
|
||||
#include <assert.h>
|
||||
#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
|
||||
|
||||
#if defined(MBEDTLS_PARAM_FAILED)
|
||||
/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
|
||||
*
|
||||
* This flag can be used to check whether it is safe to assume that
|
||||
* MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
|
||||
*/
|
||||
#define MBEDTLS_PARAM_FAILED_ALT
|
||||
|
||||
#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
|
||||
#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
|
||||
#define MBEDTLS_PARAM_FAILED_ALT
|
||||
|
||||
#else /* MBEDTLS_PARAM_FAILED */
|
||||
#define MBEDTLS_PARAM_FAILED( cond ) \
|
||||
mbedtls_param_failed( #cond, __FILE__, __LINE__ )
|
||||
|
||||
/**
|
||||
* \brief User supplied callback function for parameter validation failure.
|
||||
* See #MBEDTLS_CHECK_PARAMS for context.
|
||||
*
|
||||
* This function will be called unless an alternative treatement
|
||||
* is defined through the #MBEDTLS_PARAM_FAILED macro.
|
||||
*
|
||||
* This function can return, and the operation will be aborted, or
|
||||
* alternatively, through use of setjmp()/longjmp() can resume
|
||||
* execution in the application code.
|
||||
*
|
||||
* \param failure_condition The assertion that didn't hold.
|
||||
* \param file The file where the assertion failed.
|
||||
* \param line The line in the file where the assertion failed.
|
||||
*/
|
||||
void mbedtls_param_failed( const char *failure_condition,
|
||||
const char *file,
|
||||
int line );
|
||||
#endif /* MBEDTLS_PARAM_FAILED */
|
||||
|
||||
/* Internal macro meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
|
||||
do { \
|
||||
if( !(cond) ) \
|
||||
{ \
|
||||
MBEDTLS_PARAM_FAILED( cond ); \
|
||||
return( ret ); \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
/* Internal macro meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
|
||||
do { \
|
||||
if( !(cond) ) \
|
||||
{ \
|
||||
MBEDTLS_PARAM_FAILED( cond ); \
|
||||
return; \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
#else /* MBEDTLS_CHECK_PARAMS */
|
||||
|
||||
/* Internal macros meant to be called only from within the library. */
|
||||
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
|
||||
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
|
||||
|
||||
#endif /* MBEDTLS_CHECK_PARAMS */
|
||||
|
||||
/* Internal helper macros for deprecating API constants. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
|
||||
* to avoid conflict with other headers which define and use
|
||||
* it, too. We might want to move all these definitions here at
|
||||
* some point for uniformity. */
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_string_constant_t) ( VAL ) )
|
||||
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#else /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
* The function is meant to wipe the data contained in a buffer so
|
||||
* that it can no longer be recovered even if the program memory
|
||||
* is later compromised. Call this function on sensitive data
|
||||
* stored on the stack before returning from a function, and on
|
||||
* sensitive data stored on the heap before freeing the heap
|
||||
* object.
|
||||
*
|
||||
* It is extremely difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() are not removed by aggressive
|
||||
* compiler optimizations in a portable way. For this reason, Mbed
|
||||
* TLS provides the configuration option
|
||||
* MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
|
||||
* mbedtls_platform_zeroize() to use a suitable implementation for
|
||||
* their platform and needs
|
||||
*
|
||||
* \param buf Buffer to be zeroized
|
||||
* \param len Length of the buffer in bytes
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_zeroize( void *buf, size_t len );
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
/**
|
||||
* \brief Platform-specific implementation of gmtime_r()
|
||||
*
|
||||
* The function is a thread-safe abstraction that behaves
|
||||
* similarly to the gmtime_r() function from Unix/POSIX.
|
||||
*
|
||||
* Mbed TLS will try to identify the underlying platform and
|
||||
* make use of an appropriate underlying implementation (e.g.
|
||||
* gmtime_r() for POSIX and gmtime_s() for Windows). If this is
|
||||
* not possible, then gmtime() will be used. In this case, calls
|
||||
* from the library to gmtime() will be guarded by the mutex
|
||||
* mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
|
||||
* enabled. It is recommended that calls from outside the library
|
||||
* are also guarded by this mutex.
|
||||
*
|
||||
* If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
|
||||
* unconditionally use the alternative implementation for
|
||||
* mbedtls_platform_gmtime_r() supplied by the user at compile time.
|
||||
*
|
||||
* \param tt Pointer to an object containing time (in seconds) since the
|
||||
* epoch to be converted
|
||||
* \param tm_buf Pointer to an object where the results will be stored
|
||||
*
|
||||
* \return Pointer to an object of type struct tm on success, otherwise
|
||||
* NULL
|
||||
*/
|
||||
struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
|
||||
struct tm *tm_buf );
|
||||
#endif /* MBEDTLS_HAVE_TIME_DATE */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_UTIL_H */
|
|
@ -1,192 +0,0 @@
|
|||
/**
|
||||
* \file poly1305.h
|
||||
*
|
||||
* \brief This file contains Poly1305 definitions and functions.
|
||||
*
|
||||
* Poly1305 is a one-time message authenticator that can be used to
|
||||
* authenticate messages. Poly1305-AES was created by Daniel
|
||||
* Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
|
||||
* Poly1305 algorithm (not tied to AES) was also standardized in RFC
|
||||
* 7539.
|
||||
*
|
||||
* \author Daniel King <damaki.gh@gmail.com>
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_POLY1305_H
|
||||
#define MBEDTLS_POLY1305_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */
|
||||
|
||||
/* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
|
||||
* used. */
|
||||
#define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
|
||||
|
||||
/* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_POLY1305_ALT)
|
||||
|
||||
typedef struct mbedtls_poly1305_context
|
||||
{
|
||||
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
|
||||
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
|
||||
uint32_t acc[5]; /** The accumulator number. */
|
||||
uint8_t queue[16]; /** The current partial block of data. */
|
||||
size_t queue_len; /** The number of bytes stored in 'queue'. */
|
||||
}
|
||||
mbedtls_poly1305_context;
|
||||
|
||||
#else /* MBEDTLS_POLY1305_ALT */
|
||||
#include "poly1305_alt.h"
|
||||
#endif /* MBEDTLS_POLY1305_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified Poly1305 context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* It is usually followed by a call to
|
||||
* \c mbedtls_poly1305_starts(), then one or more calls to
|
||||
* \c mbedtls_poly1305_update(), then one call to
|
||||
* \c mbedtls_poly1305_finish(), then finally
|
||||
* \c mbedtls_poly1305_free().
|
||||
*
|
||||
* \param ctx The Poly1305 context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified
|
||||
* Poly1305 context.
|
||||
*
|
||||
* \param ctx The Poly1305 context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op. If it is not \c NULL, it must
|
||||
* point to an initialized Poly1305 context.
|
||||
*/
|
||||
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the one-time authentication key.
|
||||
*
|
||||
* \warning The key must be unique and unpredictable for each
|
||||
* invocation of Poly1305.
|
||||
*
|
||||
* \param ctx The Poly1305 context to which the key should be bound.
|
||||
* This must be initialized.
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
||||
/**
|
||||
* \brief This functions feeds an input buffer into an ongoing
|
||||
* Poly1305 computation.
|
||||
*
|
||||
* It is called between \c mbedtls_cipher_poly1305_starts() and
|
||||
* \c mbedtls_cipher_poly1305_finish().
|
||||
* It can be called repeatedly to process a stream of data.
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function generates the Poly1305 Message
|
||||
* Authentication Code (MAC).
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mac The buffer to where the MAC is written. This must
|
||||
* be a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
||||
/**
|
||||
* \brief This function calculates the Poly1305 MAC of the input
|
||||
* buffer with the provided key.
|
||||
*
|
||||
* \warning The key must be unique and unpredictable for each
|
||||
* invocation of Poly1305.
|
||||
*
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param mac The buffer to where the MAC is written. This must be
|
||||
* a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_mac( const unsigned char key[32],
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char mac[16] );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief The Poly1305 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_POLY1305_H */
|
|
@ -1,482 +0,0 @@
|
|||
/**
|
||||
* \file psa_util.h
|
||||
*
|
||||
* \brief Utility functions for the use of the PSA Crypto library.
|
||||
*
|
||||
* \warning This function is not part of the public API and may
|
||||
* change at any time.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PSA_UTIL_H
|
||||
#define MBEDTLS_PSA_UTIL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
#include "psa/crypto.h"
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
#include "pk.h"
|
||||
#include "oid.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Translations for symmetric crypto. */
|
||||
|
||||
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
|
||||
mbedtls_cipher_type_t cipher )
|
||||
{
|
||||
switch( cipher )
|
||||
{
|
||||
case MBEDTLS_CIPHER_AES_128_CCM:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM:
|
||||
case MBEDTLS_CIPHER_AES_128_GCM:
|
||||
case MBEDTLS_CIPHER_AES_192_GCM:
|
||||
case MBEDTLS_CIPHER_AES_256_GCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CBC:
|
||||
case MBEDTLS_CIPHER_AES_192_CBC:
|
||||
case MBEDTLS_CIPHER_AES_256_CBC:
|
||||
return( PSA_KEY_TYPE_AES );
|
||||
|
||||
/* ARIA not yet supported in PSA. */
|
||||
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CBC:
|
||||
return( PSA_KEY_TYPE_ARIA ); */
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
|
||||
mbedtls_cipher_mode_t mode, size_t taglen )
|
||||
{
|
||||
switch( mode )
|
||||
{
|
||||
case MBEDTLS_MODE_GCM:
|
||||
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
|
||||
case MBEDTLS_MODE_CCM:
|
||||
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );
|
||||
case MBEDTLS_MODE_CBC:
|
||||
if( taglen == 0 )
|
||||
return( PSA_ALG_CBC_NO_PADDING );
|
||||
/* Intentional fallthrough for taglen != 0 */
|
||||
/* fallthrough */
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
|
||||
mbedtls_operation_t op )
|
||||
{
|
||||
switch( op )
|
||||
{
|
||||
case MBEDTLS_ENCRYPT:
|
||||
return( PSA_KEY_USAGE_ENCRYPT );
|
||||
case MBEDTLS_DECRYPT:
|
||||
return( PSA_KEY_USAGE_DECRYPT );
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
/* Translations for hashing. */
|
||||
|
||||
static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
|
||||
{
|
||||
switch( md_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
case MBEDTLS_MD_MD2:
|
||||
return( PSA_ALG_MD2 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
case MBEDTLS_MD_MD4:
|
||||
return( PSA_ALG_MD4 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
case MBEDTLS_MD_MD5:
|
||||
return( PSA_ALG_MD5 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
case MBEDTLS_MD_SHA1:
|
||||
return( PSA_ALG_SHA_1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_MD_SHA224:
|
||||
return( PSA_ALG_SHA_224 );
|
||||
case MBEDTLS_MD_SHA256:
|
||||
return( PSA_ALG_SHA_256 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
return( PSA_ALG_SHA_384 );
|
||||
case MBEDTLS_MD_SHA512:
|
||||
return( PSA_ALG_SHA_512 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
case MBEDTLS_MD_RIPEMD160:
|
||||
return( PSA_ALG_RIPEMD160 );
|
||||
#endif
|
||||
case MBEDTLS_MD_NONE: /* Intentional fallthrough */
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
/* Translations for ECC. */
|
||||
|
||||
static inline int mbedtls_psa_get_ecc_oid_from_id(
|
||||
psa_ecc_curve_t curve, char const **oid, size_t *oid_len )
|
||||
{
|
||||
switch( curve )
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP192R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP224R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP256R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP384R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP521R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP192K1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP224K1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
case PSA_ECC_CURVE_SECP256K1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P256R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P384R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P512R1:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
|
||||
return( 0 );
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
}
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
|
||||
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
|
||||
|
||||
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
|
||||
{
|
||||
switch( grpid )
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP192R1:
|
||||
return( PSA_ECC_CURVE_SECP192R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP224R1:
|
||||
return( PSA_ECC_CURVE_SECP224R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP256R1:
|
||||
return( PSA_ECC_CURVE_SECP256R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP384R1:
|
||||
return( PSA_ECC_CURVE_SECP384R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP521R1:
|
||||
return( PSA_ECC_CURVE_SECP521R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_BP256R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_BP384R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_BP512R1:
|
||||
return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
case MBEDTLS_ECP_DP_CURVE25519:
|
||||
return( PSA_ECC_CURVE_CURVE25519 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP192K1:
|
||||
return( PSA_ECC_CURVE_SECP192K1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP224K1:
|
||||
return( PSA_ECC_CURVE_SECP224K1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
case MBEDTLS_ECP_DP_SECP256K1:
|
||||
return( PSA_ECC_CURVE_SECP256K1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
case MBEDTLS_ECP_DP_CURVE448:
|
||||
return( PSA_ECC_CURVE_CURVE448 );
|
||||
#endif
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \
|
||||
( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \
|
||||
curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \
|
||||
curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \
|
||||
curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \
|
||||
curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \
|
||||
curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \
|
||||
curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \
|
||||
curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \
|
||||
curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
|
||||
curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
|
||||
curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
|
||||
0 )
|
||||
|
||||
#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \
|
||||
( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 )
|
||||
|
||||
/* Translations for PK layer */
|
||||
|
||||
static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
|
||||
{
|
||||
switch( status )
|
||||
{
|
||||
case PSA_SUCCESS:
|
||||
return( 0 );
|
||||
case PSA_ERROR_NOT_SUPPORTED:
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
case PSA_ERROR_BAD_STATE:
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
/* All other failures */
|
||||
case PSA_ERROR_COMMUNICATION_FAILURE:
|
||||
case PSA_ERROR_HARDWARE_FAILURE:
|
||||
case PSA_ERROR_TAMPERING_DETECTED:
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
default: /* We return the same as for the 'other failures',
|
||||
* but list them separately nonetheless to indicate
|
||||
* which failure conditions we have considered. */
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
|
||||
/* Translations for ECC */
|
||||
|
||||
/* This function transforms an ECC group identifier from
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
* into a PSA ECC group identifier. */
|
||||
static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
|
||||
uint16_t tls_ecc_grp_reg_id )
|
||||
{
|
||||
/* The PSA identifiers are currently aligned with those from
|
||||
* the TLS Supported Groups registry, so no conversion is necessary. */
|
||||
return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
|
||||
}
|
||||
|
||||
/* This function takes a buffer holding an EC public key
|
||||
* exported through psa_export_public_key(), and converts
|
||||
* it into an ECPoint structure to be put into a ClientKeyExchange
|
||||
* message in an ECDHE exchange.
|
||||
*
|
||||
* Both the present and the foreseeable future format of EC public keys
|
||||
* used by PSA have the ECPoint structure contained in the exported key
|
||||
* as a subbuffer, and the function merely selects this subbuffer instead
|
||||
* of making a copy.
|
||||
*/
|
||||
static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
|
||||
size_t srclen,
|
||||
unsigned char **dst,
|
||||
size_t *dstlen )
|
||||
{
|
||||
*dst = src;
|
||||
*dstlen = srclen;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* This function takes a buffer holding an ECPoint structure
|
||||
* (as contained in a TLS ServerKeyExchange message for ECDHE
|
||||
* exchanges) and converts it into a format that the PSA key
|
||||
* agreement API understands.
|
||||
*/
|
||||
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,
|
||||
unsigned char const *src,
|
||||
size_t srclen,
|
||||
unsigned char *dst,
|
||||
size_t dstlen,
|
||||
size_t *olen )
|
||||
{
|
||||
((void) curve);
|
||||
|
||||
if( srclen > dstlen )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
||||
memcpy( dst, src, srclen );
|
||||
*olen = srclen;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_PSA_UTIL_H */
|
|
@ -1,237 +0,0 @@
|
|||
/**
|
||||
* \file ripemd160.h
|
||||
*
|
||||
* \brief RIPE MD-160 message digest
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_RIPEMD160_H
|
||||
#define MBEDTLS_RIPEMD160_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 context structure
|
||||
*/
|
||||
typedef struct mbedtls_ripemd160_context
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[5]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
}
|
||||
mbedtls_ripemd160_context;
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize RIPEMD-160 context
|
||||
*
|
||||
* \param ctx RIPEMD-160 context to be initialized
|
||||
*/
|
||||
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear RIPEMD-160 context
|
||||
*
|
||||
* \param ctx RIPEMD-160 context to be cleared
|
||||
*/
|
||||
void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) an RIPEMD-160 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
|
||||
const mbedtls_ripemd160_context *src );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
|
||||
mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_ripemd160_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_ripemd160.h */
|
File diff suppressed because it is too large
Load diff
|
@ -1,226 +0,0 @@
|
|||
/**
|
||||
* \file rsa_internal.h
|
||||
*
|
||||
* \brief Context-independent RSA helper functions
|
||||
*
|
||||
* This module declares some RSA-related helper functions useful when
|
||||
* implementing the RSA interface. These functions are provided in a separate
|
||||
* compilation unit in order to make it easy for designers of alternative RSA
|
||||
* implementations to use them in their own code, as it is conceived that the
|
||||
* functionality they provide will be necessary for most complete
|
||||
* implementations.
|
||||
*
|
||||
* End-users of Mbed TLS who are not providing their own alternative RSA
|
||||
* implementations should not use these functions directly, and should instead
|
||||
* use only the functions declared in rsa.h.
|
||||
*
|
||||
* The interface provided by this module will be maintained through LTS (Long
|
||||
* Term Support) branches of Mbed TLS, but may otherwise be subject to change,
|
||||
* and must be considered an internal interface of the library.
|
||||
*
|
||||
* There are two classes of helper functions:
|
||||
*
|
||||
* (1) Parameter-generating helpers. These are:
|
||||
* - mbedtls_rsa_deduce_primes
|
||||
* - mbedtls_rsa_deduce_private_exponent
|
||||
* - mbedtls_rsa_deduce_crt
|
||||
* Each of these functions takes a set of core RSA parameters and
|
||||
* generates some other, or CRT related parameters.
|
||||
*
|
||||
* (2) Parameter-checking helpers. These are:
|
||||
* - mbedtls_rsa_validate_params
|
||||
* - mbedtls_rsa_validate_crt
|
||||
* They take a set of core or CRT related RSA parameters and check their
|
||||
* validity.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_RSA_INTERNAL_H
|
||||
#define MBEDTLS_RSA_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* \brief Compute RSA prime moduli P, Q from public modulus N=PQ
|
||||
* and a pair of private and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ, with P, Q to be found
|
||||
* \param E RSA public exponent
|
||||
* \param D RSA private exponent
|
||||
* \param P Pointer to MPI holding first prime factor of N on success
|
||||
* \param Q Pointer to MPI holding second prime factor of N on success
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, P and Q constitute a
|
||||
* factorization of N.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note It is neither checked that P, Q are prime nor that
|
||||
* D, E are modular inverses wrt. P-1 and Q-1. For that,
|
||||
* use the helper function \c mbedtls_rsa_validate_params.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
|
||||
mbedtls_mpi const *D,
|
||||
mbedtls_mpi *P, mbedtls_mpi *Q );
|
||||
|
||||
/**
|
||||
* \brief Compute RSA private exponent from
|
||||
* prime moduli and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param E RSA public exponent
|
||||
* \param D Pointer to MPI holding the private exponent on success.
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, D is set to a simultaneous
|
||||
* modular inverse of E modulo both P-1 and Q-1.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P and Q are primes.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
|
||||
mbedtls_mpi const *Q,
|
||||
mbedtls_mpi const *E,
|
||||
mbedtls_mpi *D );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Generate RSA-CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param DP Output variable for D modulo P-1
|
||||
* \param DQ Output variable for D modulo Q-1
|
||||
* \param QP Output variable for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return 0 on success, non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P, Q are
|
||||
* prime and whether D is a valid private exponent.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, mbedtls_mpi *DP,
|
||||
mbedtls_mpi *DQ, mbedtls_mpi *QP );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Check validity of core RSA parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param E RSA public exponent
|
||||
* \param f_rng PRNG to be used for primality check, or NULL
|
||||
* \param p_rng PRNG context for f_rng, or NULL
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied
|
||||
* if all relevant parameters are provided:
|
||||
* - P prime if f_rng != NULL (%)
|
||||
* - Q prime if f_rng != NULL (%)
|
||||
* - 1 < N = P * Q
|
||||
* - 1 < D, E < N
|
||||
* - D and E are modular inverses modulo P-1 and Q-1
|
||||
* (%) This is only done if MBEDTLS_GENPRIME is defined.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with
|
||||
* (-,P,-,-,-) and a PRNG amounts to a primality check for P.
|
||||
*/
|
||||
int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *Q, const mbedtls_mpi *D,
|
||||
const mbedtls_mpi *E,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check validity of RSA CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param D RSA private exponent
|
||||
* \param DP MPI to check for D modulo P-1
|
||||
* \param DQ MPI to check for D modulo P-1
|
||||
* \param QP MPI to check for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied:
|
||||
* - D = DP mod P-1 if P, D, DP != NULL
|
||||
* - Q = DQ mod P-1 if P, D, DQ != NULL
|
||||
* - QP = Q^-1 mod P if P, Q, QP != NULL
|
||||
* - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed,
|
||||
* potentially including \c MBEDTLS_ERR_MPI_XXX if some
|
||||
* MPI calculations failed.
|
||||
* - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient
|
||||
* data was provided to check DP, DQ or QP.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with the
|
||||
* parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
|
||||
*/
|
||||
int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, const mbedtls_mpi *DP,
|
||||
const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* rsa_internal.h */
|
|
@ -1,352 +0,0 @@
|
|||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief This file contains SHA-1 definitions and functions.
|
||||
*
|
||||
* The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
|
||||
* <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA1_H
|
||||
#define MBEDTLS_SHA1_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< SHA-1 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-1 context structure.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct mbedtls_sha1_context
|
||||
{
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[5]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
}
|
||||
mbedtls_sha1_context;
|
||||
|
||||
#else /* MBEDTLS_SHA1_ALT */
|
||||
#include "sha1_alt.h"
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear. This may be \c NULL,
|
||||
* in which case this function does nothing. If it is
|
||||
* not \c NULL, it must point to an initialized
|
||||
* SHA-1 context.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param dst The SHA-1 context to clone to. This must be initialized.
|
||||
* \param src The SHA-1 context to clone from. This must be initialized.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize. This must be initialized.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to use. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-1 checksum result. This must be a writable
|
||||
* buffer of length \c 20 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to use. This must be initialized.
|
||||
* \param data The data block being processed. This must be a
|
||||
* readable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize. This must be initialized.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param input The buffer holding the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* This must be a writable buffer of length \c 20 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context. This must be initialized.
|
||||
* \param data The data block being processed.
|
||||
* This must be a readable buffer of length \c 64 bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* This must be a writable buffer of length \c 20 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* This must be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data \p input in Bytes.
|
||||
* \param output The SHA-1 checksum result. This must be a writable
|
||||
* buffer of size \c 20 Bytes.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief The SHA-1 checkup routine.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_sha1.h */
|
|
@ -1,297 +0,0 @@
|
|||
/**
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief This file contains SHA-224 and SHA-256 definitions and functions.
|
||||
*
|
||||
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA256_H
|
||||
#define MBEDTLS_SHA256_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-256 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-256 and for SHA-224
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha256_starts_ret().
|
||||
*/
|
||||
typedef struct mbedtls_sha256_context
|
||||
{
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
int is224; /*!< Determines which function to use:
|
||||
0: Use SHA-256, or 1: Use SHA-224. */
|
||||
}
|
||||
mbedtls_sha256_context;
|
||||
|
||||
#else /* MBEDTLS_SHA256_ALT */
|
||||
#include "sha256_alt.h"
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to clear. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not \c NULL,
|
||||
* it must point to an initialized SHA-256 context.
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-256 context.
|
||||
*
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The context to clone. This must be initialized.
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 This determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* This must be a writable buffer of length \c 32 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must
|
||||
* be a readable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to use. This must be
|
||||
* initialized and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must be
|
||||
* a readable buffer of size \c 64 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-224 or SHA-256
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must
|
||||
* be a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-224 or SHA-256 checksum
|
||||
* of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
|
||||
*
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief The SHA-224 and SHA-256 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_sha256.h */
|
|
@ -1,300 +0,0 @@
|
|||
/**
|
||||
* \file sha512.h
|
||||
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
|
||||
*
|
||||
* The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA512_H
|
||||
#define MBEDTLS_SHA512_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< SHA-512 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-512 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-384 and for SHA-512
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha512_starts_ret().
|
||||
*/
|
||||
typedef struct mbedtls_sha512_context
|
||||
{
|
||||
uint64_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint64_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[128]; /*!< The data block being processed. */
|
||||
int is384; /*!< Determines which function to use:
|
||||
0: Use SHA-512, or 1: Use SHA-384. */
|
||||
}
|
||||
mbedtls_sha512_context;
|
||||
|
||||
#else /* MBEDTLS_SHA512_ALT */
|
||||
#include "sha512_alt.h"
|
||||
#endif /* MBEDTLS_SHA512_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-512 context.
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-512 context.
|
||||
*
|
||||
* \param ctx The SHA-512 context to clear. This may be \c NULL,
|
||||
* in which case this function does nothing. If it
|
||||
* is not \c NULL, it must point to an initialized
|
||||
* SHA-512 context.
|
||||
*/
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-512 context.
|
||||
*
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The context to clone. This must be initialized.
|
||||
*/
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context to use. This must be initialized.
|
||||
* \param is384 Determines which function to use. This must be
|
||||
* either \c for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the input data. This must
|
||||
* be a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* This must be a writable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This
|
||||
* must be a readable buffer of length \c 128 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context to use. This must be initialized.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512 or \c 1 for SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-384 or SHA-512 checksum result. This must
|
||||
* be a writable buffer of size \c 64 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must be
|
||||
* a readable buffer of length \c 128 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data. This must be
|
||||
* a readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* This must be a writable buffer of length \c 64 Bytes.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha512_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the data. This must be a
|
||||
* readable buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-384 or SHA-512 checksum result. This must
|
||||
* be a writable buffer of length \c 64 Bytes.
|
||||
* \param is384 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-512, or \c 1 for SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief The SHA-384 or SHA-512 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_sha512.h */
|
|
@ -25,27 +25,27 @@
|
|||
#define MBEDTLS_SSL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
#include "ecp.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
|
||||
#include "ssl_ciphersuites.h"
|
||||
#include "mbedtls/ssl_ciphersuites.h"
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#include "x509_crt.h"
|
||||
#include "x509_crl.h"
|
||||
#include "mbedtls/x509_crt.h"
|
||||
#include "mbedtls/x509_crl.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
#include "dhm.h"
|
||||
#include "mbedtls/dhm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#include "ecdh.h"
|
||||
#include "mbedtls/ecdh.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
|
@ -62,7 +62,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "platform_time.h"
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -25,15 +25,15 @@
|
|||
#define MBEDTLS_SSL_CACHE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,14 +25,14 @@
|
|||
#define MBEDTLS_SSL_CIPHERSUITES_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "pk.h"
|
||||
#include "cipher.h"
|
||||
#include "md.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -25,15 +25,15 @@
|
|||
#define MBEDTLS_SSL_COOKIE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,41 +25,41 @@
|
|||
#define MBEDTLS_SSL_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "md5.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#include "sha1.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#include "sha256.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#include "sha512.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#include "ecjpake.h"
|
||||
#include "mbedtls/ecjpake.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_util.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
#define MBEDTLS_SSL_TICKET_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
@ -36,11 +36,11 @@
|
|||
* secrecy, when MBEDTLS_HAVE_TIME is defined.
|
||||
*/
|
||||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "threading.h"
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -1,122 +0,0 @@
|
|||
/**
|
||||
* \file threading.h
|
||||
*
|
||||
* \brief Threading abstraction layer
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_THREADING_H
|
||||
#define MBEDTLS_THREADING_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be
|
||||
* used. */
|
||||
#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */
|
||||
|
||||
#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#include <pthread.h>
|
||||
typedef struct mbedtls_threading_mutex_t
|
||||
{
|
||||
pthread_mutex_t mutex;
|
||||
char is_valid;
|
||||
} mbedtls_threading_mutex_t;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
/* You should define the mbedtls_threading_mutex_t type in your header */
|
||||
#include "threading_alt.h"
|
||||
|
||||
/**
|
||||
* \brief Set your alternate threading implementation function
|
||||
* pointers and initialize global mutexes. If used, this
|
||||
* function must be called once in the main thread before any
|
||||
* other mbed TLS function is called, and
|
||||
* mbedtls_threading_free_alt() must be called once in the main
|
||||
* thread after all other mbed TLS functions.
|
||||
*
|
||||
* \note mutex_init() and mutex_free() don't return a status code.
|
||||
* If mutex_init() fails, it should leave its argument (the
|
||||
* mutex) in a state such that mutex_lock() will fail when
|
||||
* called with this argument.
|
||||
*
|
||||
* \param mutex_init the init function implementation
|
||||
* \param mutex_free the free function implementation
|
||||
* \param mutex_lock the lock function implementation
|
||||
* \param mutex_unlock the unlock function implementation
|
||||
*/
|
||||
void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
|
||||
void (*mutex_free)( mbedtls_threading_mutex_t * ),
|
||||
int (*mutex_lock)( mbedtls_threading_mutex_t * ),
|
||||
int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
|
||||
|
||||
/**
|
||||
* \brief Free global mutexes.
|
||||
*/
|
||||
void mbedtls_threading_free_alt( void );
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/*
|
||||
* The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
|
||||
*
|
||||
* All these functions are expected to work or the result will be undefined.
|
||||
*/
|
||||
extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
|
||||
extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
|
||||
extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
|
||||
extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
|
||||
|
||||
/*
|
||||
* Global mutexes
|
||||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
|
||||
/* This mutex may or may not be used in the default definition of
|
||||
* mbedtls_platform_gmtime_r(), but in order to determine that,
|
||||
* we need to check POSIX features, hence modify _POSIX_C_SOURCE.
|
||||
* With the current approach, this declaration is orphaned, lacking
|
||||
* an accompanying definition, in case mbedtls_platform_gmtime_r()
|
||||
* doesn't need it, but that's not a problem. */
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
|
||||
#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
|
||||
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* threading.h */
|
|
@ -1,153 +0,0 @@
|
|||
/**
|
||||
* \file timing.h
|
||||
*
|
||||
* \brief Portable interface to timeouts and to the CPU cycle counter
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_TIMING_H
|
||||
#define MBEDTLS_TIMING_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief timer structure
|
||||
*/
|
||||
struct mbedtls_timing_hr_time
|
||||
{
|
||||
unsigned char opaque[32];
|
||||
};
|
||||
|
||||
/**
|
||||
* \brief Context for mbedtls_timing_set/get_delay()
|
||||
*/
|
||||
typedef struct mbedtls_timing_delay_context
|
||||
{
|
||||
struct mbedtls_timing_hr_time timer;
|
||||
uint32_t int_ms;
|
||||
uint32_t fin_ms;
|
||||
} mbedtls_timing_delay_context;
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
extern volatile int mbedtls_timing_alarmed;
|
||||
|
||||
/**
|
||||
* \brief Return the CPU cycle counter value
|
||||
*
|
||||
* \warning This is only a best effort! Do not rely on this!
|
||||
* In particular, it is known to be unreliable on virtual
|
||||
* machines.
|
||||
*
|
||||
* \note This value starts at an unspecified origin and
|
||||
* may wrap around.
|
||||
*/
|
||||
unsigned long mbedtls_timing_hardclock( void );
|
||||
|
||||
/**
|
||||
* \brief Return the elapsed time in milliseconds
|
||||
*
|
||||
* \param val points to a timer structure
|
||||
* \param reset If 0, query the elapsed time. Otherwise (re)start the timer.
|
||||
*
|
||||
* \return Elapsed time since the previous reset in ms. When
|
||||
* restarting, this is always 0.
|
||||
*
|
||||
* \note To initialize a timer, call this function with reset=1.
|
||||
*
|
||||
* Determining the elapsed time and resetting the timer is not
|
||||
* atomic on all platforms, so after the sequence
|
||||
* `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
|
||||
* get_timer(0) }` the value time1+time2 is only approximately
|
||||
* the delay since the first reset.
|
||||
*/
|
||||
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
|
||||
|
||||
/**
|
||||
* \brief Setup an alarm clock
|
||||
*
|
||||
* \param seconds delay before the "mbedtls_timing_alarmed" flag is set
|
||||
* (must be >=0)
|
||||
*
|
||||
* \warning Only one alarm at a time is supported. In a threaded
|
||||
* context, this means one for the whole process, not one per
|
||||
* thread.
|
||||
*/
|
||||
void mbedtls_set_alarm( int seconds );
|
||||
|
||||
/**
|
||||
* \brief Set a pair of delays to watch
|
||||
* (See \c mbedtls_timing_get_delay().)
|
||||
*
|
||||
* \param data Pointer to timing data.
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
* \param int_ms First (intermediate) delay in milliseconds.
|
||||
* The effect if int_ms > fin_ms is unspecified.
|
||||
* \param fin_ms Second (final) delay in milliseconds.
|
||||
* Pass 0 to cancel the current delay.
|
||||
*
|
||||
* \note To set a single delay, either use \c mbedtls_timing_set_timer
|
||||
* directly or use this function with int_ms == fin_ms.
|
||||
*/
|
||||
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
||||
|
||||
/**
|
||||
* \brief Get the status of delays
|
||||
* (Memory helper: number of delays passed.)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
*
|
||||
* \return -1 if cancelled (fin_ms = 0),
|
||||
* 0 if none of the delays are passed,
|
||||
* 1 if only the intermediate delay is passed,
|
||||
* 2 if the final delay is passed.
|
||||
*/
|
||||
int mbedtls_timing_get_delay( void *data );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_timing_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* timing.h */
|
|
@ -29,7 +29,7 @@
|
|||
#define MBEDTLS_VERSION_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
|
|
@ -25,16 +25,16 @@
|
|||
#define MBEDTLS_X509_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
#include "pk.h"
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/pk.h"
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "rsa.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,12 +25,12 @@
|
|||
#define MBEDTLS_X509_CRL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "x509.h"
|
||||
#include "mbedtls/x509.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -25,14 +25,14 @@
|
|||
#define MBEDTLS_X509_CRT_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "x509.h"
|
||||
#include "x509_crl.h"
|
||||
#include "bignum.h"
|
||||
#include "mbedtls/x509.h"
|
||||
#include "mbedtls/x509_crl.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
|
||||
/**
|
||||
* \addtogroup x509_module
|
||||
|
|
|
@ -25,12 +25,12 @@
|
|||
#define MBEDTLS_X509_CSR_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "x509.h"
|
||||
#include "mbedtls/x509.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -1,139 +0,0 @@
|
|||
/**
|
||||
* \file xtea.h
|
||||
*
|
||||
* \brief XTEA block cipher (32-bit)
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_XTEA_H
|
||||
#define MBEDTLS_XTEA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_XTEA_ENCRYPT 1
|
||||
#define MBEDTLS_XTEA_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
|
||||
|
||||
/* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief XTEA context structure
|
||||
*/
|
||||
typedef struct mbedtls_xtea_context
|
||||
{
|
||||
uint32_t k[4]; /*!< key */
|
||||
}
|
||||
mbedtls_xtea_context;
|
||||
|
||||
#else /* MBEDTLS_XTEA_ALT */
|
||||
#include "xtea_alt.h"
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize XTEA context
|
||||
*
|
||||
* \param ctx XTEA context to be initialized
|
||||
*/
|
||||
void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear XTEA context
|
||||
*
|
||||
* \param ctx XTEA context to be cleared
|
||||
*/
|
||||
void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief XTEA key schedule
|
||||
*
|
||||
* \param ctx XTEA context to be initialized
|
||||
* \param key the secret key
|
||||
*/
|
||||
void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
|
||||
|
||||
/**
|
||||
* \brief XTEA cipher function
|
||||
*
|
||||
* \param ctx XTEA context
|
||||
* \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
|
||||
* \param input 8-byte input block
|
||||
* \param output 8-byte output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[8],
|
||||
unsigned char output[8] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief XTEA CBC cipher function
|
||||
*
|
||||
* \param ctx XTEA context
|
||||
* \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
|
||||
* \param length the length of input, multiple of 8
|
||||
* \param iv initialization vector for CBC mode
|
||||
* \param input input block
|
||||
* \param output output block
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
|
||||
*/
|
||||
int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[8],
|
||||
const unsigned char *input,
|
||||
unsigned char *output);
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_xtea_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* xtea.h */
|
2209
library/aes.c
2209
library/aes.c
File diff suppressed because it is too large
Load diff
470
library/aesni.c
470
library/aesni.c
|
@ -1,470 +0,0 @@
|
|||
/*
|
||||
* AES-NI support functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
|
||||
* [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include "mbedtls/aesni.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#ifndef asm
|
||||
#define asm __asm
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_X86_64)
|
||||
|
||||
/*
|
||||
* AES-NI support detection routine
|
||||
*/
|
||||
int mbedtls_aesni_has_support( unsigned int what )
|
||||
{
|
||||
static int done = 0;
|
||||
static unsigned int c = 0;
|
||||
|
||||
if( ! done )
|
||||
{
|
||||
asm( "movl $1, %%eax \n\t"
|
||||
"cpuid \n\t"
|
||||
: "=c" (c)
|
||||
:
|
||||
: "eax", "ebx", "edx" );
|
||||
done = 1;
|
||||
}
|
||||
|
||||
return( ( c & what ) != 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Binutils needs to be at least 2.19 to support AES-NI instructions.
|
||||
* Unfortunately, a lot of users have a lower version now (2014-04).
|
||||
* Emit bytecode directly in order to support "old" version of gas.
|
||||
*
|
||||
* Opcodes from the Intel architecture reference manual, vol. 3.
|
||||
* We always use registers, so we don't need prefixes for memory operands.
|
||||
* Operand macros are in gas order (src, dst) as opposed to Intel order
|
||||
* (dst, src) in order to blend better into the surrounding assembly code.
|
||||
*/
|
||||
#define AESDEC ".byte 0x66,0x0F,0x38,0xDE,"
|
||||
#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF,"
|
||||
#define AESENC ".byte 0x66,0x0F,0x38,0xDC,"
|
||||
#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD,"
|
||||
#define AESIMC ".byte 0x66,0x0F,0x38,0xDB,"
|
||||
#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF,"
|
||||
#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44,"
|
||||
|
||||
#define xmm0_xmm0 "0xC0"
|
||||
#define xmm0_xmm1 "0xC8"
|
||||
#define xmm0_xmm2 "0xD0"
|
||||
#define xmm0_xmm3 "0xD8"
|
||||
#define xmm0_xmm4 "0xE0"
|
||||
#define xmm1_xmm0 "0xC1"
|
||||
#define xmm1_xmm2 "0xD1"
|
||||
|
||||
/*
|
||||
* AES-NI AES-ECB block en(de)cryption
|
||||
*/
|
||||
int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
asm( "movdqu (%3), %%xmm0 \n\t" // load input
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key 0
|
||||
"pxor %%xmm1, %%xmm0 \n\t" // round 0
|
||||
"add $16, %1 \n\t" // point to next round key
|
||||
"subl $1, %0 \n\t" // normal rounds = nr - 1
|
||||
"test %2, %2 \n\t" // mode?
|
||||
"jz 2f \n\t" // 0 = decrypt
|
||||
|
||||
"1: \n\t" // encryption loop
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
AESENC xmm1_xmm0 "\n\t" // do round
|
||||
"add $16, %1 \n\t" // point to next round key
|
||||
"subl $1, %0 \n\t" // loop
|
||||
"jnz 1b \n\t"
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
AESENCLAST xmm1_xmm0 "\n\t" // last round
|
||||
"jmp 3f \n\t"
|
||||
|
||||
"2: \n\t" // decryption loop
|
||||
"movdqu (%1), %%xmm1 \n\t"
|
||||
AESDEC xmm1_xmm0 "\n\t" // do round
|
||||
"add $16, %1 \n\t"
|
||||
"subl $1, %0 \n\t"
|
||||
"jnz 2b \n\t"
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
AESDECLAST xmm1_xmm0 "\n\t" // last round
|
||||
|
||||
"3: \n\t"
|
||||
"movdqu %%xmm0, (%4) \n\t" // export output
|
||||
:
|
||||
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
|
||||
: "memory", "cc", "xmm0", "xmm1" );
|
||||
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* GCM multiplication: c = a times b in GF(2^128)
|
||||
* Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
|
||||
*/
|
||||
void mbedtls_aesni_gcm_mult( unsigned char c[16],
|
||||
const unsigned char a[16],
|
||||
const unsigned char b[16] )
|
||||
{
|
||||
unsigned char aa[16], bb[16], cc[16];
|
||||
size_t i;
|
||||
|
||||
/* The inputs are in big-endian order, so byte-reverse them */
|
||||
for( i = 0; i < 16; i++ )
|
||||
{
|
||||
aa[i] = a[15 - i];
|
||||
bb[i] = b[15 - i];
|
||||
}
|
||||
|
||||
asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0
|
||||
"movdqu (%1), %%xmm1 \n\t" // b1:b0
|
||||
|
||||
/*
|
||||
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
|
||||
* using [CLMUL-WP] algorithm 1 (p. 13).
|
||||
*/
|
||||
"movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
|
||||
"movdqa %%xmm1, %%xmm3 \n\t" // same
|
||||
"movdqa %%xmm1, %%xmm4 \n\t" // same
|
||||
PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
|
||||
PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
|
||||
PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
|
||||
PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
|
||||
"pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
|
||||
"movdqa %%xmm4, %%xmm3 \n\t" // same
|
||||
"psrldq $8, %%xmm4 \n\t" // 0:e1+f1
|
||||
"pslldq $8, %%xmm3 \n\t" // e0+f0:0
|
||||
"pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
|
||||
"pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
|
||||
|
||||
/*
|
||||
* Now shift the result one bit to the left,
|
||||
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
|
||||
*/
|
||||
"movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
|
||||
"movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
|
||||
"psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
|
||||
"psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
|
||||
"psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
|
||||
"psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
|
||||
"movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
|
||||
"pslldq $8, %%xmm3 \n\t" // r0>>63:0
|
||||
"pslldq $8, %%xmm4 \n\t" // r2>>63:0
|
||||
"psrldq $8, %%xmm5 \n\t" // 0:r1>>63
|
||||
"por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
|
||||
"por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
|
||||
"por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
|
||||
|
||||
/*
|
||||
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
|
||||
* using [CLMUL-WP] algorithm 5 (p. 20).
|
||||
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
|
||||
*/
|
||||
/* Step 2 (1) */
|
||||
"movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
|
||||
"movdqa %%xmm1, %%xmm4 \n\t" // same
|
||||
"movdqa %%xmm1, %%xmm5 \n\t" // same
|
||||
"psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
|
||||
"psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
|
||||
"psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
|
||||
|
||||
/* Step 2 (2) */
|
||||
"pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
|
||||
"pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
|
||||
"pslldq $8, %%xmm3 \n\t" // a+b+c:0
|
||||
"pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
|
||||
|
||||
/* Steps 3 and 4 */
|
||||
"movdqa %%xmm1,%%xmm0 \n\t" // d:x0
|
||||
"movdqa %%xmm1,%%xmm4 \n\t" // same
|
||||
"movdqa %%xmm1,%%xmm5 \n\t" // same
|
||||
"psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
|
||||
"psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
|
||||
"psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
|
||||
"pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
|
||||
"pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
|
||||
// e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
|
||||
// bits carried from d. Now get those\t bits back in.
|
||||
"movdqa %%xmm1,%%xmm3 \n\t" // d:x0
|
||||
"movdqa %%xmm1,%%xmm4 \n\t" // same
|
||||
"movdqa %%xmm1,%%xmm5 \n\t" // same
|
||||
"psllq $63, %%xmm3 \n\t" // d<<63:stuff
|
||||
"psllq $62, %%xmm4 \n\t" // d<<62:stuff
|
||||
"psllq $57, %%xmm5 \n\t" // d<<57:stuff
|
||||
"pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
|
||||
"pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
|
||||
"psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
|
||||
"pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
|
||||
"pxor %%xmm1, %%xmm0 \n\t" // h1:h0
|
||||
"pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
|
||||
|
||||
"movdqu %%xmm0, (%2) \n\t" // done
|
||||
:
|
||||
: "r" (aa), "r" (bb), "r" (cc)
|
||||
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
|
||||
|
||||
/* Now byte-reverse the outputs */
|
||||
for( i = 0; i < 16; i++ )
|
||||
c[i] = cc[15 - i];
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute decryption round keys from encryption round keys
|
||||
*/
|
||||
void mbedtls_aesni_inverse_key( unsigned char *invkey,
|
||||
const unsigned char *fwdkey, int nr )
|
||||
{
|
||||
unsigned char *ik = invkey;
|
||||
const unsigned char *fk = fwdkey + 16 * nr;
|
||||
|
||||
memcpy( ik, fk, 16 );
|
||||
|
||||
for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
|
||||
asm( "movdqu (%0), %%xmm0 \n\t"
|
||||
AESIMC xmm0_xmm0 "\n\t"
|
||||
"movdqu %%xmm0, (%1) \n\t"
|
||||
:
|
||||
: "r" (fk), "r" (ik)
|
||||
: "memory", "xmm0" );
|
||||
|
||||
memcpy( ik, fk, 16 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Key expansion, 128-bit case
|
||||
*/
|
||||
static void aesni_setkey_enc_128( unsigned char *rk,
|
||||
const unsigned char *key )
|
||||
{
|
||||
asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key
|
||||
"movdqu %%xmm0, (%0) \n\t" // as round key 0
|
||||
"jmp 2f \n\t" // skip auxiliary routine
|
||||
|
||||
/*
|
||||
* Finish generating the next round key.
|
||||
*
|
||||
* On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff
|
||||
* with X = rot( sub( r3 ) ) ^ RCON.
|
||||
*
|
||||
* On exit, xmm0 is r7:r6:r5:r4
|
||||
* with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
|
||||
* and those are written to the round key buffer.
|
||||
*/
|
||||
"1: \n\t"
|
||||
"pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X
|
||||
"pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4
|
||||
"pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0
|
||||
"pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4
|
||||
"pslldq $4, %%xmm0 \n\t" // etc
|
||||
"pxor %%xmm0, %%xmm1 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time!
|
||||
"add $16, %0 \n\t" // point to next round key
|
||||
"movdqu %%xmm0, (%0) \n\t" // write it
|
||||
"ret \n\t"
|
||||
|
||||
/* Main "loop" */
|
||||
"2: \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
|
||||
:
|
||||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0" );
|
||||
}
|
||||
|
||||
/*
|
||||
* Key expansion, 192-bit case
|
||||
*/
|
||||
static void aesni_setkey_enc_192( unsigned char *rk,
|
||||
const unsigned char *key )
|
||||
{
|
||||
asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key
|
||||
"movdqu %%xmm0, (%0) \n\t"
|
||||
"add $16, %0 \n\t"
|
||||
"movq 16(%1), %%xmm1 \n\t"
|
||||
"movq %%xmm1, (%0) \n\t"
|
||||
"add $8, %0 \n\t"
|
||||
"jmp 2f \n\t" // skip auxiliary routine
|
||||
|
||||
/*
|
||||
* Finish generating the next 6 quarter-keys.
|
||||
*
|
||||
* On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4
|
||||
* and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON.
|
||||
*
|
||||
* On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
|
||||
* and those are written to the round key buffer.
|
||||
*/
|
||||
"1: \n\t"
|
||||
"pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X
|
||||
"pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4
|
||||
"pslldq $4, %%xmm0 \n\t" // etc
|
||||
"pxor %%xmm0, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm0, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6
|
||||
"movdqu %%xmm0, (%0) \n\t"
|
||||
"add $16, %0 \n\t"
|
||||
"pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9
|
||||
"pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10
|
||||
"pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0
|
||||
"pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10
|
||||
"movq %%xmm1, (%0) \n\t"
|
||||
"add $8, %0 \n\t"
|
||||
"ret \n\t"
|
||||
|
||||
"2: \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
|
||||
|
||||
:
|
||||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0" );
|
||||
}
|
||||
|
||||
/*
|
||||
* Key expansion, 256-bit case
|
||||
*/
|
||||
static void aesni_setkey_enc_256( unsigned char *rk,
|
||||
const unsigned char *key )
|
||||
{
|
||||
asm( "movdqu (%1), %%xmm0 \n\t"
|
||||
"movdqu %%xmm0, (%0) \n\t"
|
||||
"add $16, %0 \n\t"
|
||||
"movdqu 16(%1), %%xmm1 \n\t"
|
||||
"movdqu %%xmm1, (%0) \n\t"
|
||||
"jmp 2f \n\t" // skip auxiliary routine
|
||||
|
||||
/*
|
||||
* Finish generating the next two round keys.
|
||||
*
|
||||
* On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and
|
||||
* xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
|
||||
*
|
||||
* On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
|
||||
* and those have been written to the output buffer.
|
||||
*/
|
||||
"1: \n\t"
|
||||
"pshufd $0xff, %%xmm2, %%xmm2 \n\t"
|
||||
"pxor %%xmm0, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm0, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm0, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm0 \n\t"
|
||||
"pxor %%xmm2, %%xmm0 \n\t"
|
||||
"add $16, %0 \n\t"
|
||||
"movdqu %%xmm0, (%0) \n\t"
|
||||
|
||||
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
|
||||
* and proceed to generate next round key from there */
|
||||
AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
|
||||
"pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
|
||||
"pxor %%xmm1, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm1 \n\t"
|
||||
"pxor %%xmm1, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm1 \n\t"
|
||||
"pxor %%xmm1, %%xmm2 \n\t"
|
||||
"pslldq $4, %%xmm1 \n\t"
|
||||
"pxor %%xmm2, %%xmm1 \n\t"
|
||||
"add $16, %0 \n\t"
|
||||
"movdqu %%xmm1, (%0) \n\t"
|
||||
"ret \n\t"
|
||||
|
||||
/*
|
||||
* Main "loop" - Generating one more key than necessary,
|
||||
* see definition of mbedtls_aes_context.buf
|
||||
*/
|
||||
"2: \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
|
||||
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
|
||||
:
|
||||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0" );
|
||||
}
|
||||
|
||||
/*
|
||||
* Key expansion, wrapper
|
||||
*/
|
||||
int mbedtls_aesni_setkey_enc( unsigned char *rk,
|
||||
const unsigned char *key,
|
||||
size_t bits )
|
||||
{
|
||||
switch( bits )
|
||||
{
|
||||
case 128: aesni_setkey_enc_128( rk, key ); break;
|
||||
case 192: aesni_setkey_enc_192( rk, key ); break;
|
||||
case 256: aesni_setkey_enc_256( rk, key ); break;
|
||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_HAVE_X86_64 */
|
||||
|
||||
#endif /* MBEDTLS_AESNI_C */
|
201
library/arc4.c
201
library/arc4.c
|
@ -1,201 +0,0 @@
|
|||
/*
|
||||
* An implementation of the ARCFOUR algorithm
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* The ARCFOUR algorithm was publicly disclosed on 94/09.
|
||||
*
|
||||
* http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
|
||||
#include "mbedtls/arc4.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* ARC4 key schedule
|
||||
*/
|
||||
void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
||||
unsigned int keylen )
|
||||
{
|
||||
int i, j, a;
|
||||
unsigned int k;
|
||||
unsigned char *m;
|
||||
|
||||
ctx->x = 0;
|
||||
ctx->y = 0;
|
||||
m = ctx->m;
|
||||
|
||||
for( i = 0; i < 256; i++ )
|
||||
m[i] = (unsigned char) i;
|
||||
|
||||
j = k = 0;
|
||||
|
||||
for( i = 0; i < 256; i++, k++ )
|
||||
{
|
||||
if( k >= keylen ) k = 0;
|
||||
|
||||
a = m[i];
|
||||
j = ( j + a + key[k] ) & 0xFF;
|
||||
m[i] = m[j];
|
||||
m[j] = (unsigned char) a;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* ARC4 cipher function
|
||||
*/
|
||||
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int x, y, a, b;
|
||||
size_t i;
|
||||
unsigned char *m;
|
||||
|
||||
x = ctx->x;
|
||||
y = ctx->y;
|
||||
m = ctx->m;
|
||||
|
||||
for( i = 0; i < length; i++ )
|
||||
{
|
||||
x = ( x + 1 ) & 0xFF; a = m[x];
|
||||
y = ( y + a ) & 0xFF; b = m[y];
|
||||
|
||||
m[x] = (unsigned char) b;
|
||||
m[y] = (unsigned char) a;
|
||||
|
||||
output[i] = (unsigned char)
|
||||
( input[i] ^ m[(unsigned char)( a + b )] );
|
||||
}
|
||||
|
||||
ctx->x = x;
|
||||
ctx->y = y;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_ARC4_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
|
||||
*
|
||||
* http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
|
||||
*/
|
||||
static const unsigned char arc4_test_key[3][8] =
|
||||
{
|
||||
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
|
||||
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
|
||||
};
|
||||
|
||||
static const unsigned char arc4_test_pt[3][8] =
|
||||
{
|
||||
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
|
||||
};
|
||||
|
||||
static const unsigned char arc4_test_ct[3][8] =
|
||||
{
|
||||
{ 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
|
||||
{ 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
|
||||
{ 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
|
||||
};
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_arc4_self_test( int verbose )
|
||||
{
|
||||
int i, ret = 0;
|
||||
unsigned char ibuf[8];
|
||||
unsigned char obuf[8];
|
||||
mbedtls_arc4_context ctx;
|
||||
|
||||
mbedtls_arc4_init( &ctx );
|
||||
|
||||
for( i = 0; i < 3; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " ARC4 test #%d: ", i + 1 );
|
||||
|
||||
memcpy( ibuf, arc4_test_pt[i], 8 );
|
||||
|
||||
mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
|
||||
mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
|
||||
|
||||
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
exit:
|
||||
mbedtls_arc4_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_ARC4_C */
|
1079
library/aria.c
1079
library/aria.c
File diff suppressed because it is too large
Load diff
|
@ -1,389 +0,0 @@
|
|||
/*
|
||||
* Generic ASN.1 parsing
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
#include "mbedtls/bignum.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ASN.1 DER decoding routines
|
||||
*/
|
||||
int mbedtls_asn1_get_len( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
size_t *len )
|
||||
{
|
||||
if( ( end - *p ) < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
if( ( **p & 0x80 ) == 0 )
|
||||
*len = *(*p)++;
|
||||
else
|
||||
{
|
||||
switch( **p & 0x7F )
|
||||
{
|
||||
case 1:
|
||||
if( ( end - *p ) < 2 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
*len = (*p)[1];
|
||||
(*p) += 2;
|
||||
break;
|
||||
|
||||
case 2:
|
||||
if( ( end - *p ) < 3 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
*len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
|
||||
(*p) += 3;
|
||||
break;
|
||||
|
||||
case 3:
|
||||
if( ( end - *p ) < 4 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
*len = ( (size_t)(*p)[1] << 16 ) |
|
||||
( (size_t)(*p)[2] << 8 ) | (*p)[3];
|
||||
(*p) += 4;
|
||||
break;
|
||||
|
||||
case 4:
|
||||
if( ( end - *p ) < 5 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
*len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
|
||||
( (size_t)(*p)[3] << 8 ) | (*p)[4];
|
||||
(*p) += 5;
|
||||
break;
|
||||
|
||||
default:
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
}
|
||||
}
|
||||
|
||||
if( *len > (size_t) ( end - *p ) )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_get_tag( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
size_t *len, int tag )
|
||||
{
|
||||
if( ( end - *p ) < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
if( **p != tag )
|
||||
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
|
||||
(*p)++;
|
||||
|
||||
return( mbedtls_asn1_get_len( p, end, len ) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_get_bool( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
int *val )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( len != 1 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
|
||||
*val = ( **p != 0 ) ? 1 : 0;
|
||||
(*p)++;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_get_int( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
int *val )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
|
||||
*val = 0;
|
||||
|
||||
while( len-- > 0 )
|
||||
{
|
||||
*val = ( *val << 8 ) | **p;
|
||||
(*p)++;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
int mbedtls_asn1_get_mpi( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_mpi *X )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_mpi_read_binary( X, *p, len );
|
||||
|
||||
*p += len;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
|
||||
mbedtls_asn1_bitstring *bs)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* Certificate type is a single byte bitstring */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* Check length, subtract one for actual bit string length */
|
||||
if( bs->len < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
bs->len -= 1;
|
||||
|
||||
/* Get number of unused bits, ensure unused bits <= 7 */
|
||||
bs->unused_bits = **p;
|
||||
if( bs->unused_bits > 7 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
(*p)++;
|
||||
|
||||
/* Get actual bitstring */
|
||||
bs->p = *p;
|
||||
*p += bs->len;
|
||||
|
||||
if( *p != end )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get a bit string without unused bits
|
||||
*/
|
||||
int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
|
||||
size_t *len )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( (*len)-- < 2 || *(*p)++ != 0 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
|
||||
*/
|
||||
int mbedtls_asn1_get_sequence_of( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_sequence *cur,
|
||||
int tag)
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
mbedtls_asn1_buf *buf;
|
||||
|
||||
/* Get main sequence tag */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( *p + len != end )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
while( *p < end )
|
||||
{
|
||||
buf = &(cur->buf);
|
||||
buf->tag = **p;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
buf->p = *p;
|
||||
*p += buf->len;
|
||||
|
||||
/* Allocate and assign next pointer */
|
||||
if( *p < end )
|
||||
{
|
||||
cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
|
||||
sizeof( mbedtls_asn1_sequence ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set final sequence entry's next pointer to NULL */
|
||||
cur->next = NULL;
|
||||
|
||||
if( *p != end )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_get_alg( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( end - *p ) < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
alg->tag = **p;
|
||||
end = *p + len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
alg->p = *p;
|
||||
*p += alg->len;
|
||||
|
||||
if( *p == end )
|
||||
{
|
||||
mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
params->tag = **p;
|
||||
(*p)++;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
params->p = *p;
|
||||
*p += params->len;
|
||||
|
||||
if( *p != end )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_get_alg_null( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_asn1_buf *alg )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_asn1_buf params;
|
||||
|
||||
memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
|
||||
{
|
||||
if( cur == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_free( cur->oid.p );
|
||||
mbedtls_free( cur->val.p );
|
||||
|
||||
mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
|
||||
}
|
||||
|
||||
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
|
||||
{
|
||||
mbedtls_asn1_named_data *cur;
|
||||
|
||||
while( ( cur = *head ) != NULL )
|
||||
{
|
||||
*head = cur->next;
|
||||
mbedtls_asn1_free_named_data( cur );
|
||||
mbedtls_free( cur );
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
|
||||
const char *oid, size_t len )
|
||||
{
|
||||
while( list != NULL )
|
||||
{
|
||||
if( list->oid.len == len &&
|
||||
memcmp( list->oid.p, oid, len ) == 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
list = list->next;
|
||||
}
|
||||
|
||||
return( list );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
|
@ -1,464 +0,0 @@
|
|||
/*
|
||||
* ASN.1 buffer writing functionality
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_WRITE_C)
|
||||
|
||||
#include "mbedtls/asn1write.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
|
||||
{
|
||||
if( len < 0x80 )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = (unsigned char) len;
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( len <= 0xFF )
|
||||
{
|
||||
if( *p - start < 2 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = (unsigned char) len;
|
||||
*--(*p) = 0x81;
|
||||
return( 2 );
|
||||
}
|
||||
|
||||
if( len <= 0xFFFF )
|
||||
{
|
||||
if( *p - start < 3 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = 0x82;
|
||||
return( 3 );
|
||||
}
|
||||
|
||||
if( len <= 0xFFFFFF )
|
||||
{
|
||||
if( *p - start < 4 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = 0x83;
|
||||
return( 4 );
|
||||
}
|
||||
|
||||
#if SIZE_MAX > 0xFFFFFFFF
|
||||
if( len <= 0xFFFFFFFF )
|
||||
#endif
|
||||
{
|
||||
if( *p - start < 5 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = ( len >> 24 ) & 0xFF;
|
||||
*--(*p) = 0x84;
|
||||
return( 5 );
|
||||
}
|
||||
|
||||
#if SIZE_MAX > 0xFFFFFFFF
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
#endif
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = tag;
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t size )
|
||||
{
|
||||
size_t len = 0;
|
||||
|
||||
if( *p < start || (size_t)( *p - start ) < size )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size;
|
||||
(*p) -= len;
|
||||
memcpy( *p, buf, len );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
// Write the MPI
|
||||
//
|
||||
len = mbedtls_mpi_size( X );
|
||||
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
|
||||
|
||||
// DER format assumes 2s complement for numbers, so the leftmost bit
|
||||
// should be 0 for positive numbers and 1 for negative numbers.
|
||||
//
|
||||
if( X->s ==1 && **p & 0x80 )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = 0x00;
|
||||
len += 1;
|
||||
}
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
|
||||
|
||||
ret = (int) len;
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
// Write NULL
|
||||
//
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
||||
(const unsigned char *) oid, oid_len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
size_t par_len )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
if( par_len == 0 )
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
|
||||
else
|
||||
len += par_len;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = (boolean) ? 255 : 0;
|
||||
len++;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len += 1;
|
||||
*--(*p) = val;
|
||||
|
||||
if( val > 0 && **p & 0x80 )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = 0x00;
|
||||
len += 1;
|
||||
}
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
|
||||
const char *text, size_t text_len )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
||||
(const unsigned char *) text, text_len ) );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
|
||||
const char *text, size_t text_len )
|
||||
{
|
||||
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
|
||||
const char *text, size_t text_len )
|
||||
{
|
||||
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
||||
const char *text, size_t text_len )
|
||||
{
|
||||
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_named_bitstring( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const unsigned char *buf,
|
||||
size_t bits )
|
||||
{
|
||||
size_t unused_bits, byte_len;
|
||||
const unsigned char *cur_byte;
|
||||
unsigned char cur_byte_shifted;
|
||||
unsigned char bit;
|
||||
|
||||
byte_len = ( bits + 7 ) / 8;
|
||||
unused_bits = ( byte_len * 8 ) - bits;
|
||||
|
||||
/*
|
||||
* Named bitstrings require that trailing 0s are excluded in the encoding
|
||||
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
|
||||
* when encoding this value in the first content octet
|
||||
*/
|
||||
if( bits != 0 )
|
||||
{
|
||||
cur_byte = buf + byte_len - 1;
|
||||
cur_byte_shifted = *cur_byte >> unused_bits;
|
||||
|
||||
for( ; ; )
|
||||
{
|
||||
bit = cur_byte_shifted & 0x1;
|
||||
cur_byte_shifted >>= 1;
|
||||
|
||||
if( bit != 0 )
|
||||
break;
|
||||
|
||||
bits--;
|
||||
if( bits == 0 )
|
||||
break;
|
||||
|
||||
if( bits % 8 == 0 )
|
||||
cur_byte_shifted = *--cur_byte;
|
||||
}
|
||||
}
|
||||
|
||||
return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t bits )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
size_t unused_bits, byte_len;
|
||||
|
||||
byte_len = ( bits + 7 ) / 8;
|
||||
unused_bits = ( byte_len * 8 ) - bits;
|
||||
|
||||
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = byte_len + 1;
|
||||
|
||||
/* Write the bitstring. Ensure the unused bits are zeroed */
|
||||
if( byte_len > 0 )
|
||||
{
|
||||
byte_len--;
|
||||
*--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
|
||||
( *p ) -= byte_len;
|
||||
memcpy( *p, buf, byte_len );
|
||||
}
|
||||
|
||||
/* Write unused bits */
|
||||
*--( *p ) = (unsigned char)unused_bits;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t size )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
|
||||
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
|
||||
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
|
||||
static mbedtls_asn1_named_data *asn1_find_named_data(
|
||||
mbedtls_asn1_named_data *list,
|
||||
const char *oid, size_t len )
|
||||
{
|
||||
while( list != NULL )
|
||||
{
|
||||
if( list->oid.len == len &&
|
||||
memcmp( list->oid.p, oid, len ) == 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
list = list->next;
|
||||
}
|
||||
|
||||
return( list );
|
||||
}
|
||||
|
||||
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
|
||||
mbedtls_asn1_named_data **head,
|
||||
const char *oid, size_t oid_len,
|
||||
const unsigned char *val,
|
||||
size_t val_len )
|
||||
{
|
||||
mbedtls_asn1_named_data *cur;
|
||||
|
||||
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
|
||||
{
|
||||
// Add new entry if not present yet based on OID
|
||||
//
|
||||
cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
|
||||
sizeof(mbedtls_asn1_named_data) );
|
||||
if( cur == NULL )
|
||||
return( NULL );
|
||||
|
||||
cur->oid.len = oid_len;
|
||||
cur->oid.p = mbedtls_calloc( 1, oid_len );
|
||||
if( cur->oid.p == NULL )
|
||||
{
|
||||
mbedtls_free( cur );
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
memcpy( cur->oid.p, oid, oid_len );
|
||||
|
||||
cur->val.len = val_len;
|
||||
cur->val.p = mbedtls_calloc( 1, val_len );
|
||||
if( cur->val.p == NULL )
|
||||
{
|
||||
mbedtls_free( cur->oid.p );
|
||||
mbedtls_free( cur );
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
cur->next = *head;
|
||||
*head = cur;
|
||||
}
|
||||
else if( cur->val.len < val_len )
|
||||
{
|
||||
/*
|
||||
* Enlarge existing value buffer if needed
|
||||
* Preserve old data until the allocation succeeded, to leave list in
|
||||
* a consistent state in case allocation fails.
|
||||
*/
|
||||
void *p = mbedtls_calloc( 1, val_len );
|
||||
if( p == NULL )
|
||||
return( NULL );
|
||||
|
||||
mbedtls_free( cur->val.p );
|
||||
cur->val.p = p;
|
||||
cur->val.len = val_len;
|
||||
}
|
||||
|
||||
if( val != NULL )
|
||||
memcpy( cur->val.p, val, val_len );
|
||||
|
||||
return( cur );
|
||||
}
|
||||
#endif /* MBEDTLS_ASN1_WRITE_C */
|
293
library/base64.c
293
library/base64.c
|
@ -1,293 +0,0 @@
|
|||
/*
|
||||
* RFC 1521 base64 encoding/decoding
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BASE64_C)
|
||||
|
||||
#include "mbedtls/base64.h"
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#include <string.h>
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
static const unsigned char base64_enc_map[64] =
|
||||
{
|
||||
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
|
||||
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
|
||||
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
|
||||
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
|
||||
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
|
||||
'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
|
||||
'8', '9', '+', '/'
|
||||
};
|
||||
|
||||
static const unsigned char base64_dec_map[128] =
|
||||
{
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
|
||||
127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
|
||||
54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
|
||||
127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
|
||||
5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
|
||||
15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
|
||||
25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
|
||||
29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
|
||||
39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
|
||||
49, 50, 51, 127, 127, 127, 127, 127
|
||||
};
|
||||
|
||||
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
|
||||
|
||||
/*
|
||||
* Encode a buffer into base64 format
|
||||
*/
|
||||
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
const unsigned char *src, size_t slen )
|
||||
{
|
||||
size_t i, n;
|
||||
int C1, C2, C3;
|
||||
unsigned char *p;
|
||||
|
||||
if( slen == 0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
n = slen / 3 + ( slen % 3 != 0 );
|
||||
|
||||
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
|
||||
{
|
||||
*olen = BASE64_SIZE_T_MAX;
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
n *= 4;
|
||||
|
||||
if( ( dlen < n + 1 ) || ( NULL == dst ) )
|
||||
{
|
||||
*olen = n + 1;
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
n = ( slen / 3 ) * 3;
|
||||
|
||||
for( i = 0, p = dst; i < n; i += 3 )
|
||||
{
|
||||
C1 = *src++;
|
||||
C2 = *src++;
|
||||
C3 = *src++;
|
||||
|
||||
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
|
||||
*p++ = base64_enc_map[C3 & 0x3F];
|
||||
}
|
||||
|
||||
if( i < slen )
|
||||
{
|
||||
C1 = *src++;
|
||||
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
|
||||
|
||||
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
|
||||
|
||||
if( ( i + 1 ) < slen )
|
||||
*p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
|
||||
else *p++ = '=';
|
||||
|
||||
*p++ = '=';
|
||||
}
|
||||
|
||||
*olen = p - dst;
|
||||
*p = 0;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decode a base64-formatted buffer
|
||||
*/
|
||||
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
const unsigned char *src, size_t slen )
|
||||
{
|
||||
size_t i, n;
|
||||
uint32_t j, x;
|
||||
unsigned char *p;
|
||||
|
||||
/* First pass: check for validity and get output length */
|
||||
for( i = n = j = 0; i < slen; i++ )
|
||||
{
|
||||
/* Skip spaces before checking for EOL */
|
||||
x = 0;
|
||||
while( i < slen && src[i] == ' ' )
|
||||
{
|
||||
++i;
|
||||
++x;
|
||||
}
|
||||
|
||||
/* Spaces at end of buffer are OK */
|
||||
if( i == slen )
|
||||
break;
|
||||
|
||||
if( ( slen - i ) >= 2 &&
|
||||
src[i] == '\r' && src[i + 1] == '\n' )
|
||||
continue;
|
||||
|
||||
if( src[i] == '\n' )
|
||||
continue;
|
||||
|
||||
/* Space inside a line is an error */
|
||||
if( x != 0 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( src[i] == '=' && ++j > 2 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( base64_dec_map[src[i]] < 64 && j != 0 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
n++;
|
||||
}
|
||||
|
||||
if( n == 0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* The following expression is to calculate the following formula without
|
||||
* risk of integer overflow in n:
|
||||
* n = ( ( n * 6 ) + 7 ) >> 3;
|
||||
*/
|
||||
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
|
||||
n -= j;
|
||||
|
||||
if( dst == NULL || dlen < n )
|
||||
{
|
||||
*olen = n;
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
|
||||
{
|
||||
if( *src == '\r' || *src == '\n' || *src == ' ' )
|
||||
continue;
|
||||
|
||||
j -= ( base64_dec_map[*src] == 64 );
|
||||
x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
|
||||
|
||||
if( ++n == 4 )
|
||||
{
|
||||
n = 0;
|
||||
if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
|
||||
if( j > 1 ) *p++ = (unsigned char)( x >> 8 );
|
||||
if( j > 2 ) *p++ = (unsigned char)( x );
|
||||
}
|
||||
}
|
||||
|
||||
*olen = p - dst;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
static const unsigned char base64_test_dec[64] =
|
||||
{
|
||||
0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
|
||||
0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
|
||||
0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
|
||||
0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
|
||||
0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
|
||||
0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
|
||||
0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
|
||||
0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
|
||||
};
|
||||
|
||||
static const unsigned char base64_test_enc[] =
|
||||
"JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
|
||||
"swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_base64_self_test( int verbose )
|
||||
{
|
||||
size_t len;
|
||||
const unsigned char *src;
|
||||
unsigned char buffer[128];
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " Base64 encoding test: " );
|
||||
|
||||
src = base64_test_dec;
|
||||
|
||||
if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
|
||||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n Base64 decoding test: " );
|
||||
|
||||
src = base64_test_enc;
|
||||
|
||||
if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
|
||||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_BASE64_C */
|
2837
library/bignum.c
2837
library/bignum.c
File diff suppressed because it is too large
Load diff
|
@ -1,696 +0,0 @@
|
|||
/*
|
||||
* Blowfish implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* The Blowfish block cipher was designed by Bruce Schneier in 1993.
|
||||
* http://www.schneier.com/blowfish.html
|
||||
* http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
|
||||
*
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BLOWFISH_C)
|
||||
|
||||
#include "mbedtls/blowfish.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define BLOWFISH_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
|
||||
#define BLOWFISH_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
|
||||
0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
|
||||
0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
|
||||
0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
|
||||
0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
|
||||
0x9216D5D9L, 0x8979FB1BL
|
||||
};
|
||||
|
||||
/* declarations of data at the end of this file */
|
||||
static const uint32_t S[4][256];
|
||||
|
||||
static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
|
||||
{
|
||||
unsigned short a, b, c, d;
|
||||
uint32_t y;
|
||||
|
||||
d = (unsigned short)(x & 0xFF);
|
||||
x >>= 8;
|
||||
c = (unsigned short)(x & 0xFF);
|
||||
x >>= 8;
|
||||
b = (unsigned short)(x & 0xFF);
|
||||
x >>= 8;
|
||||
a = (unsigned short)(x & 0xFF);
|
||||
y = ctx->S[0][a] + ctx->S[1][b];
|
||||
y = y ^ ctx->S[2][c];
|
||||
y = y + ctx->S[3][d];
|
||||
|
||||
return( y );
|
||||
}
|
||||
|
||||
static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
|
||||
{
|
||||
uint32_t Xl, Xr, temp;
|
||||
short i;
|
||||
|
||||
Xl = *xl;
|
||||
Xr = *xr;
|
||||
|
||||
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
|
||||
{
|
||||
Xl = Xl ^ ctx->P[i];
|
||||
Xr = F( ctx, Xl ) ^ Xr;
|
||||
|
||||
temp = Xl;
|
||||
Xl = Xr;
|
||||
Xr = temp;
|
||||
}
|
||||
|
||||
temp = Xl;
|
||||
Xl = Xr;
|
||||
Xr = temp;
|
||||
|
||||
Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS];
|
||||
Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1];
|
||||
|
||||
*xl = Xl;
|
||||
*xr = Xr;
|
||||
}
|
||||
|
||||
static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
|
||||
{
|
||||
uint32_t Xl, Xr, temp;
|
||||
short i;
|
||||
|
||||
Xl = *xl;
|
||||
Xr = *xr;
|
||||
|
||||
for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
|
||||
{
|
||||
Xl = Xl ^ ctx->P[i];
|
||||
Xr = F( ctx, Xl ) ^ Xr;
|
||||
|
||||
temp = Xl;
|
||||
Xl = Xr;
|
||||
Xr = temp;
|
||||
}
|
||||
|
||||
temp = Xl;
|
||||
Xl = Xr;
|
||||
Xr = temp;
|
||||
|
||||
Xr = Xr ^ ctx->P[1];
|
||||
Xl = Xl ^ ctx->P[0];
|
||||
|
||||
*xl = Xl;
|
||||
*xr = Xr;
|
||||
}
|
||||
|
||||
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
|
||||
{
|
||||
BLOWFISH_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Blowfish key schedule
|
||||
*/
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
unsigned int i, j, k;
|
||||
uint32_t data, datal, datar;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( key != NULL );
|
||||
|
||||
if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
|
||||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
|
||||
keybits % 8 != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
keybits >>= 3;
|
||||
|
||||
for( i = 0; i < 4; i++ )
|
||||
{
|
||||
for( j = 0; j < 256; j++ )
|
||||
ctx->S[i][j] = S[i][j];
|
||||
}
|
||||
|
||||
j = 0;
|
||||
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
|
||||
{
|
||||
data = 0x00000000;
|
||||
for( k = 0; k < 4; ++k )
|
||||
{
|
||||
data = ( data << 8 ) | key[j++];
|
||||
if( j >= keybits )
|
||||
j = 0;
|
||||
}
|
||||
ctx->P[i] = P[i] ^ data;
|
||||
}
|
||||
|
||||
datal = 0x00000000;
|
||||
datar = 0x00000000;
|
||||
|
||||
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
|
||||
{
|
||||
blowfish_enc( ctx, &datal, &datar );
|
||||
ctx->P[i] = datal;
|
||||
ctx->P[i + 1] = datar;
|
||||
}
|
||||
|
||||
for( i = 0; i < 4; i++ )
|
||||
{
|
||||
for( j = 0; j < 256; j += 2 )
|
||||
{
|
||||
blowfish_enc( ctx, &datal, &datar );
|
||||
ctx->S[i][j] = datal;
|
||||
ctx->S[i][j + 1] = datar;
|
||||
}
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Blowfish-ECB block encryption/decryption
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
|
||||
{
|
||||
uint32_t X0, X1;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( output != NULL );
|
||||
|
||||
GET_UINT32_BE( X0, input, 0 );
|
||||
GET_UINT32_BE( X1, input, 4 );
|
||||
|
||||
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
|
||||
{
|
||||
blowfish_dec( ctx, &X0, &X1 );
|
||||
}
|
||||
else /* MBEDTLS_BLOWFISH_ENCRYPT */
|
||||
{
|
||||
blowfish_enc( ctx, &X0, &X1 );
|
||||
}
|
||||
|
||||
PUT_UINT32_BE( X0, output, 0 );
|
||||
PUT_UINT32_BE( X1, output, 4 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/*
|
||||
* Blowfish-CBC buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( iv != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
|
||||
return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
|
||||
|
||||
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
|
||||
{
|
||||
while( length > 0 )
|
||||
{
|
||||
memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
|
||||
mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
|
||||
|
||||
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
|
||||
memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
|
||||
|
||||
input += MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
while( length > 0 )
|
||||
{
|
||||
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
|
||||
memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
|
||||
|
||||
input += MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/*
|
||||
* Blowfish CFB buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
size_t n;
|
||||
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
|
||||
mode == MBEDTLS_BLOWFISH_DECRYPT );
|
||||
BLOWFISH_VALIDATE_RET( iv != NULL );
|
||||
BLOWFISH_VALIDATE_RET( iv_off != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
if( n >= 8 )
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
|
||||
{
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
|
||||
|
||||
c = *input++;
|
||||
*output++ = (unsigned char)( c ^ iv[n] );
|
||||
iv[n] = (unsigned char) c;
|
||||
|
||||
n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
|
||||
|
||||
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
|
||||
|
||||
n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
}
|
||||
}
|
||||
|
||||
*iv_off = n;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /*MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/*
|
||||
* Blowfish CTR buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n;
|
||||
BLOWFISH_VALIDATE_RET( ctx != NULL );
|
||||
BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
|
||||
BLOWFISH_VALIDATE_RET( stream_block != NULL );
|
||||
BLOWFISH_VALIDATE_RET( nc_off != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
|
||||
BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
if( n >= 8 )
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
|
||||
stream_block );
|
||||
|
||||
for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++nonce_counter[i - 1] != 0 )
|
||||
break;
|
||||
}
|
||||
c = *input++;
|
||||
*output++ = (unsigned char)( c ^ stream_block[n] );
|
||||
|
||||
n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
|
||||
}
|
||||
|
||||
*nc_off = n;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
static const uint32_t S[4][256] = {
|
||||
{ 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
|
||||
0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
|
||||
0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
|
||||
0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
|
||||
0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
|
||||
0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
|
||||
0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
|
||||
0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
|
||||
0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
|
||||
0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
|
||||
0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
|
||||
0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
|
||||
0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
|
||||
0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
|
||||
0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
|
||||
0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
|
||||
0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
|
||||
0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
|
||||
0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
|
||||
0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
|
||||
0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
|
||||
0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
|
||||
0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
|
||||
0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
|
||||
0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
|
||||
0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
|
||||
0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
|
||||
0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
|
||||
0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
|
||||
0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
|
||||
0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
|
||||
0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
|
||||
0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
|
||||
0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
|
||||
0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
|
||||
0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
|
||||
0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
|
||||
0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
|
||||
0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
|
||||
0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
|
||||
0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
|
||||
0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
|
||||
0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
|
||||
0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
|
||||
0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
|
||||
0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
|
||||
0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
|
||||
0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
|
||||
0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
|
||||
0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
|
||||
0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
|
||||
0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
|
||||
0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
|
||||
0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
|
||||
0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
|
||||
0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
|
||||
0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
|
||||
0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
|
||||
0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
|
||||
0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
|
||||
0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
|
||||
0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
|
||||
0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
|
||||
0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL },
|
||||
{ 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
|
||||
0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
|
||||
0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
|
||||
0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
|
||||
0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
|
||||
0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
|
||||
0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
|
||||
0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
|
||||
0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
|
||||
0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
|
||||
0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
|
||||
0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
|
||||
0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
|
||||
0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
|
||||
0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
|
||||
0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
|
||||
0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
|
||||
0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
|
||||
0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
|
||||
0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
|
||||
0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
|
||||
0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
|
||||
0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
|
||||
0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
|
||||
0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
|
||||
0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
|
||||
0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
|
||||
0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
|
||||
0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
|
||||
0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
|
||||
0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
|
||||
0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
|
||||
0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
|
||||
0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
|
||||
0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
|
||||
0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
|
||||
0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
|
||||
0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
|
||||
0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
|
||||
0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
|
||||
0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
|
||||
0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
|
||||
0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
|
||||
0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
|
||||
0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
|
||||
0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
|
||||
0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
|
||||
0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
|
||||
0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
|
||||
0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
|
||||
0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
|
||||
0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
|
||||
0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
|
||||
0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
|
||||
0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
|
||||
0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
|
||||
0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
|
||||
0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
|
||||
0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
|
||||
0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
|
||||
0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
|
||||
0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
|
||||
0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
|
||||
0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L },
|
||||
{ 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
|
||||
0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
|
||||
0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
|
||||
0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
|
||||
0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
|
||||
0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
|
||||
0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
|
||||
0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
|
||||
0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
|
||||
0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
|
||||
0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
|
||||
0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
|
||||
0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
|
||||
0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
|
||||
0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
|
||||
0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
|
||||
0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
|
||||
0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
|
||||
0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
|
||||
0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
|
||||
0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
|
||||
0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
|
||||
0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
|
||||
0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
|
||||
0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
|
||||
0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
|
||||
0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
|
||||
0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
|
||||
0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
|
||||
0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
|
||||
0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
|
||||
0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
|
||||
0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
|
||||
0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
|
||||
0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
|
||||
0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
|
||||
0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
|
||||
0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
|
||||
0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
|
||||
0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
|
||||
0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
|
||||
0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
|
||||
0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
|
||||
0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
|
||||
0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
|
||||
0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
|
||||
0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
|
||||
0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
|
||||
0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
|
||||
0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
|
||||
0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
|
||||
0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
|
||||
0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
|
||||
0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
|
||||
0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
|
||||
0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
|
||||
0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
|
||||
0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
|
||||
0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
|
||||
0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
|
||||
0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
|
||||
0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
|
||||
0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
|
||||
0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L },
|
||||
{ 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
|
||||
0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
|
||||
0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
|
||||
0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
|
||||
0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
|
||||
0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
|
||||
0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
|
||||
0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
|
||||
0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
|
||||
0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
|
||||
0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
|
||||
0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
|
||||
0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
|
||||
0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
|
||||
0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
|
||||
0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
|
||||
0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
|
||||
0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
|
||||
0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
|
||||
0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
|
||||
0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
|
||||
0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
|
||||
0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
|
||||
0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
|
||||
0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
|
||||
0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
|
||||
0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
|
||||
0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
|
||||
0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
|
||||
0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
|
||||
0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
|
||||
0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
|
||||
0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
|
||||
0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
|
||||
0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
|
||||
0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
|
||||
0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
|
||||
0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
|
||||
0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
|
||||
0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
|
||||
0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
|
||||
0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
|
||||
0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
|
||||
0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
|
||||
0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
|
||||
0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
|
||||
0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
|
||||
0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
|
||||
0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
|
||||
0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
|
||||
0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
|
||||
0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
|
||||
0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
|
||||
0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
|
||||
0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
|
||||
0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
|
||||
0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
|
||||
0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
|
||||
0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
|
||||
0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
|
||||
0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
|
||||
0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
|
||||
0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
|
||||
0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L }
|
||||
};
|
||||
|
||||
#endif /* !MBEDTLS_BLOWFISH_ALT */
|
||||
#endif /* MBEDTLS_BLOWFISH_C */
|
1114
library/camellia.c
1114
library/camellia.c
File diff suppressed because it is too large
Load diff
552
library/ccm.c
552
library/ccm.c
|
@ -1,552 +0,0 @@
|
|||
/*
|
||||
* NIST SP800-38C compliant CCM implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Definition of CCM:
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
|
||||
* RFC 3610 "Counter with CBC-MAC (CCM)"
|
||||
*
|
||||
* Related:
|
||||
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
|
||||
#define CCM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
|
||||
#define CCM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
#define CCM_DECRYPT 1
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
CCM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
int ret;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( key != NULL );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
|
||||
MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( cipher_info->block_size != 16 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
|
||||
if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
|
||||
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Free context
|
||||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Macros for common operations.
|
||||
* Results in smaller compiled code than static inline functions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Update the CBC-MAC state in y using a block in b
|
||||
* (Always using b as the source helps the compiler optimise a bit better.)
|
||||
*/
|
||||
#define UPDATE_CBC_MAC \
|
||||
for( i = 0; i < 16; i++ ) \
|
||||
y[i] ^= b[i]; \
|
||||
\
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
|
||||
return( ret );
|
||||
|
||||
/*
|
||||
* Encrypt or decrypt a partial block with CTR
|
||||
* Warning: using b for temporary storage! src and dst must not be b!
|
||||
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
|
||||
*/
|
||||
#define CTR_CRYPT( dst, src, len ) \
|
||||
do \
|
||||
{ \
|
||||
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
|
||||
16, b, &olen ) ) != 0 ) \
|
||||
{ \
|
||||
return( ret ); \
|
||||
} \
|
||||
\
|
||||
for( i = 0; i < (len); i++ ) \
|
||||
(dst)[i] = (src)[i] ^ b[i]; \
|
||||
} while( 0 )
|
||||
|
||||
/*
|
||||
* Authenticated encryption or decryption
|
||||
*/
|
||||
static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char i;
|
||||
unsigned char q;
|
||||
size_t len_left, olen;
|
||||
unsigned char b[16];
|
||||
unsigned char y[16];
|
||||
unsigned char ctr[16];
|
||||
const unsigned char *src;
|
||||
unsigned char *dst;
|
||||
|
||||
/*
|
||||
* Check length requirements: SP800-38C A.1
|
||||
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
|
||||
* 'length' checked later (when writing it to the first block)
|
||||
*
|
||||
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
|
||||
*/
|
||||
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
/* Also implies q is within bounds */
|
||||
if( iv_len < 7 || iv_len > 13 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( add_len > 0xFF00 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
q = 16 - 1 - (unsigned char) iv_len;
|
||||
|
||||
/*
|
||||
* First block B_0:
|
||||
* 0 .. 0 flags
|
||||
* 1 .. iv_len nonce (aka iv)
|
||||
* iv_len+1 .. 15 length
|
||||
*
|
||||
* With flags as (bits):
|
||||
* 7 0
|
||||
* 6 add present?
|
||||
* 5 .. 3 (t - 2) / 2
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
b[0] = 0;
|
||||
b[0] |= ( add_len > 0 ) << 6;
|
||||
b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
|
||||
b[0] |= q - 1;
|
||||
|
||||
memcpy( b + 1, iv, iv_len );
|
||||
|
||||
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
|
||||
b[15-i] = (unsigned char)( len_left & 0xFF );
|
||||
|
||||
if( len_left > 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
|
||||
/* Start CBC-MAC with first block */
|
||||
memset( y, 0, 16 );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
/*
|
||||
* If there is additional data, update CBC-MAC with
|
||||
* add_len, add, 0 (padding to a block boundary)
|
||||
*/
|
||||
if( add_len > 0 )
|
||||
{
|
||||
size_t use_len;
|
||||
len_left = add_len;
|
||||
src = add;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
|
||||
b[1] = (unsigned char)( ( add_len ) & 0xFF );
|
||||
|
||||
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
|
||||
memcpy( b + 2, src, use_len );
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
use_len = len_left > 16 ? 16 : len_left;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare counter block for encryption:
|
||||
* 0 .. 0 flags
|
||||
* 1 .. iv_len nonce (aka iv)
|
||||
* iv_len+1 .. 15 counter (initially 1)
|
||||
*
|
||||
* With flags as (bits):
|
||||
* 7 .. 3 0
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
ctr[0] = q - 1;
|
||||
memcpy( ctr + 1, iv, iv_len );
|
||||
memset( ctr + 1 + iv_len, 0, q );
|
||||
ctr[15] = 1;
|
||||
|
||||
/*
|
||||
* Authenticate and {en,de}crypt the message.
|
||||
*
|
||||
* The only difference between encryption and decryption is
|
||||
* the respective order of authentication and {en,de}cryption.
|
||||
*/
|
||||
len_left = length;
|
||||
src = input;
|
||||
dst = output;
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
size_t use_len = len_left > 16 ? 16 : len_left;
|
||||
|
||||
if( mode == CCM_ENCRYPT )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
}
|
||||
|
||||
CTR_CRYPT( dst, src, use_len );
|
||||
|
||||
if( mode == CCM_DECRYPT )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, dst, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
}
|
||||
|
||||
dst += use_len;
|
||||
src += use_len;
|
||||
len_left -= use_len;
|
||||
|
||||
/*
|
||||
* Increment counter.
|
||||
* No need to check for overflow thanks to the length check above.
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
if( ++ctr[15-i] != 0 )
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* Authentication: reset counter and crypt/mask internal tag
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
ctr[15-i] = 0;
|
||||
|
||||
CTR_CRYPT( y, y, 16 );
|
||||
memcpy( tag, y, tag_len );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated encryption
|
||||
*/
|
||||
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
|
||||
add, add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
|
||||
add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated decryption
|
||||
*/
|
||||
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char check_tag[16];
|
||||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, check_tag, tag_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for( diff = 0, i = 0; i < tag_len; i++ )
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
|
||||
if( diff != 0 )
|
||||
{
|
||||
mbedtls_platform_zeroize( output, length );
|
||||
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
CCM_VALIDATE_RET( ctx != NULL );
|
||||
CCM_VALIDATE_RET( iv != NULL );
|
||||
CCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||
CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
|
||||
|
||||
if( tag_len == 0 )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
||||
return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
|
||||
add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_CCM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/*
|
||||
* Examples 1 to 3 from SP800-38C Appendix C
|
||||
*/
|
||||
|
||||
#define NB_TESTS 3
|
||||
#define CCM_SELFTEST_PT_MAX_LEN 24
|
||||
#define CCM_SELFTEST_CT_MAX_LEN 32
|
||||
/*
|
||||
* The data is the same for all tests, only the used length changes
|
||||
*/
|
||||
static const unsigned char key_test_data[] = {
|
||||
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
|
||||
};
|
||||
|
||||
static const unsigned char iv_test_data[] = {
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b
|
||||
};
|
||||
|
||||
static const unsigned char ad_test_data[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13
|
||||
};
|
||||
|
||||
static const unsigned char msg_test_data[CCM_SELFTEST_PT_MAX_LEN] = {
|
||||
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
};
|
||||
|
||||
static const size_t iv_len_test_data [NB_TESTS] = { 7, 8, 12 };
|
||||
static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
|
||||
static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
|
||||
static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 };
|
||||
|
||||
static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
|
||||
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
|
||||
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
|
||||
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
|
||||
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
|
||||
{ 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
|
||||
0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
|
||||
0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
|
||||
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
|
||||
};
|
||||
|
||||
int mbedtls_ccm_self_test( int verbose )
|
||||
{
|
||||
mbedtls_ccm_context ctx;
|
||||
/*
|
||||
* Some hardware accelerators require the input and output buffers
|
||||
* would be in RAM, because the flash is not accessible.
|
||||
* Use buffers on the stack to hold the test vectors data.
|
||||
*/
|
||||
unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
|
||||
unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
|
||||
size_t i;
|
||||
int ret;
|
||||
|
||||
mbedtls_ccm_init( &ctx );
|
||||
|
||||
if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
|
||||
8 * sizeof key_test_data ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " CCM: setup failed" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
for( i = 0; i < NB_TESTS; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
|
||||
|
||||
memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
|
||||
memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
|
||||
memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
|
||||
|
||||
ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
|
||||
iv_test_data, iv_len_test_data[i],
|
||||
ad_test_data, add_len_test_data[i],
|
||||
plaintext, ciphertext,
|
||||
ciphertext + msg_len_test_data[i],
|
||||
tag_len_test_data[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( ciphertext, res_test_data[i],
|
||||
msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
|
||||
|
||||
ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
|
||||
iv_test_data, iv_len_test_data[i],
|
||||
ad_test_data, add_len_test_data[i],
|
||||
ciphertext, plaintext,
|
||||
ciphertext + msg_len_test_data[i],
|
||||
tag_len_test_data[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
mbedtls_ccm_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#endif /* MBEDTLS_CCM_C */
|
|
@ -1,570 +0,0 @@
|
|||
/**
|
||||
* \file chacha20.c
|
||||
*
|
||||
* \brief ChaCha20 cipher.
|
||||
*
|
||||
* \author Daniel King <damaki.gh@gmail.com>
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
|
||||
#include "mbedtls/chacha20.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_CHACHA20_ALT)
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHA20_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
|
||||
#define CHACHA20_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
( (uint32_t) (data)[offset] \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
|
||||
| (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
|
||||
)
|
||||
|
||||
#define ROTL32( value, amount ) \
|
||||
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
|
||||
|
||||
#define CHACHA20_CTR_INDEX ( 12U )
|
||||
|
||||
#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
|
||||
|
||||
/**
|
||||
* \brief ChaCha20 quarter round operation.
|
||||
*
|
||||
* The quarter round is defined as follows (from RFC 7539):
|
||||
* 1. a += b; d ^= a; d <<<= 16;
|
||||
* 2. c += d; b ^= c; b <<<= 12;
|
||||
* 3. a += b; d ^= a; d <<<= 8;
|
||||
* 4. c += d; b ^= c; b <<<= 7;
|
||||
*
|
||||
* \param state ChaCha20 state to modify.
|
||||
* \param a The index of 'a' in the state.
|
||||
* \param b The index of 'b' in the state.
|
||||
* \param c The index of 'c' in the state.
|
||||
* \param d The index of 'd' in the state.
|
||||
*/
|
||||
static inline void chacha20_quarter_round( uint32_t state[16],
|
||||
size_t a,
|
||||
size_t b,
|
||||
size_t c,
|
||||
size_t d )
|
||||
{
|
||||
/* a += b; d ^= a; d <<<= 16; */
|
||||
state[a] += state[b];
|
||||
state[d] ^= state[a];
|
||||
state[d] = ROTL32( state[d], 16 );
|
||||
|
||||
/* c += d; b ^= c; b <<<= 12 */
|
||||
state[c] += state[d];
|
||||
state[b] ^= state[c];
|
||||
state[b] = ROTL32( state[b], 12 );
|
||||
|
||||
/* a += b; d ^= a; d <<<= 8; */
|
||||
state[a] += state[b];
|
||||
state[d] ^= state[a];
|
||||
state[d] = ROTL32( state[d], 8 );
|
||||
|
||||
/* c += d; b ^= c; b <<<= 7; */
|
||||
state[c] += state[d];
|
||||
state[b] ^= state[c];
|
||||
state[b] = ROTL32( state[b], 7 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Perform the ChaCha20 inner block operation.
|
||||
*
|
||||
* This function performs two rounds: the column round and the
|
||||
* diagonal round.
|
||||
*
|
||||
* \param state The ChaCha20 state to update.
|
||||
*/
|
||||
static void chacha20_inner_block( uint32_t state[16] )
|
||||
{
|
||||
chacha20_quarter_round( state, 0, 4, 8, 12 );
|
||||
chacha20_quarter_round( state, 1, 5, 9, 13 );
|
||||
chacha20_quarter_round( state, 2, 6, 10, 14 );
|
||||
chacha20_quarter_round( state, 3, 7, 11, 15 );
|
||||
|
||||
chacha20_quarter_round( state, 0, 5, 10, 15 );
|
||||
chacha20_quarter_round( state, 1, 6, 11, 12 );
|
||||
chacha20_quarter_round( state, 2, 7, 8, 13 );
|
||||
chacha20_quarter_round( state, 3, 4, 9, 14 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Generates a keystream block.
|
||||
*
|
||||
* \param initial_state The initial ChaCha20 state (key, nonce, counter).
|
||||
* \param keystream Generated keystream bytes are written to this buffer.
|
||||
*/
|
||||
static void chacha20_block( const uint32_t initial_state[16],
|
||||
unsigned char keystream[64] )
|
||||
{
|
||||
uint32_t working_state[16];
|
||||
size_t i;
|
||||
|
||||
memcpy( working_state,
|
||||
initial_state,
|
||||
CHACHA20_BLOCK_SIZE_BYTES );
|
||||
|
||||
for( i = 0U; i < 10U; i++ )
|
||||
chacha20_inner_block( working_state );
|
||||
|
||||
working_state[ 0] += initial_state[ 0];
|
||||
working_state[ 1] += initial_state[ 1];
|
||||
working_state[ 2] += initial_state[ 2];
|
||||
working_state[ 3] += initial_state[ 3];
|
||||
working_state[ 4] += initial_state[ 4];
|
||||
working_state[ 5] += initial_state[ 5];
|
||||
working_state[ 6] += initial_state[ 6];
|
||||
working_state[ 7] += initial_state[ 7];
|
||||
working_state[ 8] += initial_state[ 8];
|
||||
working_state[ 9] += initial_state[ 9];
|
||||
working_state[10] += initial_state[10];
|
||||
working_state[11] += initial_state[11];
|
||||
working_state[12] += initial_state[12];
|
||||
working_state[13] += initial_state[13];
|
||||
working_state[14] += initial_state[14];
|
||||
working_state[15] += initial_state[15];
|
||||
|
||||
for( i = 0U; i < 16; i++ )
|
||||
{
|
||||
size_t offset = i * 4U;
|
||||
|
||||
keystream[offset ] = (unsigned char)( working_state[i] );
|
||||
keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 );
|
||||
keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
|
||||
keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
|
||||
}
|
||||
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
|
||||
{
|
||||
CHACHA20_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* ChaCha20 constants - the string "expand 32-byte k" */
|
||||
ctx->state[0] = 0x61707865;
|
||||
ctx->state[1] = 0x3320646e;
|
||||
ctx->state[2] = 0x79622d32;
|
||||
ctx->state[3] = 0x6b206574;
|
||||
|
||||
/* Set key */
|
||||
ctx->state[4] = BYTES_TO_U32_LE( key, 0 );
|
||||
ctx->state[5] = BYTES_TO_U32_LE( key, 4 );
|
||||
ctx->state[6] = BYTES_TO_U32_LE( key, 8 );
|
||||
ctx->state[7] = BYTES_TO_U32_LE( key, 12 );
|
||||
ctx->state[8] = BYTES_TO_U32_LE( key, 16 );
|
||||
ctx->state[9] = BYTES_TO_U32_LE( key, 20 );
|
||||
ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
|
||||
ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
||||
const unsigned char nonce[12],
|
||||
uint32_t counter )
|
||||
{
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Counter */
|
||||
ctx->state[12] = counter;
|
||||
|
||||
/* Nonce */
|
||||
ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
|
||||
ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
|
||||
ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
|
||||
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
||||
size_t size,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
size_t offset = 0U;
|
||||
size_t i;
|
||||
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
|
||||
|
||||
/* Use leftover keystream bytes, if available */
|
||||
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
|
||||
{
|
||||
output[offset] = input[offset]
|
||||
^ ctx->keystream8[ctx->keystream_bytes_used];
|
||||
|
||||
ctx->keystream_bytes_used++;
|
||||
offset++;
|
||||
size--;
|
||||
}
|
||||
|
||||
/* Process full blocks */
|
||||
while( size >= CHACHA20_BLOCK_SIZE_BYTES )
|
||||
{
|
||||
/* Generate new keystream block and increment counter */
|
||||
chacha20_block( ctx->state, ctx->keystream8 );
|
||||
ctx->state[CHACHA20_CTR_INDEX]++;
|
||||
|
||||
for( i = 0U; i < 64U; i += 8U )
|
||||
{
|
||||
output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ];
|
||||
output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
|
||||
output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
|
||||
output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3];
|
||||
output[offset + i+4] = input[offset + i+4] ^ ctx->keystream8[i+4];
|
||||
output[offset + i+5] = input[offset + i+5] ^ ctx->keystream8[i+5];
|
||||
output[offset + i+6] = input[offset + i+6] ^ ctx->keystream8[i+6];
|
||||
output[offset + i+7] = input[offset + i+7] ^ ctx->keystream8[i+7];
|
||||
}
|
||||
|
||||
offset += CHACHA20_BLOCK_SIZE_BYTES;
|
||||
size -= CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
|
||||
/* Last (partial) block */
|
||||
if( size > 0U )
|
||||
{
|
||||
/* Generate new keystream block and increment counter */
|
||||
chacha20_block( ctx->state, ctx->keystream8 );
|
||||
ctx->state[CHACHA20_CTR_INDEX]++;
|
||||
|
||||
for( i = 0U; i < size; i++)
|
||||
{
|
||||
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
|
||||
}
|
||||
|
||||
ctx->keystream_bytes_used = size;
|
||||
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_crypt( const unsigned char key[32],
|
||||
const unsigned char nonce[12],
|
||||
uint32_t counter,
|
||||
size_t data_len,
|
||||
const unsigned char* input,
|
||||
unsigned char* output )
|
||||
{
|
||||
mbedtls_chacha20_context ctx;
|
||||
int ret;
|
||||
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx, key );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
|
||||
|
||||
cleanup:
|
||||
mbedtls_chacha20_free( &ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_CHACHA20_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
static const unsigned char test_keys[2][32] =
|
||||
{
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
},
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
||||
}
|
||||
};
|
||||
|
||||
static const unsigned char test_nonces[2][12] =
|
||||
{
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00
|
||||
},
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x02
|
||||
}
|
||||
};
|
||||
|
||||
static const uint32_t test_counters[2] =
|
||||
{
|
||||
0U,
|
||||
1U
|
||||
};
|
||||
|
||||
static const unsigned char test_input[2][375] =
|
||||
{
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
},
|
||||
{
|
||||
0x41, 0x6e, 0x79, 0x20, 0x73, 0x75, 0x62, 0x6d,
|
||||
0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x74,
|
||||
0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x49, 0x45,
|
||||
0x54, 0x46, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6e,
|
||||
0x64, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74,
|
||||
0x68, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72,
|
||||
0x69, 0x62, 0x75, 0x74, 0x6f, 0x72, 0x20, 0x66,
|
||||
0x6f, 0x72, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69,
|
||||
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61,
|
||||
0x73, 0x20, 0x61, 0x6c, 0x6c, 0x20, 0x6f, 0x72,
|
||||
0x20, 0x70, 0x61, 0x72, 0x74, 0x20, 0x6f, 0x66,
|
||||
0x20, 0x61, 0x6e, 0x20, 0x49, 0x45, 0x54, 0x46,
|
||||
0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
|
||||
0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x20,
|
||||
0x6f, 0x72, 0x20, 0x52, 0x46, 0x43, 0x20, 0x61,
|
||||
0x6e, 0x64, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x73,
|
||||
0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74,
|
||||
0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x77, 0x69,
|
||||
0x74, 0x68, 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65,
|
||||
0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
|
||||
0x20, 0x6f, 0x66, 0x20, 0x61, 0x6e, 0x20, 0x49,
|
||||
0x45, 0x54, 0x46, 0x20, 0x61, 0x63, 0x74, 0x69,
|
||||
0x76, 0x69, 0x74, 0x79, 0x20, 0x69, 0x73, 0x20,
|
||||
0x63, 0x6f, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72,
|
||||
0x65, 0x64, 0x20, 0x61, 0x6e, 0x20, 0x22, 0x49,
|
||||
0x45, 0x54, 0x46, 0x20, 0x43, 0x6f, 0x6e, 0x74,
|
||||
0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e,
|
||||
0x22, 0x2e, 0x20, 0x53, 0x75, 0x63, 0x68, 0x20,
|
||||
0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
|
||||
0x74, 0x73, 0x20, 0x69, 0x6e, 0x63, 0x6c, 0x75,
|
||||
0x64, 0x65, 0x20, 0x6f, 0x72, 0x61, 0x6c, 0x20,
|
||||
0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
|
||||
0x74, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x49, 0x45,
|
||||
0x54, 0x46, 0x20, 0x73, 0x65, 0x73, 0x73, 0x69,
|
||||
0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x73, 0x20,
|
||||
0x77, 0x65, 0x6c, 0x6c, 0x20, 0x61, 0x73, 0x20,
|
||||
0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x20,
|
||||
0x61, 0x6e, 0x64, 0x20, 0x65, 0x6c, 0x65, 0x63,
|
||||
0x74, 0x72, 0x6f, 0x6e, 0x69, 0x63, 0x20, 0x63,
|
||||
0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61,
|
||||
0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6d, 0x61,
|
||||
0x64, 0x65, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e,
|
||||
0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x6f,
|
||||
0x72, 0x20, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x2c,
|
||||
0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x61,
|
||||
0x72, 0x65, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65,
|
||||
0x73, 0x73, 0x65, 0x64, 0x20, 0x74, 0x6f
|
||||
}
|
||||
};
|
||||
|
||||
static const unsigned char test_output[2][375] =
|
||||
{
|
||||
{
|
||||
0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
|
||||
0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
|
||||
0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
|
||||
0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
|
||||
0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
|
||||
0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
|
||||
0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
|
||||
0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86
|
||||
},
|
||||
{
|
||||
0xa3, 0xfb, 0xf0, 0x7d, 0xf3, 0xfa, 0x2f, 0xde,
|
||||
0x4f, 0x37, 0x6c, 0xa2, 0x3e, 0x82, 0x73, 0x70,
|
||||
0x41, 0x60, 0x5d, 0x9f, 0x4f, 0x4f, 0x57, 0xbd,
|
||||
0x8c, 0xff, 0x2c, 0x1d, 0x4b, 0x79, 0x55, 0xec,
|
||||
0x2a, 0x97, 0x94, 0x8b, 0xd3, 0x72, 0x29, 0x15,
|
||||
0xc8, 0xf3, 0xd3, 0x37, 0xf7, 0xd3, 0x70, 0x05,
|
||||
0x0e, 0x9e, 0x96, 0xd6, 0x47, 0xb7, 0xc3, 0x9f,
|
||||
0x56, 0xe0, 0x31, 0xca, 0x5e, 0xb6, 0x25, 0x0d,
|
||||
0x40, 0x42, 0xe0, 0x27, 0x85, 0xec, 0xec, 0xfa,
|
||||
0x4b, 0x4b, 0xb5, 0xe8, 0xea, 0xd0, 0x44, 0x0e,
|
||||
0x20, 0xb6, 0xe8, 0xdb, 0x09, 0xd8, 0x81, 0xa7,
|
||||
0xc6, 0x13, 0x2f, 0x42, 0x0e, 0x52, 0x79, 0x50,
|
||||
0x42, 0xbd, 0xfa, 0x77, 0x73, 0xd8, 0xa9, 0x05,
|
||||
0x14, 0x47, 0xb3, 0x29, 0x1c, 0xe1, 0x41, 0x1c,
|
||||
0x68, 0x04, 0x65, 0x55, 0x2a, 0xa6, 0xc4, 0x05,
|
||||
0xb7, 0x76, 0x4d, 0x5e, 0x87, 0xbe, 0xa8, 0x5a,
|
||||
0xd0, 0x0f, 0x84, 0x49, 0xed, 0x8f, 0x72, 0xd0,
|
||||
0xd6, 0x62, 0xab, 0x05, 0x26, 0x91, 0xca, 0x66,
|
||||
0x42, 0x4b, 0xc8, 0x6d, 0x2d, 0xf8, 0x0e, 0xa4,
|
||||
0x1f, 0x43, 0xab, 0xf9, 0x37, 0xd3, 0x25, 0x9d,
|
||||
0xc4, 0xb2, 0xd0, 0xdf, 0xb4, 0x8a, 0x6c, 0x91,
|
||||
0x39, 0xdd, 0xd7, 0xf7, 0x69, 0x66, 0xe9, 0x28,
|
||||
0xe6, 0x35, 0x55, 0x3b, 0xa7, 0x6c, 0x5c, 0x87,
|
||||
0x9d, 0x7b, 0x35, 0xd4, 0x9e, 0xb2, 0xe6, 0x2b,
|
||||
0x08, 0x71, 0xcd, 0xac, 0x63, 0x89, 0x39, 0xe2,
|
||||
0x5e, 0x8a, 0x1e, 0x0e, 0xf9, 0xd5, 0x28, 0x0f,
|
||||
0xa8, 0xca, 0x32, 0x8b, 0x35, 0x1c, 0x3c, 0x76,
|
||||
0x59, 0x89, 0xcb, 0xcf, 0x3d, 0xaa, 0x8b, 0x6c,
|
||||
0xcc, 0x3a, 0xaf, 0x9f, 0x39, 0x79, 0xc9, 0x2b,
|
||||
0x37, 0x20, 0xfc, 0x88, 0xdc, 0x95, 0xed, 0x84,
|
||||
0xa1, 0xbe, 0x05, 0x9c, 0x64, 0x99, 0xb9, 0xfd,
|
||||
0xa2, 0x36, 0xe7, 0xe8, 0x18, 0xb0, 0x4b, 0x0b,
|
||||
0xc3, 0x9c, 0x1e, 0x87, 0x6b, 0x19, 0x3b, 0xfe,
|
||||
0x55, 0x69, 0x75, 0x3f, 0x88, 0x12, 0x8c, 0xc0,
|
||||
0x8a, 0xaa, 0x9b, 0x63, 0xd1, 0xa1, 0x6f, 0x80,
|
||||
0xef, 0x25, 0x54, 0xd7, 0x18, 0x9c, 0x41, 0x1f,
|
||||
0x58, 0x69, 0xca, 0x52, 0xc5, 0xb8, 0x3f, 0xa3,
|
||||
0x6f, 0xf2, 0x16, 0xb9, 0xc1, 0xd3, 0x00, 0x62,
|
||||
0xbe, 0xbc, 0xfd, 0x2d, 0xc5, 0xbc, 0xe0, 0x91,
|
||||
0x19, 0x34, 0xfd, 0xa7, 0x9a, 0x86, 0xf6, 0xe6,
|
||||
0x98, 0xce, 0xd7, 0x59, 0xc3, 0xff, 0x9b, 0x64,
|
||||
0x77, 0x33, 0x8f, 0x3d, 0xa4, 0xf9, 0xcd, 0x85,
|
||||
0x14, 0xea, 0x99, 0x82, 0xcc, 0xaf, 0xb3, 0x41,
|
||||
0xb2, 0x38, 0x4d, 0xd9, 0x02, 0xf3, 0xd1, 0xab,
|
||||
0x7a, 0xc6, 0x1d, 0xd2, 0x9c, 0x6f, 0x21, 0xba,
|
||||
0x5b, 0x86, 0x2f, 0x37, 0x30, 0xe3, 0x7c, 0xfd,
|
||||
0xc4, 0xfd, 0x80, 0x6c, 0x22, 0xf2, 0x21
|
||||
}
|
||||
};
|
||||
|
||||
static const size_t test_lengths[2] =
|
||||
{
|
||||
64U,
|
||||
375U
|
||||
};
|
||||
|
||||
#define ASSERT( cond, args ) \
|
||||
do \
|
||||
{ \
|
||||
if( ! ( cond ) ) \
|
||||
{ \
|
||||
if( verbose != 0 ) \
|
||||
mbedtls_printf args; \
|
||||
\
|
||||
return( -1 ); \
|
||||
} \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
int mbedtls_chacha20_self_test( int verbose )
|
||||
{
|
||||
unsigned char output[381];
|
||||
unsigned i;
|
||||
int ret;
|
||||
|
||||
for( i = 0U; i < 2U; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " ChaCha20 test %u ", i );
|
||||
|
||||
ret = mbedtls_chacha20_crypt( test_keys[i],
|
||||
test_nonces[i],
|
||||
test_counters[i],
|
||||
test_lengths[i],
|
||||
test_input[i],
|
||||
output );
|
||||
|
||||
ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
|
||||
|
||||
ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
|
||||
( "failed (output)\n" ) );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* !MBEDTLS_CHACHA20_C */
|
|
@ -1,540 +0,0 @@
|
|||
/**
|
||||
* \file chachapoly.c
|
||||
*
|
||||
* \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
|
||||
#include "mbedtls/chachapoly.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHAPOLY_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
|
||||
#define CHACHAPOLY_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CHACHAPOLY_STATE_INIT ( 0 )
|
||||
#define CHACHAPOLY_STATE_AAD ( 1 )
|
||||
#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
|
||||
#define CHACHAPOLY_STATE_FINISHED ( 3 )
|
||||
|
||||
/**
|
||||
* \brief Adds nul bytes to pad the AAD for Poly1305.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context.
|
||||
*/
|
||||
static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
|
||||
unsigned char zeroes[15];
|
||||
|
||||
if( partial_block_len == 0U )
|
||||
return( 0 );
|
||||
|
||||
memset( zeroes, 0, sizeof( zeroes ) );
|
||||
|
||||
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
|
||||
zeroes,
|
||||
16U - partial_block_len ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Adds nul bytes to pad the ciphertext for Poly1305.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context.
|
||||
*/
|
||||
static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
|
||||
unsigned char zeroes[15];
|
||||
|
||||
if( partial_block_len == 0U )
|
||||
return( 0 );
|
||||
|
||||
memset( zeroes, 0, sizeof( zeroes ) );
|
||||
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
|
||||
zeroes,
|
||||
16U - partial_block_len ) );
|
||||
}
|
||||
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_init( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_chacha20_free( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_free( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
int ret;
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char nonce[12],
|
||||
mbedtls_chachapoly_mode_t mode )
|
||||
{
|
||||
int ret;
|
||||
unsigned char poly1305_key[64];
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
|
||||
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with
|
||||
* counter = 0. This is the same as encrypting a buffer of zeroes.
|
||||
* Only the first 256-bits (32 bytes) of the key is used for Poly1305.
|
||||
* The other 256 bits are discarded.
|
||||
*/
|
||||
memset( poly1305_key, 0, sizeof( poly1305_key ) );
|
||||
ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
|
||||
poly1305_key, poly1305_key );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_AAD;
|
||||
ctx->mode = mode;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( poly1305_key, 64U );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char *aad,
|
||||
size_t aad_len )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
|
||||
if( ctx->state != CHACHAPOLY_STATE_AAD )
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
|
||||
ctx->aad_len += aad_len;
|
||||
|
||||
return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
||||
size_t len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int ret;
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
|
||||
|
||||
if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
|
||||
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
||||
if( ctx->state == CHACHAPOLY_STATE_AAD )
|
||||
{
|
||||
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
|
||||
|
||||
ret = chachapoly_pad_aad( ctx );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ctx->ciphertext_len += len;
|
||||
|
||||
if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
|
||||
{
|
||||
ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else /* DECRYPT */
|
||||
{
|
||||
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
||||
unsigned char mac[16] )
|
||||
{
|
||||
int ret;
|
||||
unsigned char len_block[16];
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( mac != NULL );
|
||||
|
||||
if( ctx->state == CHACHAPOLY_STATE_INIT )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
||||
if( ctx->state == CHACHAPOLY_STATE_AAD )
|
||||
{
|
||||
ret = chachapoly_pad_aad( ctx );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
|
||||
{
|
||||
ret = chachapoly_pad_ciphertext( ctx );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ctx->state = CHACHAPOLY_STATE_FINISHED;
|
||||
|
||||
/* The lengths of the AAD and ciphertext are processed by
|
||||
* Poly1305 as the final 128-bit block, encoded as little-endian integers.
|
||||
*/
|
||||
len_block[ 0] = (unsigned char)( ctx->aad_len );
|
||||
len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 );
|
||||
len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
|
||||
len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
|
||||
len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
|
||||
len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
|
||||
len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
|
||||
len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
|
||||
len_block[ 8] = (unsigned char)( ctx->ciphertext_len );
|
||||
len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 );
|
||||
len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
|
||||
len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
|
||||
len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
|
||||
len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
|
||||
len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
|
||||
len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
|
||||
|
||||
ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
|
||||
mbedtls_chachapoly_mode_t mode,
|
||||
size_t length,
|
||||
const unsigned char nonce[12],
|
||||
const unsigned char *aad,
|
||||
size_t aad_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned char tag[16] )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_chachapoly_update( ctx, length, input, output );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
ret = mbedtls_chachapoly_finish( ctx, tag );
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char nonce[12],
|
||||
const unsigned char *aad,
|
||||
size_t aad_len,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned char tag[16] )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
|
||||
length, nonce, aad, aad_len,
|
||||
input, output, tag ) );
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char nonce[12],
|
||||
const unsigned char *aad,
|
||||
size_t aad_len,
|
||||
const unsigned char tag[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int ret;
|
||||
unsigned char check_tag[16];
|
||||
size_t i;
|
||||
int diff;
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( ( ret = chachapoly_crypt_and_tag( ctx,
|
||||
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
|
||||
aad, aad_len, input, output, check_tag ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
|
||||
if( diff != 0 )
|
||||
{
|
||||
mbedtls_platform_zeroize( output, length );
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_CHACHAPOLY_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
static const unsigned char test_key[1][32] =
|
||||
{
|
||||
{
|
||||
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
||||
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
||||
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
|
||||
}
|
||||
};
|
||||
|
||||
static const unsigned char test_nonce[1][12] =
|
||||
{
|
||||
{
|
||||
0x07, 0x00, 0x00, 0x00, /* 32-bit common part */
|
||||
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 /* 64-bit IV */
|
||||
}
|
||||
};
|
||||
|
||||
static const unsigned char test_aad[1][12] =
|
||||
{
|
||||
{
|
||||
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
|
||||
0xc4, 0xc5, 0xc6, 0xc7
|
||||
}
|
||||
};
|
||||
|
||||
static const size_t test_aad_len[1] =
|
||||
{
|
||||
12U
|
||||
};
|
||||
|
||||
static const unsigned char test_input[1][114] =
|
||||
{
|
||||
{
|
||||
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
|
||||
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
|
||||
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
|
||||
0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
|
||||
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
|
||||
0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
|
||||
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
|
||||
0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
|
||||
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
|
||||
0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
|
||||
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
|
||||
0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
|
||||
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
|
||||
0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
|
||||
0x74, 0x2e
|
||||
}
|
||||
};
|
||||
|
||||
static const unsigned char test_output[1][114] =
|
||||
{
|
||||
{
|
||||
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
|
||||
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
|
||||
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
|
||||
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
|
||||
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
|
||||
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
|
||||
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
|
||||
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
|
||||
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
|
||||
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
|
||||
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
|
||||
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
|
||||
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
|
||||
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
|
||||
0x61, 0x16
|
||||
}
|
||||
};
|
||||
|
||||
static const size_t test_input_len[1] =
|
||||
{
|
||||
114U
|
||||
};
|
||||
|
||||
static const unsigned char test_mac[1][16] =
|
||||
{
|
||||
{
|
||||
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
|
||||
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
|
||||
}
|
||||
};
|
||||
|
||||
#define ASSERT( cond, args ) \
|
||||
do \
|
||||
{ \
|
||||
if( ! ( cond ) ) \
|
||||
{ \
|
||||
if( verbose != 0 ) \
|
||||
mbedtls_printf args; \
|
||||
\
|
||||
return( -1 ); \
|
||||
} \
|
||||
} \
|
||||
while( 0 )
|
||||
|
||||
int mbedtls_chachapoly_self_test( int verbose )
|
||||
{
|
||||
mbedtls_chachapoly_context ctx;
|
||||
unsigned i;
|
||||
int ret;
|
||||
unsigned char output[200];
|
||||
unsigned char mac[16];
|
||||
|
||||
for( i = 0U; i < 1U; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " ChaCha20-Poly1305 test %u ", i );
|
||||
|
||||
mbedtls_chachapoly_init( &ctx );
|
||||
|
||||
ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
|
||||
ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
|
||||
|
||||
ret = mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
test_input_len[i],
|
||||
test_nonce[i],
|
||||
test_aad[i],
|
||||
test_aad_len[i],
|
||||
test_input[i],
|
||||
output,
|
||||
mac );
|
||||
|
||||
ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
|
||||
|
||||
ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
|
||||
( "failure (wrong output)\n" ) );
|
||||
|
||||
ASSERT( 0 == memcmp( mac, test_mac[i], 16U ),
|
||||
( "failure (wrong MAC)\n" ) );
|
||||
|
||||
mbedtls_chachapoly_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_CHACHAPOLY_C */
|
1540
library/cipher.c
1540
library/cipher.c
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
1078
library/cmac.c
1078
library/cmac.c
File diff suppressed because it is too large
Load diff
|
@ -1,751 +0,0 @@
|
|||
/*
|
||||
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* The NIST SP 800-90 DRBGs are described in the following publication.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
/*
|
||||
* CTR_DRBG context initialization
|
||||
*/
|
||||
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &ctx->mutex );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
|
||||
* NIST tests to succeed (which require known length fixed entropy)
|
||||
*/
|
||||
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
|
||||
* mbedtls_ctr_drbg_seed_entropy_len(ctx, f_entropy, p_entropy,
|
||||
* custom, len, entropy_len)
|
||||
* implements
|
||||
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
|
||||
* security_strength) -> initial_working_state
|
||||
* with inputs
|
||||
* custom[:len] = nonce || personalization_string
|
||||
* where entropy_input comes from f_entropy for entropy_len bytes
|
||||
* and with outputs
|
||||
* ctx = initial_working_state
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed_entropy_len(
|
||||
mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len,
|
||||
size_t entropy_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
|
||||
|
||||
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
|
||||
|
||||
mbedtls_aes_init( &ctx->aes_ctx );
|
||||
|
||||
ctx->f_entropy = f_entropy;
|
||||
ctx->p_entropy = p_entropy;
|
||||
|
||||
ctx->entropy_len = entropy_len;
|
||||
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
|
||||
|
||||
/*
|
||||
* Initialize with an empty key
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
|
||||
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len )
|
||||
{
|
||||
return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy,
|
||||
custom, len,
|
||||
MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
|
||||
}
|
||||
|
||||
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_aes_free( &ctx->aes_ctx );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
|
||||
int resistance )
|
||||
{
|
||||
ctx->prediction_resistance = resistance;
|
||||
}
|
||||
|
||||
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
|
||||
size_t len )
|
||||
{
|
||||
ctx->entropy_len = len;
|
||||
}
|
||||
|
||||
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
||||
int interval )
|
||||
{
|
||||
ctx->reseed_interval = interval;
|
||||
}
|
||||
|
||||
static int block_cipher_df( unsigned char *output,
|
||||
const unsigned char *data, size_t data_len )
|
||||
{
|
||||
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
|
||||
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
|
||||
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
|
||||
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
|
||||
unsigned char *p, *iv;
|
||||
mbedtls_aes_context aes_ctx;
|
||||
int ret = 0;
|
||||
|
||||
int i, j;
|
||||
size_t buf_len, use_len;
|
||||
|
||||
if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
|
||||
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
|
||||
mbedtls_aes_init( &aes_ctx );
|
||||
|
||||
/*
|
||||
* Construct IV (16 bytes) and S in buffer
|
||||
* IV = Counter (in 32-bits) padded to 16 with zeroes
|
||||
* S = Length input string (in 32-bits) || Length of output (in 32-bits) ||
|
||||
* data || 0x80
|
||||
* (Total is padded to a multiple of 16-bytes with zeroes)
|
||||
*/
|
||||
p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
*p++ = ( data_len >> 24 ) & 0xff;
|
||||
*p++ = ( data_len >> 16 ) & 0xff;
|
||||
*p++ = ( data_len >> 8 ) & 0xff;
|
||||
*p++ = ( data_len ) & 0xff;
|
||||
p += 3;
|
||||
*p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
|
||||
memcpy( p, data, data_len );
|
||||
p[data_len] = 0x80;
|
||||
|
||||
buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
|
||||
|
||||
for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
|
||||
key[i] = i;
|
||||
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
|
||||
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
|
||||
*/
|
||||
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
p = buf;
|
||||
memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
use_len = buf_len;
|
||||
|
||||
while( use_len > 0 )
|
||||
{
|
||||
for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
|
||||
chain[i] ^= p[i];
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
|
||||
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
|
||||
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||
chain, chain ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
/*
|
||||
* Update IV
|
||||
*/
|
||||
buf[3]++;
|
||||
}
|
||||
|
||||
/*
|
||||
* Do final encryption with reduced data
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
|
||||
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
|
||||
p = output;
|
||||
|
||||
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||
iv, iv ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
exit:
|
||||
mbedtls_aes_free( &aes_ctx );
|
||||
/*
|
||||
* tidy up the stack
|
||||
*/
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( key, sizeof( key ) );
|
||||
mbedtls_platform_zeroize( chain, sizeof( chain ) );
|
||||
if( 0 != ret )
|
||||
{
|
||||
/*
|
||||
* wipe partial seed from memory
|
||||
*/
|
||||
mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* CTR_DRBG_Update (SP 800-90A §10.2.1.2)
|
||||
* ctr_drbg_update_internal(ctx, provided_data)
|
||||
* implements
|
||||
* CTR_DRBG_Update(provided_data, Key, V)
|
||||
* with inputs and outputs
|
||||
* ctx->aes_ctx = Key
|
||||
* ctx->counter = V
|
||||
*/
|
||||
static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
|
||||
{
|
||||
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
unsigned char *p = tmp;
|
||||
int i, j;
|
||||
int ret = 0;
|
||||
|
||||
memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
|
||||
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
/*
|
||||
* Increase counter
|
||||
*/
|
||||
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++ctx->counter[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||
ctx->counter, p ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
||||
for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
|
||||
tmp[i] ^= data[i];
|
||||
|
||||
/*
|
||||
* Update key and counter
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
|
||||
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
|
||||
MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
|
||||
* mbedtls_ctr_drbg_update(ctx, additional, add_len)
|
||||
* implements
|
||||
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
|
||||
* security_strength) -> initial_working_state
|
||||
* with inputs
|
||||
* ctx->counter = all-bits-0
|
||||
* ctx->aes_ctx = context from all-bits-0 key
|
||||
* additional[:add_len] = entropy_input || nonce || personalization_string
|
||||
* and with outputs
|
||||
* ctx = initial_working_state
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
int ret;
|
||||
|
||||
if( add_len == 0 )
|
||||
return( 0 );
|
||||
|
||||
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional,
|
||||
size_t add_len )
|
||||
{
|
||||
/* MAX_INPUT would be more logical here, but we have to match
|
||||
* block_cipher_df()'s limits since we can't propagate errors */
|
||||
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
|
||||
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
|
||||
(void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
|
||||
* mbedtls_ctr_drbg_reseed(ctx, additional, len)
|
||||
* implements
|
||||
* CTR_DRBG_Reseed(working_state, entropy_input, additional_input)
|
||||
* -> new_working_state
|
||||
* with inputs
|
||||
* ctx contains working_state
|
||||
* additional[:len] = additional_input
|
||||
* and entropy_input comes from calling ctx->f_entropy
|
||||
* and with output
|
||||
* ctx contains new_working_state
|
||||
*/
|
||||
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len )
|
||||
{
|
||||
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
|
||||
size_t seedlen = 0;
|
||||
int ret;
|
||||
|
||||
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
|
||||
len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
|
||||
|
||||
/*
|
||||
* Gather entropy_len bytes of entropy to seed state
|
||||
*/
|
||||
if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
|
||||
ctx->entropy_len ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
|
||||
}
|
||||
|
||||
seedlen += ctx->entropy_len;
|
||||
|
||||
/*
|
||||
* Add additional data
|
||||
*/
|
||||
if( additional && len )
|
||||
{
|
||||
memcpy( seed + seedlen, additional, len );
|
||||
seedlen += len;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reduce to 384 bits
|
||||
*/
|
||||
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Update state
|
||||
*/
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
|
||||
goto exit;
|
||||
ctx->reseed_counter = 1;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( seed, sizeof( seed ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2)
|
||||
* mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len)
|
||||
* implements
|
||||
* CTR_DRBG_Reseed(working_state, entropy_input, additional[:add_len])
|
||||
* -> working_state_after_reseed
|
||||
* if required, then
|
||||
* CTR_DRBG_Generate(working_state_after_reseed,
|
||||
* requested_number_of_bits, additional_input)
|
||||
* -> status, returned_bits, new_working_state
|
||||
* with inputs
|
||||
* ctx contains working_state
|
||||
* requested_number_of_bits = 8 * output_len
|
||||
* additional[:add_len] = additional_input
|
||||
* and entropy_input comes from calling ctx->f_entropy
|
||||
* and with outputs
|
||||
* status = SUCCESS (this function does the reseed internally)
|
||||
* returned_bits = output[:output_len]
|
||||
* ctx contains new_working_state
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
|
||||
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
unsigned char *p = output;
|
||||
unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
|
||||
int i;
|
||||
size_t use_len;
|
||||
|
||||
if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
|
||||
|
||||
if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
|
||||
if( ctx->reseed_counter > ctx->reseed_interval ||
|
||||
ctx->prediction_resistance )
|
||||
{
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
add_len = 0;
|
||||
}
|
||||
|
||||
if( add_len > 0 )
|
||||
{
|
||||
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
while( output_len > 0 )
|
||||
{
|
||||
/*
|
||||
* Increase counter
|
||||
*/
|
||||
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++ctx->counter[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
|
||||
ctx->counter, tmp ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
|
||||
/*
|
||||
* Copy random block to destination
|
||||
*/
|
||||
memcpy( p, tmp, use_len );
|
||||
p += use_len;
|
||||
output_len -= use_len;
|
||||
}
|
||||
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
ctx->reseed_counter++;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
|
||||
size_t output_len )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
|
||||
const char *path )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
FILE *f;
|
||||
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
|
||||
MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
|
||||
MBEDTLS_CTR_DRBG_MAX_INPUT )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
|
||||
const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f = NULL;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
|
||||
unsigned char c;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
n = fread( buf, 1, sizeof( buf ), f );
|
||||
if( fread( &c, 1, 1, f ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
|
||||
goto exit;
|
||||
}
|
||||
if( n == 0 || ferror( f ) )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
fclose( f );
|
||||
f = NULL;
|
||||
|
||||
ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
if( f != NULL )
|
||||
fclose( f );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
static const unsigned char entropy_source_pr[96] =
|
||||
{ 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
|
||||
0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
|
||||
0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
|
||||
0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
|
||||
0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
|
||||
0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
|
||||
0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
|
||||
0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
|
||||
0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
|
||||
0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
|
||||
0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
|
||||
0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
|
||||
|
||||
static const unsigned char entropy_source_nopr[64] =
|
||||
{ 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
|
||||
0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
|
||||
0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
|
||||
0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
|
||||
0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
|
||||
0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
|
||||
0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
|
||||
0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
|
||||
|
||||
static const unsigned char nonce_pers_pr[16] =
|
||||
{ 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
|
||||
0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
|
||||
|
||||
static const unsigned char nonce_pers_nopr[16] =
|
||||
{ 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
|
||||
0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
|
||||
|
||||
static const unsigned char result_pr[16] =
|
||||
{ 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
|
||||
0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
|
||||
|
||||
static const unsigned char result_nopr[16] =
|
||||
{ 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
|
||||
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
|
||||
|
||||
static size_t test_offset;
|
||||
static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
const unsigned char *p = data;
|
||||
memcpy( buf, p + test_offset, len );
|
||||
test_offset += len;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#define CHK( c ) if( (c) != 0 ) \
|
||||
{ \
|
||||
if( verbose != 0 ) \
|
||||
mbedtls_printf( "failed\n" ); \
|
||||
return( 1 ); \
|
||||
}
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_ctr_drbg_self_test( int verbose )
|
||||
{
|
||||
mbedtls_ctr_drbg_context ctx;
|
||||
unsigned char buf[16];
|
||||
|
||||
mbedtls_ctr_drbg_init( &ctx );
|
||||
|
||||
/*
|
||||
* Based on a NIST CTR_DRBG test vector (PR = True)
|
||||
*/
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " CTR_DRBG (PR = TRUE) : " );
|
||||
|
||||
test_offset = 0;
|
||||
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
|
||||
(void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
|
||||
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
|
||||
CHK( memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
|
||||
|
||||
mbedtls_ctr_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
/*
|
||||
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
|
||||
*/
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " CTR_DRBG (PR = FALSE): " );
|
||||
|
||||
mbedtls_ctr_drbg_init( &ctx );
|
||||
|
||||
test_offset = 0;
|
||||
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
|
||||
(void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
|
||||
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
|
||||
CHK( memcmp( buf, result_nopr, 16 ) );
|
||||
|
||||
mbedtls_ctr_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_CTR_DRBG_C */
|
1064
library/des.c
1064
library/des.c
File diff suppressed because it is too large
Load diff
712
library/dhm.c
712
library/dhm.c
|
@ -1,712 +0,0 @@
|
|||
/*
|
||||
* Diffie-Hellman-Merkle key exchange
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* The following sources were referenced in the design of this implementation
|
||||
* of the Diffie-Hellman-Merkle algorithm:
|
||||
*
|
||||
* [1] Handbook of Applied Cryptography - 1997, Chapter 12
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
*
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
|
||||
#include "mbedtls/dhm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
#include "mbedtls/pem.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#include "mbedtls/asn1.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
|
||||
#define DHM_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
|
||||
#define DHM_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* helper to validate the mbedtls_mpi size and import it
|
||||
*/
|
||||
static int dhm_read_bignum( mbedtls_mpi *X,
|
||||
unsigned char **p,
|
||||
const unsigned char *end )
|
||||
{
|
||||
int ret, n;
|
||||
|
||||
if( end - *p < 2 )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
n = ( (*p)[0] << 8 ) | (*p)[1];
|
||||
(*p) += 2;
|
||||
|
||||
if( (int)( end - *p ) < n )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
|
||||
return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret );
|
||||
|
||||
(*p) += n;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify sanity of parameter with regards to P
|
||||
*
|
||||
* Parameter should be: 2 <= public_param <= P - 2
|
||||
*
|
||||
* This means that we need to return an error if
|
||||
* public_param < 2 or public_param > P-2
|
||||
*
|
||||
* For more information on the attack, see:
|
||||
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
|
||||
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
|
||||
*/
|
||||
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
|
||||
{
|
||||
mbedtls_mpi L, U;
|
||||
int ret = 0;
|
||||
|
||||
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
|
||||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
|
||||
{
|
||||
DHM_VALIDATE( ctx != NULL );
|
||||
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse the ServerKeyExchange parameters
|
||||
*/
|
||||
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
||||
unsigned char **p,
|
||||
const unsigned char *end )
|
||||
{
|
||||
int ret;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( p != NULL && *p != NULL );
|
||||
DHM_VALIDATE_RET( end != NULL );
|
||||
|
||||
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
|
||||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
|
||||
( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->P );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup and write the ServerKeyExchange parameters
|
||||
*/
|
||||
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret, count = 0;
|
||||
size_t n1, n2, n3;
|
||||
unsigned char *p;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( olen != NULL );
|
||||
DHM_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
* Generate X as large as possible ( < P )
|
||||
*/
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
|
||||
|
||||
while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
|
||||
|
||||
if( count++ > 10 )
|
||||
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
|
||||
}
|
||||
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
|
||||
|
||||
/*
|
||||
* Calculate GX = G^X mod P
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
|
||||
&ctx->P , &ctx->RP ) );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/*
|
||||
* export P, G, GX
|
||||
*/
|
||||
#define DHM_MPI_EXPORT( X, n ) \
|
||||
do { \
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
|
||||
p + 2, \
|
||||
( n ) ) ); \
|
||||
*p++ = (unsigned char)( ( n ) >> 8 ); \
|
||||
*p++ = (unsigned char)( ( n ) ); \
|
||||
p += ( n ); \
|
||||
} while( 0 )
|
||||
|
||||
n1 = mbedtls_mpi_size( &ctx->P );
|
||||
n2 = mbedtls_mpi_size( &ctx->G );
|
||||
n3 = mbedtls_mpi_size( &ctx->GX );
|
||||
|
||||
p = output;
|
||||
DHM_MPI_EXPORT( &ctx->P , n1 );
|
||||
DHM_MPI_EXPORT( &ctx->G , n2 );
|
||||
DHM_MPI_EXPORT( &ctx->GX, n3 );
|
||||
|
||||
*olen = p - output;
|
||||
|
||||
ctx->len = n1;
|
||||
|
||||
cleanup:
|
||||
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Set prime modulus and generator
|
||||
*/
|
||||
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
||||
const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *G )
|
||||
{
|
||||
int ret;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( P != NULL );
|
||||
DHM_VALIDATE_RET( G != NULL );
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );
|
||||
}
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->P );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Import the peer's public value G^Y
|
||||
*/
|
||||
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
||||
const unsigned char *input, size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( input != NULL );
|
||||
|
||||
if( ilen < 1 || ilen > ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
|
||||
return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Create own private value X and export G^X
|
||||
*/
|
||||
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret, count = 0;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
if( olen < 1 || olen > ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
* generate X and calculate GX = G^X mod P
|
||||
*/
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
|
||||
|
||||
while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
|
||||
|
||||
if( count++ > 10 )
|
||||
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
|
||||
}
|
||||
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
|
||||
&ctx->P , &ctx->RP ) );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
|
||||
|
||||
cleanup:
|
||||
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Use the blinding method and optimisation suggested in section 10 of:
|
||||
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
||||
* DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
|
||||
* Berlin Heidelberg, 1996. p. 104-113.
|
||||
*/
|
||||
static int dhm_update_blinding( mbedtls_dhm_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
int ret, count;
|
||||
|
||||
/*
|
||||
* Don't use any blinding the first time a particular X is used,
|
||||
* but remember it to use blinding next time.
|
||||
*/
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Ok, we need blinding. Can we re-use existing values?
|
||||
* If yes, just update them by squaring them.
|
||||
*/
|
||||
if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* We need to generate blinding values from scratch
|
||||
*/
|
||||
|
||||
/* Vi = random( 2, P-1 ) */
|
||||
count = 0;
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) );
|
||||
|
||||
while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
|
||||
|
||||
if( count++ > 10 )
|
||||
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
|
||||
}
|
||||
while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
|
||||
|
||||
/* Vf = Vi^-X mod P */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Derive and export the shared secret (G^Y)^X mod P
|
||||
*/
|
||||
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
||||
unsigned char *output, size_t output_size, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_mpi GYb;
|
||||
DHM_VALIDATE_RET( ctx != NULL );
|
||||
DHM_VALIDATE_RET( output != NULL );
|
||||
DHM_VALIDATE_RET( olen != NULL );
|
||||
|
||||
if( output_size < ctx->len )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
mbedtls_mpi_init( &GYb );
|
||||
|
||||
/* Blind peer's value */
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
|
||||
}
|
||||
else
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
|
||||
|
||||
/* Do modular exponentiation */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
|
||||
&ctx->P, &ctx->RP ) );
|
||||
|
||||
/* Unblind secret value */
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
|
||||
}
|
||||
|
||||
*olen = mbedtls_mpi_size( &ctx->K );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
|
||||
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &GYb );
|
||||
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Free the components of a DHM key
|
||||
*/
|
||||
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_mpi_free( &ctx->pX );
|
||||
mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->Vi );
|
||||
mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->K );
|
||||
mbedtls_mpi_free( &ctx->GY );
|
||||
mbedtls_mpi_free( &ctx->GX );
|
||||
mbedtls_mpi_free( &ctx->X );
|
||||
mbedtls_mpi_free( &ctx->G );
|
||||
mbedtls_mpi_free( &ctx->P );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
/*
|
||||
* Parse DHM parameters
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
||||
size_t dhminlen )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_context pem;
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
DHM_VALIDATE_RET( dhm != NULL );
|
||||
DHM_VALIDATE_RET( dhmin != NULL );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN DH PARAMETERS-----",
|
||||
"-----END DH PARAMETERS-----",
|
||||
dhmin, NULL, 0, &dhminlen );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
dhminlen = pem.buflen;
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
goto exit;
|
||||
|
||||
p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
|
||||
#else
|
||||
p = (unsigned char *) dhmin;
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
end = p + dhminlen;
|
||||
|
||||
/*
|
||||
* DHParams ::= SEQUENCE {
|
||||
* prime INTEGER, -- P
|
||||
* generator INTEGER, -- g
|
||||
* privateValueLength INTEGER OPTIONAL
|
||||
* }
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
end = p + len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
/* This might be the optional privateValueLength.
|
||||
* If so, we can cleanly discard it */
|
||||
mbedtls_mpi rec;
|
||||
mbedtls_mpi_init( &rec );
|
||||
ret = mbedtls_asn1_get_mpi( &p, end, &rec );
|
||||
mbedtls_mpi_free( &rec );
|
||||
if ( ret != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
|
||||
goto exit;
|
||||
}
|
||||
if ( p != end )
|
||||
{
|
||||
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
dhm->len = mbedtls_mpi_size( &dhm->P );
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_free( &pem );
|
||||
#endif
|
||||
if( ret != 0 )
|
||||
mbedtls_dhm_free( dhm );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*
|
||||
* The file is expected to contain either PEM or DER encoded data.
|
||||
* A terminating null byte is always appended. It is included in the announced
|
||||
* length only if the data looks like it is PEM encoded.
|
||||
*/
|
||||
static int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
{
|
||||
FILE *f;
|
||||
long size;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
if( ( size = ftell( f ) ) == -1 )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
|
||||
}
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
*n = (size_t) size;
|
||||
|
||||
if( *n + 1 == 0 ||
|
||||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
|
||||
}
|
||||
|
||||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
|
||||
mbedtls_platform_zeroize( *buf, *n + 1 );
|
||||
mbedtls_free( *buf );
|
||||
|
||||
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
||||
(*buf)[*n] = '\0';
|
||||
|
||||
if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
|
||||
++*n;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Load and parse DHM parameters
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
||||
{
|
||||
int ret;
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
DHM_VALIDATE_RET( dhm != NULL );
|
||||
DHM_VALIDATE_RET( path != NULL );
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
|
||||
|
||||
mbedtls_platform_zeroize( buf, n );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
static const char mbedtls_test_dhm_params[] =
|
||||
"-----BEGIN DH PARAMETERS-----\r\n"
|
||||
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
|
||||
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
|
||||
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
|
||||
"-----END DH PARAMETERS-----\r\n";
|
||||
#else /* MBEDTLS_PEM_PARSE_C */
|
||||
static const char mbedtls_test_dhm_params[] = {
|
||||
0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
|
||||
0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
|
||||
0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
|
||||
0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
|
||||
0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
|
||||
0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
|
||||
0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
|
||||
0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
|
||||
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
|
||||
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
|
||||
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
|
||||
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int mbedtls_dhm_self_test( int verbose )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_dhm_context dhm;
|
||||
|
||||
mbedtls_dhm_init( &dhm );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " DHM parameter load: " );
|
||||
|
||||
if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
|
||||
(const unsigned char *) mbedtls_test_dhm_params,
|
||||
mbedtls_test_dhm_params_len ) ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n\n" );
|
||||
|
||||
exit:
|
||||
mbedtls_dhm_free( &dhm );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* MBEDTLS_DHM_C */
|
680
library/ecdh.c
680
library/ecdh.c
|
@ -1,680 +0,0 @@
|
|||
/*
|
||||
* Elliptic curve Diffie-Hellman
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* References:
|
||||
*
|
||||
* SEC1 http://www.secg.org/index.php?action=secg,docs_secg
|
||||
* RFC 4492
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
|
||||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define ECDH_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||
#define ECDH_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
|
||||
#endif
|
||||
|
||||
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
|
||||
const mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ctx->grp.id );
|
||||
#else
|
||||
return( ctx->grp_id );
|
||||
#endif
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
|
||||
/*
|
||||
* Generate public key (restartable version)
|
||||
*
|
||||
* Note: this internal function relies on its caller preserving the value of
|
||||
* the output parameter 'd' across continuation calls. This would not be
|
||||
* acceptable for a public function but is OK here as we control call sites.
|
||||
*/
|
||||
static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_ecp_restart_ctx *rs_ctx )
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* If multiplication is in progress, we already generated a privkey */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
|
||||
#endif
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
|
||||
f_rng, p_rng, rs_ctx ) );
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate public key
|
||||
*/
|
||||
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDH_VALIDATE_RET( grp != NULL );
|
||||
ECDH_VALIDATE_RET( d != NULL );
|
||||
ECDH_VALIDATE_RET( Q != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
|
||||
/*
|
||||
* Compute shared secret (SEC1 3.3.1)
|
||||
*/
|
||||
static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
|
||||
mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_ecp_restart_ctx *rs_ctx )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ecp_point P;
|
||||
|
||||
mbedtls_ecp_point_init( &P );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q,
|
||||
f_rng, p_rng, rs_ctx ) );
|
||||
|
||||
if( mbedtls_ecp_is_zero( &P ) )
|
||||
{
|
||||
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
|
||||
|
||||
cleanup:
|
||||
mbedtls_ecp_point_free( &P );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute shared secret (SEC1 3.3.1)
|
||||
*/
|
||||
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
ECDH_VALIDATE_RET( grp != NULL );
|
||||
ECDH_VALIDATE_RET( Q != NULL );
|
||||
ECDH_VALIDATE_RET( d != NULL );
|
||||
ECDH_VALIDATE_RET( z != NULL );
|
||||
return( ecdh_compute_shared_restartable( grp, z, Q, d,
|
||||
f_rng, p_rng, NULL ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
|
||||
|
||||
static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
|
||||
{
|
||||
mbedtls_ecp_group_init( &ctx->grp );
|
||||
mbedtls_mpi_init( &ctx->d );
|
||||
mbedtls_ecp_point_init( &ctx->Q );
|
||||
mbedtls_ecp_point_init( &ctx->Qp );
|
||||
mbedtls_mpi_init( &ctx->z );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_init( &ctx->rs );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
ECDH_VALIDATE( ctx != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
ecdh_init_internal( ctx );
|
||||
mbedtls_ecp_point_init( &ctx->Vi );
|
||||
mbedtls_ecp_point_init( &ctx->Vf );
|
||||
mbedtls_mpi_init( &ctx->_d );
|
||||
#else
|
||||
memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
|
||||
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
|
||||
#endif
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
ctx->restart_enabled = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
|
||||
if( ret != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup context
|
||||
*/
|
||||
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_setup_internal( ctx, grp_id ) );
|
||||
#else
|
||||
switch( grp_id )
|
||||
{
|
||||
default:
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
ctx->grp_id = grp_id;
|
||||
ecdh_init_internal( &ctx->ctx.mbed_ecdh );
|
||||
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
|
||||
{
|
||||
mbedtls_ecp_group_free( &ctx->grp );
|
||||
mbedtls_mpi_free( &ctx->d );
|
||||
mbedtls_ecp_point_free( &ctx->Q );
|
||||
mbedtls_ecp_point_free( &ctx->Qp );
|
||||
mbedtls_mpi_free( &ctx->z );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_free( &ctx->rs );
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/*
|
||||
* Enable restartable operations for context
|
||||
*/
|
||||
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
ECDH_VALIDATE( ctx != NULL );
|
||||
|
||||
ctx->restart_enabled = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Free context
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
mbedtls_ecp_point_free( &ctx->Vi );
|
||||
mbedtls_ecp_point_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->_d );
|
||||
ecdh_free_internal( ctx );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
ecdh_free_internal( &ctx->ctx.mbed_ecdh );
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
|
||||
ctx->grp_id = MBEDTLS_ECP_DP_NONE;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, int point_format,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
size_t grp_len, pt_len;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
|
||||
#endif
|
||||
|
||||
if( ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng, rs_ctx ) ) != 0 )
|
||||
return( ret );
|
||||
#else
|
||||
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng ) ) != 0 )
|
||||
return( ret );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
|
||||
blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
buf += grp_len;
|
||||
blen -= grp_len;
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
|
||||
&pt_len, buf, blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
*olen = grp_len + pt_len;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup and write the ServerKeyExhange parameters (RFC 4492)
|
||||
* struct {
|
||||
* ECParameters curve_params;
|
||||
* ECPoint public;
|
||||
* } ServerECDHParams;
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
|
||||
f_rng, p_rng, restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
|
||||
ctx->point_format, buf, blen,
|
||||
f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
|
||||
end - *buf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Read the ServerKeyExhange parameters (RFC 4492)
|
||||
* struct {
|
||||
* ECParameters curve_params;
|
||||
* ECPoint public;
|
||||
* } ServerECDHParams;
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ecp_group_id grp_id;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( *buf != NULL );
|
||||
ECDH_VALIDATE_RET( end != NULL );
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
|
||||
!= 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_read_params_internal( ctx, buf, end ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
|
||||
buf, end ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side )
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* If it's not our key, just import the public part as Qp */
|
||||
if( side == MBEDTLS_ECDH_THEIRS )
|
||||
return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
|
||||
|
||||
/* Our key: import public (as Q) and private parts */
|
||||
if( side != MBEDTLS_ECDH_OURS )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get parameters from a keypair
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
|
||||
const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side )
|
||||
{
|
||||
int ret;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( key != NULL );
|
||||
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
|
||||
side == MBEDTLS_ECDH_THEIRS );
|
||||
|
||||
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
|
||||
{
|
||||
/* This is the first call to get_params(). Set up the context
|
||||
* for use with the group. */
|
||||
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* This is not the first call to get_params(). Check that the
|
||||
* current key's group is the same as the context's, which was set
|
||||
* from the first key's group. */
|
||||
if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_get_params_internal( ctx, key, side ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
|
||||
key, side ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, int point_format,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
|
||||
#endif
|
||||
|
||||
if( ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng, rs_ctx ) ) != 0 )
|
||||
return( ret );
|
||||
#else
|
||||
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
|
||||
f_rng, p_rng ) ) != 0 )
|
||||
return( ret );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
|
||||
buf, blen );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup and export the client public value
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
ECDH_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
|
||||
f_rng, p_rng, restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
|
||||
ctx->point_format, buf, blen,
|
||||
f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
int ret;
|
||||
const unsigned char *p = buf;
|
||||
|
||||
if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
|
||||
blen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( (size_t)( p - buf ) != blen )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse and import the client's public value
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_read_public_internal( ctx, buf, blen ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
|
||||
buf, blen ) );
|
||||
default:
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *olen, unsigned char *buf,
|
||||
size_t blen,
|
||||
int (*f_rng)(void *,
|
||||
unsigned char *,
|
||||
size_t),
|
||||
void *p_rng,
|
||||
int restart_enabled )
|
||||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
|
||||
#endif
|
||||
|
||||
if( ctx == NULL || ctx->grp.pbits == 0 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( restart_enabled )
|
||||
rs_ctx = &ctx->rs;
|
||||
#else
|
||||
(void) restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
|
||||
&ctx->d, f_rng, p_rng,
|
||||
rs_ctx ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
#else
|
||||
if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp,
|
||||
&ctx->d, f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
if( mbedtls_mpi_size( &ctx->z ) > blen )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
*olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
|
||||
|
||||
if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
|
||||
return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
|
||||
|
||||
return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
|
||||
}
|
||||
|
||||
/*
|
||||
* Derive and export the shared secret
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int restart_enabled = 0;
|
||||
ECDH_VALIDATE_RET( ctx != NULL );
|
||||
ECDH_VALIDATE_RET( olen != NULL );
|
||||
ECDH_VALIDATE_RET( buf != NULL );
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
restart_enabled = ctx->restart_enabled;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
#else
|
||||
switch( ctx->var )
|
||||
{
|
||||
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
|
||||
return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
|
||||
blen, f_rng, p_rng,
|
||||
restart_enabled ) );
|
||||
default:
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue