Update mbedTLS to 2.7.0 (#2267)
* mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
This commit is contained in:
parent
f2d605d27c
commit
5c8af3c452
app
include/mbedtls
aes.haesni.harc4.hasn1.hasn1write.hbase64.hbignum.hblowfish.hbn_mul.hcamellia.hccm.hcerts.hcheck_config.hcipher.hcipher_internal.hcmac.hcompat-1.3.hconfig.hctr_drbg.hdebug.hdes.hdhm.hecdh.hecdsa.hecjpake.hecp.hecp_internal.hentropy.hentropy_poll.herror.hgcm.hhavege.hhmac_drbg.hmd.hmd2.hmd4.hmd5.hmd_internal.hmemory_buffer_alloc.hnet.hnet_sockets.hoid.hpadlock.hpem.hpk.hpk_internal.hpkcs11.hpkcs12.hpkcs5.hplatform.hplatform_time.hripemd160.hrsa.hrsa_internal.hsha1.hsha256.hsha512.hssl.hssl_cache.hssl_ciphersuites.hssl_cookie.hssl_internal.hssl_ticket.hthreading.htiming.hversion.hx509.hx509_crl.hx509_crt.hx509_csr.hxtea.h
mbedtls/library
|
@ -1,9 +1,18 @@
|
|||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief AES block cipher
|
||||
* \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved
|
||||
* cryptographic algorithm that can be used to protect electronic
|
||||
* data.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The AES algorithm is a symmetric block cipher that can
|
||||
* encrypt and decrypt information. For more information, see
|
||||
* <em>FIPS Publication 197: Advanced Encryption Standard</em> and
|
||||
* <em>ISO/IEC 18033-2:2006: Information technology -- Security
|
||||
* techniques -- Encryption algorithms -- Part 2: Asymmetric
|
||||
* ciphers</em>.
|
||||
*/
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,8 +27,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AES_H
|
||||
#define MBEDTLS_AES_H
|
||||
|
||||
|
@ -33,12 +43,17 @@
|
|||
#include <stdint.h>
|
||||
|
||||
/* padlock.c and aesni.c rely on these values! */
|
||||
#define MBEDTLS_AES_ENCRYPT 1
|
||||
#define MBEDTLS_AES_DECRYPT 0
|
||||
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
|
||||
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
|
||||
|
||||
/* Error codes in range 0x0020-0x0022 */
|
||||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
/* Error codes in range 0x0023-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
|
@ -53,68 +68,90 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief AES context structure
|
||||
*
|
||||
* \note buf is able to hold 32 extra bytes, which can be used:
|
||||
* - for alignment purposes if VIA padlock is used, and/or
|
||||
* - to simplify key expansion in the 256-bit case by
|
||||
* generating an extra round key
|
||||
* \brief The AES context-type definition.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int nr; /*!< number of rounds */
|
||||
uint32_t *rk; /*!< AES round keys */
|
||||
uint32_t buf[68]; /*!< unaligned data */
|
||||
int nr; /*!< The number of rounds. */
|
||||
uint32_t *rk; /*!< AES round keys. */
|
||||
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
|
||||
hold 32 extra Bytes, which can be used for
|
||||
one of the following purposes:
|
||||
<ul><li>Alignment if VIA padlock is
|
||||
used.</li>
|
||||
<li>Simplifying key expansion in the 256-bit
|
||||
case by generating an extra round key.
|
||||
</li></ul> */
|
||||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize AES context
|
||||
* \brief This function initializes the specified AES context.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES context to initialize.
|
||||
*/
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear AES context
|
||||
* \brief This function releases and clears the specified AES context.
|
||||
*
|
||||
* \param ctx AES context to be cleared
|
||||
* \param ctx The AES context to clear.
|
||||
*/
|
||||
void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (encryption)
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (decryption)
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* \param key The decryption key.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES-ECB block encryption/decryption
|
||||
* \brief This function performs an AES single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
* It performs the operation defined in the \p mode parameter
|
||||
* (encrypt or decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
|
||||
* mbedtls_aes_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
|
@ -123,26 +160,40 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief AES-CBC buffer encryption/decryption
|
||||
* Length should be a multiple of the block
|
||||
* size (16 bytes)
|
||||
* \brief This function performs an AES-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aes_init(), and either
|
||||
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the AES block size of 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
|
@ -154,29 +205,38 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief AES-CFB128 buffer encryption/decryption.
|
||||
* \brief This function performs an AES-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv_off offset in IV (updated after use)
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
|
@ -187,28 +247,36 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
|||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief AES-CFB8 buffer encryption/decryption.
|
||||
* \brief This function performs an AES-CFB8 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined
|
||||
* in the \p input parameter.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* Due to the nature of CFB, you must use the same key schedule for
|
||||
* both encryption and decryption operations. Therefore, you must
|
||||
* use the context initialized with mbedtls_aes_setkey_enc() for
|
||||
* both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT
|
||||
* \param length The length of the input data.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
|
@ -220,26 +288,32 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief AES-CTR buffer encryption/decryption
|
||||
* \brief This function performs an AES-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aes_setkey_enc()
|
||||
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream-block for resuming. Is overwritten
|
||||
* by the function.
|
||||
* \param input The input data stream
|
||||
* \param output The output data stream
|
||||
* \warning You must keep the maximum use of your counter in mind.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
|
@ -251,30 +325,30 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
/**
|
||||
* \brief Internal AES block encryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_ENCRYPT_ALT)
|
||||
* \brief Internal AES block encryption function. This is only
|
||||
* exposed to allow overriding it using
|
||||
* \c MBEDTLS_AES_ENCRYPT_ALT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input The plaintext block.
|
||||
* \param output The output (ciphertext) block.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal AES block decryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_DECRYPT_ALT)
|
||||
* \brief Internal AES block decryption function. This is only
|
||||
* exposed to allow overriding it using see
|
||||
* \c MBEDTLS_AES_DECRYPT_ALT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input The ciphertext block.
|
||||
* \param output The output (plaintext) block.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
|
@ -290,11 +364,11 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
* \brief Deprecated internal AES block encryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input Plaintext block.
|
||||
* \param output Output (ciphertext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
|
@ -304,11 +378,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
* \brief Deprecated internal AES block decryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input Ciphertext block.
|
||||
* \param output Output (plaintext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
|
@ -330,9 +404,9 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file aesni.h
|
||||
*
|
||||
* \brief AES-NI for hardware AES acceleration on some Intel processors
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
*
|
||||
* \brief The ARCFOUR stream cipher
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -19,6 +23,7 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_ARC4_H
|
||||
#define MBEDTLS_ARC4_H
|
||||
|
@ -31,6 +36,8 @@
|
|||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -40,7 +47,11 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief ARC4 context structure
|
||||
* \brief ARC4 context structure
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -54,6 +65,11 @@ mbedtls_arc4_context;
|
|||
* \brief Initialize ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be initialized
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
|
||||
|
||||
|
@ -61,6 +77,11 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
|
|||
* \brief Clear ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be cleared
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
|
||||
|
||||
|
@ -70,6 +91,11 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
|
|||
* \param ctx ARC4 context to be setup
|
||||
* \param key the secret key
|
||||
* \param keylen length of the key, in bytes
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
||||
unsigned int keylen );
|
||||
|
@ -83,6 +109,11 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
|||
* \param output buffer for the output data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
@ -103,6 +134,11 @@ extern "C" {
|
|||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file asn1.h
|
||||
*
|
||||
* \brief Generic ASN.1 parsing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -59,7 +60,7 @@
|
|||
|
||||
/**
|
||||
* \name DER constants
|
||||
* These constants comply with DER encoded the ANS1 type tags.
|
||||
* These constants comply with the DER encoded ASN.1 type tags.
|
||||
* DER encoding uses hexadecimal representation.
|
||||
* An example DER sequence is:\n
|
||||
* - 0x02 -- tag indicating INTEGER
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file asn1write.h
|
||||
*
|
||||
* \brief ASN.1 buffer writing functionality
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file base64.h
|
||||
*
|
||||
* \brief RFC 1521 base64 encoding/decoding
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/**
|
||||
* \file bignum.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -70,7 +71,7 @@
|
|||
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
|
||||
* ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
|
||||
*
|
||||
* Note: Calculations can results temporarily in larger MPIs. So the number
|
||||
* Note: Calculations can temporarily result in larger MPIs. So the number
|
||||
* of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
|
||||
*/
|
||||
#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
|
||||
|
@ -683,6 +684,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
*
|
||||
* \note The bytes obtained from the PRNG are interpreted
|
||||
* as a big-endian representation of an MPI; this can
|
||||
* be relevant in applications like deterministic ECDSA.
|
||||
*/
|
||||
int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file blowfish.h
|
||||
*
|
||||
* \brief Blowfish block cipher
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -40,6 +41,7 @@
|
|||
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/**
|
||||
* \file bn_mul.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file camellia.h
|
||||
*
|
||||
* \brief Camellia block cipher
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -37,6 +38,7 @@
|
|||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
|
|
|
@ -1,9 +1,19 @@
|
|||
/**
|
||||
* \file ccm.h
|
||||
*
|
||||
* \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
|
||||
* \brief CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Input to CCM includes the following elements:
|
||||
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
|
||||
* <li>Associated data (Adata) - data that is authenticated but not
|
||||
* encrypted, For example, a header.</li>
|
||||
* <li>Nonce - A unique value that is assigned to the payload and the
|
||||
* associated data.</li></ul>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,46 +28,54 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CCM_H
|
||||
#define MBEDTLS_CCM_H
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
|
||||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief CCM context structure
|
||||
* \brief The CCM context-type definition. The CCM context is passed
|
||||
* to the APIs called.
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
}
|
||||
mbedtls_ccm_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize CCM context (just makes references valid)
|
||||
* Makes the context ready for mbedtls_ccm_setkey() or
|
||||
* mbedtls_ccm_free().
|
||||
* \brief This function initializes the specified CCM context,
|
||||
* to make references valid, and prepare the context
|
||||
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
|
||||
*
|
||||
* \param ctx CCM context to initialize
|
||||
* \param ctx The CCM context to initialize.
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CCM initialization (encryption and decryption)
|
||||
* \brief This function initializes the CCM context set in the
|
||||
* \p ctx parameter and sets the encryption key.
|
||||
*
|
||||
* \param ctx CCM context to be initialized
|
||||
* \param cipher cipher to use (a 128-bit block cipher)
|
||||
* \param key encryption key
|
||||
* \param keybits key size in bits (must be acceptable by the cipher)
|
||||
* \param ctx The CCM context to initialize.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success, or a cipher-specific error code.
|
||||
*/
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -65,36 +83,37 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Free a CCM context and underlying cipher sub-context
|
||||
* \brief This function releases and clears the specified CCM context
|
||||
* and underlying cipher sub-context.
|
||||
*
|
||||
* \param ctx CCM context to free
|
||||
* \param ctx The CCM context to clear.
|
||||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CCM buffer encryption
|
||||
* \brief This function encrypts a buffer using CCM.
|
||||
*
|
||||
* \param ctx CCM context
|
||||
* \param length length of the input data in bytes
|
||||
* \param iv nonce (initialization vector)
|
||||
* \param iv_len length of IV in bytes
|
||||
* must be 2, 3, 4, 5, 6, 7 or 8
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data in bytes
|
||||
* must be less than 2^16 - 2^8
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* must be at least 'length' bytes wide
|
||||
* \param tag buffer for holding the tag
|
||||
* \param tag_len length of the tag to generate in bytes
|
||||
* must be 4, 6, 8, 10, 14 or 16
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
|
||||
* \param add The additional data field.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to generate in Bytes:
|
||||
* 4, 6, 8, 10, 14 or 16.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To get the tag
|
||||
* concatenated with the output as in the CCM spec, use
|
||||
* tag = output + length and make sure the output buffer is
|
||||
* at least length + tag_len wide.
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -103,21 +122,22 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief CCM buffer authenticated decryption
|
||||
* \brief This function performs a CCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \param ctx CCM context
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param tag buffer holding the tag
|
||||
* \param tag_len length of the tag
|
||||
* \param ctx The CCM context to use for decryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector.
|
||||
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
|
||||
* \param add The additional data field.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag in Bytes.
|
||||
*
|
||||
* \return 0 if successful and authenticated,
|
||||
* MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
*/
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -125,11 +145,23 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_CCM_ALT */
|
||||
#include "ccm_alt.h"
|
||||
#endif /* MBEDTLS_CCM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CCM checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ccm_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file certs.h
|
||||
*
|
||||
* \brief Sample certificates and DHM parameters for testing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file check_config.h
|
||||
*
|
||||
* \brief Consistency checks for configuration options
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
/**
|
||||
* \file cipher.h
|
||||
*
|
||||
* \brief Generic cipher wrapper.
|
||||
* \brief The generic cipher wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -20,7 +21,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CIPHER_H
|
||||
|
@ -51,21 +52,29 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
|
||||
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */
|
||||
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */
|
||||
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported ciphers.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_ID_NONE = 0,
|
||||
MBEDTLS_CIPHER_ID_NULL,
|
||||
|
@ -77,6 +86,13 @@ typedef enum {
|
|||
MBEDTLS_CIPHER_ID_ARC4,
|
||||
} mbedtls_cipher_id_t;
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported (cipher, mode) pairs.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_NONE = 0,
|
||||
MBEDTLS_CIPHER_NULL,
|
||||
|
@ -129,6 +145,7 @@ typedef enum {
|
|||
MBEDTLS_CIPHER_CAMELLIA_256_CCM,
|
||||
} mbedtls_cipher_type_t;
|
||||
|
||||
/** Supported cipher modes. */
|
||||
typedef enum {
|
||||
MBEDTLS_MODE_NONE = 0,
|
||||
MBEDTLS_MODE_ECB,
|
||||
|
@ -141,14 +158,16 @@ typedef enum {
|
|||
MBEDTLS_MODE_CCM,
|
||||
} mbedtls_cipher_mode_t;
|
||||
|
||||
/** Supported cipher padding types. */
|
||||
typedef enum {
|
||||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */
|
||||
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible!) */
|
||||
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only) */
|
||||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
|
||||
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */
|
||||
} mbedtls_cipher_padding_t;
|
||||
|
||||
/** Type of operation. */
|
||||
typedef enum {
|
||||
MBEDTLS_OPERATION_NONE = -1,
|
||||
MBEDTLS_DECRYPT = 0,
|
||||
|
@ -156,19 +175,19 @@ typedef enum {
|
|||
} mbedtls_operation_t;
|
||||
|
||||
enum {
|
||||
/** Undefined key length */
|
||||
/** Undefined key length. */
|
||||
MBEDTLS_KEY_LENGTH_NONE = 0,
|
||||
/** Key length, in bits (including parity), for DES keys */
|
||||
/** Key length, in bits (including parity), for DES keys. */
|
||||
MBEDTLS_KEY_LENGTH_DES = 64,
|
||||
/** Key length, in bits (including parity), for DES in two key EDE */
|
||||
/** Key length in bits, including parity, for DES in two-key EDE. */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
|
||||
/** Key length, in bits (including parity), for DES in three-key EDE */
|
||||
/** Key length in bits, including parity, for DES in three-key EDE. */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
|
||||
};
|
||||
|
||||
/** Maximum length of any IV, in bytes */
|
||||
/** Maximum length of any IV, in Bytes. */
|
||||
#define MBEDTLS_MAX_IV_LENGTH 16
|
||||
/** Maximum block size of any cipher, in bytes */
|
||||
/** Maximum block size of any cipher, in Bytes. */
|
||||
#define MBEDTLS_MAX_BLOCK_LENGTH 16
|
||||
|
||||
/**
|
||||
|
@ -182,33 +201,40 @@ typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
|
|||
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
||||
|
||||
/**
|
||||
* Cipher information. Allows cipher functions to be called in a generic way.
|
||||
* Cipher information. Allows calling cipher functions
|
||||
* in a generic way.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
|
||||
/** Full cipher identifier. For example,
|
||||
* MBEDTLS_CIPHER_AES_256_CBC.
|
||||
*/
|
||||
mbedtls_cipher_type_t type;
|
||||
|
||||
/** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
|
||||
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
|
||||
mbedtls_cipher_mode_t mode;
|
||||
|
||||
/** Cipher key length, in bits (default length for variable sized ciphers)
|
||||
* (Includes parity bits for ciphers like DES) */
|
||||
/** The cipher key length, in bits. This is the
|
||||
* default length for variable sized ciphers.
|
||||
* Includes parity bits for ciphers like DES.
|
||||
*/
|
||||
unsigned int key_bitlen;
|
||||
|
||||
/** Name of the cipher */
|
||||
/** Name of the cipher. */
|
||||
const char * name;
|
||||
|
||||
/** IV/NONCE size, in bytes.
|
||||
* For cipher that accept many sizes: recommended size */
|
||||
/** IV or nonce size, in Bytes.
|
||||
* For ciphers that accept variable IV sizes,
|
||||
* this is the recommended size.
|
||||
*/
|
||||
unsigned int iv_size;
|
||||
|
||||
/** Flags for variable IV size, variable key size, etc. */
|
||||
/** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */
|
||||
int flags;
|
||||
|
||||
/** block size, in bytes */
|
||||
/** The block size, in Bytes. */
|
||||
unsigned int block_size;
|
||||
|
||||
/** Base cipher information and functions */
|
||||
/** Struct for base cipher information and functions. */
|
||||
const mbedtls_cipher_base_t *base;
|
||||
|
||||
} mbedtls_cipher_info_t;
|
||||
|
@ -217,125 +243,133 @@ typedef struct {
|
|||
* Generic cipher context.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Information about the associated cipher */
|
||||
/** Information about the associated cipher. */
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
/** Key length to use */
|
||||
/** Key length to use. */
|
||||
int key_bitlen;
|
||||
|
||||
/** Operation that the context's key has been initialised for */
|
||||
/** Operation that the key of the context has been
|
||||
* initialized for.
|
||||
*/
|
||||
mbedtls_operation_t operation;
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/** Padding functions to use, if relevant for cipher mode */
|
||||
/** Padding functions to use, if relevant for
|
||||
* the specific cipher mode.
|
||||
*/
|
||||
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
|
||||
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
|
||||
#endif
|
||||
|
||||
/** Buffer for data that hasn't been encrypted yet */
|
||||
/** Buffer for input that has not been processed yet. */
|
||||
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
|
||||
|
||||
/** Number of bytes that still need processing */
|
||||
/** Number of Bytes that have not been processed yet. */
|
||||
size_t unprocessed_len;
|
||||
|
||||
/** Current IV or NONCE_COUNTER for CTR-mode */
|
||||
/** Current IV or NONCE_COUNTER for CTR-mode. */
|
||||
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
|
||||
|
||||
/** IV size in bytes (for ciphers with variable-length IVs) */
|
||||
/** IV size in Bytes, for ciphers with variable-length IVs. */
|
||||
size_t iv_size;
|
||||
|
||||
/** Cipher-specific context */
|
||||
/** The cipher-specific context. */
|
||||
void *cipher_ctx;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
/** CMAC Specific context */
|
||||
/** CMAC-specific context. */
|
||||
mbedtls_cmac_context_t *cmac_ctx;
|
||||
#endif
|
||||
} mbedtls_cipher_context_t;
|
||||
|
||||
/**
|
||||
* \brief Returns the list of ciphers supported by the generic cipher module.
|
||||
* \brief This function retrieves the list of ciphers supported by the generic
|
||||
* cipher module.
|
||||
*
|
||||
* \return a statically allocated array of ciphers, the last entry
|
||||
* is 0.
|
||||
* \return A statically-allocated array of ciphers. The last entry
|
||||
* is zero.
|
||||
*/
|
||||
const int *mbedtls_cipher_list( void );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher name.
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher name.
|
||||
*
|
||||
* \param cipher_name Name of the cipher to search for.
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_name, or NULL if not found.
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_name, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher type.
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher type.
|
||||
*
|
||||
* \param cipher_type Type of the cipher to search for.
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_type, or NULL if not found.
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_type, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher id, key size and mode.
|
||||
* \brief This function retrieves the cipher-information
|
||||
* structure associated with the given cipher ID,
|
||||
* key size and mode.
|
||||
*
|
||||
* \param cipher_id Id of the cipher to search for
|
||||
* (e.g. MBEDTLS_CIPHER_ID_AES)
|
||||
* \param key_bitlen Length of the key in bits
|
||||
* \param mode Cipher mode (e.g. MBEDTLS_MODE_CBC)
|
||||
* \param cipher_id The ID of the cipher to search for. For example,
|
||||
* #MBEDTLS_CIPHER_ID_AES.
|
||||
* \param key_bitlen The length of the key in bits.
|
||||
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_type, or NULL if not found.
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_id, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
const mbedtls_cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief Initialize a cipher_context (as NONE)
|
||||
* \brief This function initializes a \p cipher_context as NONE.
|
||||
*/
|
||||
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the cipher-specific context of ctx.
|
||||
* Freeing ctx itself remains the responsibility of the
|
||||
* caller.
|
||||
* \brief This function frees and clears the cipher-specific
|
||||
* context of \p ctx. Freeing \p ctx itself remains the
|
||||
* responsibility of the caller.
|
||||
*/
|
||||
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Initialises and fills the cipher context structure with
|
||||
* the appropriate values.
|
||||
* \brief This function initializes and fills the cipher-context
|
||||
* structure with the appropriate values. It also clears
|
||||
* the structure.
|
||||
*
|
||||
* \note Currently also clears structure. In future versions you
|
||||
* will be required to call mbedtls_cipher_init() on the structure
|
||||
* first.
|
||||
* \param ctx The context to initialize. May not be NULL.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \param ctx context to initialise. May not be NULL.
|
||||
* \param cipher_info cipher to use.
|
||||
*
|
||||
* \return 0 on success,
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
|
||||
* MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
|
||||
* #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context failed.
|
||||
*
|
||||
* \internal Currently, the function also clears the structure.
|
||||
* In future versions, the caller will be required to call
|
||||
* mbedtls_cipher_init() on the structure first.
|
||||
*/
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the block size of the given cipher.
|
||||
* \brief This function returns the block size of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return size of the cipher's blocks, or 0 if ctx has not been
|
||||
* initialised.
|
||||
* \return The size of the blocks of the cipher, or zero if \p ctx
|
||||
* has not been initialized.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -346,13 +380,13 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the mode of operation for the cipher.
|
||||
* (e.g. MBEDTLS_MODE_CBC)
|
||||
* \brief This function returns the mode of operation for
|
||||
* the cipher. For example, MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return mode of operation, or MBEDTLS_MODE_NONE if ctx
|
||||
* has not been initialised.
|
||||
* \return The mode of operation, or #MBEDTLS_MODE_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -363,13 +397,14 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the size of the cipher's IV/NONCE in bytes.
|
||||
* \brief This function returns the size of the IV or nonce
|
||||
* of the cipher, in Bytes.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return If IV has not been set yet: (recommended) IV size
|
||||
* (0 for ciphers not using IV/NONCE).
|
||||
* If IV has already been set: actual size.
|
||||
* \return <ul><li>If no IV has been set: the recommended IV size.
|
||||
* 0 for ciphers not using IV or nonce.</li>
|
||||
* <li>If IV has already been set: the actual size.</li></ul>
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -383,12 +418,12 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the type of the given cipher.
|
||||
* \brief This function returns the type of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
|
||||
* not been initialised.
|
||||
* \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -399,11 +434,13 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the name of the given cipher, as a string.
|
||||
* \brief This function returns the name of the given cipher
|
||||
* as a string.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return name of the cipher, or NULL if ctx was not initialised.
|
||||
* \return The name of the cipher, or NULL if \p ctx has not
|
||||
* been not initialized.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -414,13 +451,13 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the key length of the cipher.
|
||||
* \brief This function returns the key length of the cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return cipher's key length, in bits, or
|
||||
* MBEDTLS_KEY_LENGTH_NONE if ctx has not been
|
||||
* initialised.
|
||||
* \return The key length of the cipher in bits, or
|
||||
* #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* initialized.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -431,13 +468,13 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the operation of the given cipher.
|
||||
* \brief This function returns the operation of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
|
||||
* or MBEDTLS_OPERATION_NONE if ctx has not been
|
||||
* initialised.
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or
|
||||
* #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx
|
||||
* has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -448,18 +485,18 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Set the key to use with the given context.
|
||||
* \brief This function sets the key to use with the given context.
|
||||
*
|
||||
* \param ctx generic cipher context. May not be NULL. Must have been
|
||||
* initialised using cipher_context_from_type or
|
||||
* cipher_context_from_string.
|
||||
* \param ctx The generic cipher context. May not be NULL. Must have
|
||||
* been initialized using mbedtls_cipher_info_from_type()
|
||||
* or mbedtls_cipher_info_from_string().
|
||||
* \param key The key to use.
|
||||
* \param key_bitlen key length to use, in bits.
|
||||
* \param operation Operation that the key will be used for, either
|
||||
* MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
|
||||
* \param key_bitlen The key length to use, in bits.
|
||||
* \param operation The operation that the key will be used for:
|
||||
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails or a cipher specific
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails, or a cipher-specific
|
||||
* error code.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
|
@ -467,170 +504,176 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/**
|
||||
* \brief Set padding mode, for cipher modes that use padding.
|
||||
* (Default: PKCS7 padding.)
|
||||
* \brief This function sets the padding mode, for cipher modes
|
||||
* that use padding.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param mode padding mode
|
||||
* The default passing mode is PKCS7 padding.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if selected padding mode is not supported, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* \param ctx The generic cipher context.
|
||||
* \param mode The padding mode.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
/**
|
||||
* \brief Set the initialization vector (IV) or nonce
|
||||
* \brief This function sets the initialization vector (IV)
|
||||
* or nonce.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
* \returns 0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
*
|
||||
* \note Some ciphers don't use IVs nor NONCE. For these
|
||||
* ciphers, this function has no effect.
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len );
|
||||
|
||||
/**
|
||||
* \brief Finish preparation of the given context
|
||||
* \brief This function resets the cipher state.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param ctx The generic cipher context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
/**
|
||||
* \brief Add additional data (for AEAD ciphers).
|
||||
* Currently only supported with GCM.
|
||||
* Must be called exactly once, after mbedtls_cipher_reset().
|
||||
* \brief This function adds additional data for AEAD ciphers.
|
||||
* Only supported with GCM. Must be called
|
||||
* exactly once, after mbedtls_cipher_reset().
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param ad Additional data to use.
|
||||
* \param ad_len Length of ad.
|
||||
* \param ctx The generic cipher context.
|
||||
* \param ad The additional data to use.
|
||||
* \param ad_len the Length of \p ad.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len );
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
/**
|
||||
* \brief Generic cipher update function. Encrypts/decrypts
|
||||
* using the given cipher context. Writes as many block
|
||||
* size'd blocks of data as possible to output. Any data
|
||||
* that cannot be written immediately will either be added
|
||||
* to the next block, or flushed when cipher_final is
|
||||
* called.
|
||||
* Exception: for MBEDTLS_MODE_ECB, expects single block
|
||||
* in size (e.g. 16 bytes for AES)
|
||||
* \brief The generic cipher update function. It encrypts or
|
||||
* decrypts using the given cipher context. Writes as
|
||||
* many block-sized blocks of data as possible to output.
|
||||
* Any data that cannot be written immediately is either
|
||||
* added to the next block, or flushed when
|
||||
* mbedtls_cipher_finish() is called.
|
||||
* Exception: For MBEDTLS_MODE_ECB, expects a single block
|
||||
* in size. For example, 16 Bytes for AES.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data. Should be able to hold at
|
||||
* least ilen + block_size. Cannot be the same buffer as
|
||||
* input!
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param ctx The generic cipher context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. Must be able to hold at
|
||||
* least \p ilen + block_size. Must not be the same buffer
|
||||
* as input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher or a cipher specific
|
||||
* #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher, or a cipher-specific
|
||||
* error code.
|
||||
*
|
||||
* \note If the underlying cipher is GCM, all calls to this
|
||||
* function, except the last one before mbedtls_cipher_finish(),
|
||||
* must have ilen a multiple of the block size.
|
||||
* function, except the last one before
|
||||
* mbedtls_cipher_finish(). Must have \p ilen as a
|
||||
* multiple of the block_size.
|
||||
*/
|
||||
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen, unsigned char *output, size_t *olen );
|
||||
|
||||
/**
|
||||
* \brief Generic cipher finalisation function. If data still
|
||||
* needs to be flushed from an incomplete block, data
|
||||
* contained within it will be padded with the size of
|
||||
* the last block, and written to the output buffer.
|
||||
* \brief The generic cipher finalization function. If data still
|
||||
* needs to be flushed from an incomplete block, the data
|
||||
* contained in it is padded to the size of
|
||||
* the last block, and written to the \p output buffer.
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param output buffer to write data to. Needs block_size available.
|
||||
* \param olen length of the data written to the output buffer.
|
||||
* \param ctx The generic cipher context.
|
||||
* \param output The buffer to write data to. Needs block_size available.
|
||||
* \param olen The length of the data written to the \p output buffer.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one,
|
||||
* MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting or a cipher specific error code.
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code
|
||||
* on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
/**
|
||||
* \brief Write tag for AEAD ciphers.
|
||||
* Currently only supported with GCM.
|
||||
* \brief This function writes a tag for AEAD ciphers.
|
||||
* Only supported with GCM.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param tag buffer to write the tag
|
||||
* \param tag_len Length of the tag to write
|
||||
* \param ctx The generic cipher context.
|
||||
* \param tag The buffer to write the tag to.
|
||||
* \param tag_len The length of the tag to write.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Check tag for AEAD ciphers.
|
||||
* Currently only supported with GCM.
|
||||
* \brief This function checks the tag for AEAD ciphers.
|
||||
* Only supported with GCM.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param tag Buffer holding the tag
|
||||
* \param tag_len Length of the tag to check
|
||||
* \param ctx The generic cipher context.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to check.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
/**
|
||||
* \brief Generic all-in-one encryption/decryption
|
||||
* (for all ciphers except AEAD constructs).
|
||||
* \brief The generic all-in-one encryption/decryption function,
|
||||
* for all ciphers except AEAD constructs.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data. Should be able to hold at
|
||||
* least ilen + block_size. Cannot be the same buffer as
|
||||
* input!
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size
|
||||
* IV.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data. Must be able to hold at
|
||||
* least \p ilen + block_size. Must not be the same buffer
|
||||
* as input.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
*
|
||||
* \note Some ciphers don't use IVs nor NONCE. For these
|
||||
* ciphers, use iv = NULL and iv_len = 0.
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, use \p iv = NULL and \p iv_len = 0.
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one, or
|
||||
* MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or
|
||||
* a cipher specific error code.
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code on
|
||||
* failure for any other reason.
|
||||
*/
|
||||
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -639,26 +682,26 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
/**
|
||||
* \brief Generic autenticated encryption (AEAD ciphers).
|
||||
* \brief The generic autenticated encryption (AEAD) function.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param ad Additional data to authenticate.
|
||||
* \param ad_len Length of ad.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data.
|
||||
* Should be able to hold at least ilen.
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param tag buffer for the authentication tag
|
||||
* \param tag_len desired tag length
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to authenticate.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data.
|
||||
* Must be able to hold at least \p ilen.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* \param tag The buffer for the authentication tag.
|
||||
* \param tag_len The desired length of the authentication tag.
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* a cipher specific error code.
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* a cipher-specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -668,31 +711,31 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Generic autenticated decryption (AEAD ciphers).
|
||||
* \brief The generic autenticated decryption (AEAD) function.
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param ad Additional data to be authenticated.
|
||||
* \param ad_len Length of ad.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data.
|
||||
* Should be able to hold at least ilen.
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param tag buffer holding the authentication tag
|
||||
* \param tag_len length of the authentication tag
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
* \param ad The additional data to be authenticated.
|
||||
* \param ad_len The length of \p ad.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the output data.
|
||||
* Must be able to hold at least \p ilen.
|
||||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
* \param tag The buffer holding the authentication tag.
|
||||
* \param tag_len The length of the authentication tag.
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
|
||||
* or a cipher specific error code.
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic,
|
||||
* or a cipher-specific error code on failure for any other reason.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext to
|
||||
* be used by mistake, making this interface safer.
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*/
|
||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
* \brief Cipher wrappers.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
/**
|
||||
* \file cmac.h
|
||||
*
|
||||
* \brief Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication
|
||||
*
|
||||
* Copyright (C) 2015-2016, ARM Limited, All Rights Reserved
|
||||
* \brief The Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -19,8 +20,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
|
@ -30,106 +32,125 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_AES_BLOCK_SIZE 16
|
||||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT)
|
||||
|
||||
/**
|
||||
* CMAC context structure - Contains internal state information only
|
||||
* The CMAC context structure.
|
||||
*/
|
||||
struct mbedtls_cmac_context_t
|
||||
{
|
||||
/** Internal state of the CMAC algorithm */
|
||||
/** The internal state of the CMAC algorithm. */
|
||||
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Unprocessed data - either data that was not block aligned and is still
|
||||
* pending to be processed, or the final block */
|
||||
* pending processing, or the final block. */
|
||||
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Length of data pending to be processed */
|
||||
/** The length of data pending processing. */
|
||||
size_t unprocessed_len;
|
||||
};
|
||||
|
||||
/**
|
||||
* \brief Set the CMAC key and prepare to authenticate the input
|
||||
* data.
|
||||
* Should be called with an initialized cipher context.
|
||||
* \brief This function sets the CMAC key, and prepares to authenticate
|
||||
* the input data.
|
||||
* Must be called with an initialized cipher context.
|
||||
*
|
||||
* \param ctx Cipher context. This should be a cipher context,
|
||||
* initialized to be one of the following types:
|
||||
* MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
|
||||
* MBEDTLS_CIPHER_AES_256_ECB or
|
||||
* MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||
* \param key CMAC key
|
||||
* \param keybits length of the CMAC key in bits
|
||||
* (must be acceptable by the cipher)
|
||||
* \param ctx The cipher context used for the CMAC operation, initialized
|
||||
* as one of the following types:<ul>
|
||||
* <li>MBEDTLS_CIPHER_AES_128_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_AES_192_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_AES_256_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_DES_EDE3_ECB</li></ul>
|
||||
* \param key The CMAC key.
|
||||
* \param keybits The length of the CMAC key in bits.
|
||||
* Must be supported by the cipher.
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success, or a cipher-specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key, size_t keybits );
|
||||
|
||||
/**
|
||||
* \brief Generic CMAC process buffer.
|
||||
* Called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing CMAC
|
||||
* computation.
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* It is called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
|
||||
* Can be called repeatedly.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output CMAC.
|
||||
* Called after mbedtls_cipher_cmac_update().
|
||||
* Usually followed by mbedtls_cipher_cmac_reset(), then
|
||||
* mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free().
|
||||
* \brief This function finishes the CMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param output Generic CMAC checksum result
|
||||
* It is called after mbedtls_cipher_cmac_update().
|
||||
* It can be followed by mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param output The output buffer for the CMAC checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_cipher_cmac_finish() and before
|
||||
* mbedtls_cipher_cmac_update().
|
||||
* \brief This function prepares the authentication of another
|
||||
* message with the same key as the previous CMAC
|
||||
* operation.
|
||||
*
|
||||
* \param ctx CMAC context to be reset
|
||||
* It is called after mbedtls_cipher_cmac_finish()
|
||||
* and before mbedtls_cipher_cmac_update().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_CMAC( cmac key, input buffer )
|
||||
* \brief This function calculates the full generic CMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* \param cipher_info message digest info
|
||||
* \param key CMAC key
|
||||
* \param keylen length of the CMAC key in bits
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic CMAC-result
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* The CMAC result is calculated as
|
||||
* output = generic CMAC(cmac key, input buffer).
|
||||
*
|
||||
*
|
||||
* \param cipher_info The cipher information.
|
||||
* \param key The CMAC key.
|
||||
* \param keylen The length of the CMAC key in bits.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the generic CMAC result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
const unsigned char *key, size_t keylen,
|
||||
|
@ -138,27 +159,44 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
|||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief AES-CMAC-128-PRF
|
||||
* Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615
|
||||
* \brief This function implements the AES-CMAC-PRF-128 pseudorandom
|
||||
* function, as defined in
|
||||
* <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
|
||||
* Message Authentication Code-Pseudo-Random Function-128
|
||||
* (AES-CMAC-PRF-128) Algorithm for the Internet Key
|
||||
* Exchange Protocol (IKE).</em>
|
||||
*
|
||||
* \param key PRF key
|
||||
* \param key_len PRF key length in bytes
|
||||
* \param input buffer holding the input data
|
||||
* \param in_len length of the input data in bytes
|
||||
* \param output buffer holding the generated pseudorandom output (16 bytes)
|
||||
* \param key The key to use.
|
||||
* \param key_len The key length in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param in_len The length of the input data in Bytes.
|
||||
* \param output The buffer holding the generated 16 Bytes of
|
||||
* pseudorandom output.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char output[16] );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* !MBEDTLS_CMAC_ALT */
|
||||
#include "cmac_alt.h"
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CMAC checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_cmac_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
* for the PolarSSL naming conventions.
|
||||
*
|
||||
* \deprecated Use the new names directly instead
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -6,7 +6,8 @@
|
|||
* This set of compile-time options may be used to enable
|
||||
* or disable features selectively, and reduce the global
|
||||
* memory footprint.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -261,20 +262,32 @@
|
|||
*
|
||||
* Uncomment a macro to enable alternate implementation of the corresponding
|
||||
* module.
|
||||
*
|
||||
* \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
|
||||
* use constitutes a security risk. If possible, we recommend
|
||||
* avoiding dependencies on them, and considering stronger message
|
||||
* digests and ciphers instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_ALT
|
||||
//#define MBEDTLS_ARC4_ALT
|
||||
//#define MBEDTLS_BLOWFISH_ALT
|
||||
//#define MBEDTLS_CAMELLIA_ALT
|
||||
//#define MBEDTLS_CCM_ALT
|
||||
//#define MBEDTLS_CMAC_ALT
|
||||
//#define MBEDTLS_DES_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
//#define MBEDTLS_DHM_ALT
|
||||
//#define MBEDTLS_ECJPAKE_ALT
|
||||
//#define MBEDTLS_GCM_ALT
|
||||
//#define MBEDTLS_MD2_ALT
|
||||
//#define MBEDTLS_MD4_ALT
|
||||
//#define MBEDTLS_MD5_ALT
|
||||
//#define MBEDTLS_RIPEMD160_ALT
|
||||
//#define MBEDTLS_RSA_ALT
|
||||
//#define MBEDTLS_SHA1_ALT
|
||||
//#define MBEDTLS_SHA256_ALT
|
||||
//#define MBEDTLS_SHA512_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
/*
|
||||
* When replacing the elliptic curve module, pleace consider, that it is
|
||||
* implemented with two .c files:
|
||||
|
@ -314,6 +327,12 @@
|
|||
*
|
||||
* Uncomment a macro to enable alternate implementation of the corresponding
|
||||
* function.
|
||||
*
|
||||
* \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
|
||||
* constitutes a security risk. If possible, we recommend avoiding
|
||||
* dependencies on them, and considering stronger message digests
|
||||
* and ciphers instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD2_PROCESS_ALT
|
||||
//#define MBEDTLS_MD4_PROCESS_ALT
|
||||
|
@ -329,6 +348,11 @@
|
|||
//#define MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
//#define MBEDTLS_AES_ENCRYPT_ALT
|
||||
//#define MBEDTLS_AES_DECRYPT_ALT
|
||||
//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
|
||||
//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
|
||||
//#define MBEDTLS_ECDSA_VERIFY_ALT
|
||||
//#define MBEDTLS_ECDSA_SIGN_ALT
|
||||
//#define MBEDTLS_ECDSA_GENKEY_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_INTERNAL_ALT
|
||||
|
@ -513,6 +537,9 @@
|
|||
* MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
*
|
||||
* Uncomment this macro to enable weak ciphersuites
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
|
||||
|
||||
|
@ -618,6 +645,13 @@
|
|||
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
|
||||
|
@ -717,6 +751,13 @@
|
|||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
|
||||
|
@ -1155,6 +1196,13 @@
|
|||
* misuse/misunderstand.
|
||||
*
|
||||
* Comment this to disable support for renegotiation.
|
||||
*
|
||||
* \note Even if this option is disabled, both client and server are aware
|
||||
* of the Renegotiation Indication Extension (RFC 5746) used to
|
||||
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
|
||||
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
|
||||
* configuration of this extension).
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SSL_RENEGOTIATION
|
||||
|
||||
|
@ -1596,6 +1644,11 @@
|
|||
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. If possible, we recommend avoidng dependencies on
|
||||
* it, and considering stronger ciphers instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_ARC4_C
|
||||
|
||||
|
@ -1649,6 +1702,7 @@
|
|||
* library/ecp.c
|
||||
* library/ecdsa.c
|
||||
* library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
|
||||
|
@ -1821,6 +1875,9 @@
|
|||
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
#define MBEDTLS_DES_C
|
||||
|
||||
|
@ -1835,6 +1892,13 @@
|
|||
*
|
||||
* This module is used by the following key exchanges:
|
||||
* DHE-RSA, DHE-PSK
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_DHM_C
|
||||
|
||||
|
@ -2000,6 +2064,11 @@
|
|||
* Caller:
|
||||
*
|
||||
* Uncomment to enable support for (rare) MD2-signed X.509 certs.
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD2_C
|
||||
|
||||
|
@ -2012,6 +2081,11 @@
|
|||
* Caller:
|
||||
*
|
||||
* Uncomment to enable support for (rare) MD4-signed X.509 certs.
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD4_C
|
||||
|
||||
|
@ -2025,8 +2099,15 @@
|
|||
* library/pem.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for SSL/TLS and X.509.
|
||||
* PEM_PARSE uses MD5 for decrypting encrypted keys.
|
||||
* This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
|
||||
* depending on the handshake parameters. Further, it is used for checking
|
||||
* MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
|
||||
* encrypted keys.
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_MD5_C
|
||||
|
||||
|
@ -2262,6 +2343,7 @@
|
|||
* Enable the RSA public-key cryptosystem.
|
||||
*
|
||||
* Module: library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
* library/ssl_tls.c
|
||||
|
@ -2288,6 +2370,11 @@
|
|||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SHA1_C
|
||||
|
||||
|
@ -2676,8 +2763,13 @@
|
|||
* Allow SHA-1 in the default TLS configuration for certificate signing.
|
||||
* Without this build-time option, SHA-1 support must be activated explicitly
|
||||
* through mbedtls_ssl_conf_cert_profile. Turning on this option is not
|
||||
* recommended because of it is possible to generte SHA-1 collisions, however
|
||||
* recommended because of it is possible to generate SHA-1 collisions, however
|
||||
* this may be safe for legacy infrastructure where additional controls apply.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||
|
||||
|
@ -2688,7 +2780,13 @@
|
|||
* The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
|
||||
* default. At the time of writing, there is no practical attack on the use
|
||||
* of SHA-1 in handshake signatures, hence this option is turned on by default
|
||||
* for compatibility with existing peers.
|
||||
* to preserve compatibility with existing peers, but the general
|
||||
* warning applies nonetheless:
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
/**
|
||||
* \file ctr_drbg.h
|
||||
*
|
||||
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
|
||||
* \brief CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A:
|
||||
* Recommendation for Random Number Generation Using Deterministic
|
||||
* Random Bit Generators</em>.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,8 +22,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CTR_DRBG_H
|
||||
#define MBEDTLS_CTR_DRBG_H
|
||||
|
||||
|
@ -30,78 +35,95 @@
|
|||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< The requested random buffer length is too big. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< The input (entropy + additional data) is too large. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */
|
||||
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
|
||||
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
/**< The seed length (counter + AES key) */
|
||||
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
|
||||
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
|
||||
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* Either change them in config.h or define them using the compiler command
|
||||
* line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
|
||||
/**< The amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#else
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
|
||||
/**< Amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
|
||||
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
|
||||
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
|
||||
/**< The interval before reseed is performed by default. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
|
||||
/**< The maximum number of additional input Bytes. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
|
||||
/**< The maximum number of requested Bytes per call. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
|
||||
/**< The maximum size of seed or reseed buffer. */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
|
||||
#define MBEDTLS_CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0
|
||||
/**< Prediction resistance is disabled. */
|
||||
#define MBEDTLS_CTR_DRBG_PR_ON 1
|
||||
/**< Prediction resistance is enabled. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG context structure
|
||||
* \brief The CTR_DRBG context structure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char counter[16]; /*!< counter (V) */
|
||||
int reseed_counter; /*!< reseed counter */
|
||||
int prediction_resistance; /*!< enable prediction resistance (Automatic
|
||||
reseed before every random generation) */
|
||||
size_t entropy_len; /*!< amount of entropy grabbed on each
|
||||
(re)seed */
|
||||
int reseed_interval; /*!< reseed interval */
|
||||
unsigned char counter[16]; /*!< The counter (V). */
|
||||
int reseed_counter; /*!< The reseed counter. */
|
||||
int prediction_resistance; /*!< This determines whether prediction
|
||||
resistance is enabled, that is
|
||||
whether to systematically reseed before
|
||||
each random generation. */
|
||||
size_t entropy_len; /*!< The amount of entropy grabbed on each
|
||||
seed or reseed operation. */
|
||||
int reseed_interval; /*!< The reseed interval. */
|
||||
|
||||
mbedtls_aes_context aes_ctx; /*!< AES context */
|
||||
mbedtls_aes_context aes_ctx; /*!< The AES context. */
|
||||
|
||||
/*
|
||||
* Callbacks (Entropy)
|
||||
*/
|
||||
int (*f_entropy)(void *, unsigned char *, size_t);
|
||||
/*!< The entropy callback function. */
|
||||
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
void *p_entropy; /*!< The context for the entropy function. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
|
@ -110,31 +132,32 @@ typedef struct
|
|||
mbedtls_ctr_drbg_context;
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG context initialization
|
||||
* Makes the context ready for mbedtls_ctr_drbg_seed() or
|
||||
* mbedtls_ctr_drbg_free().
|
||||
* \brief This function initializes the CTR_DRBG context,
|
||||
* and prepares it for mbedtls_ctr_drbg_seed()
|
||||
* or mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be initialized
|
||||
* \param ctx The CTR_DRBG context to initialize.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG initial seeding
|
||||
* Seed and setup entropy source for future reseeds.
|
||||
* \brief This function seeds and sets up the CTR_DRBG
|
||||
* entropy source for future reseeds.
|
||||
*
|
||||
* Note: Personalization data can be provided in addition to the more generic
|
||||
* entropy source to make this instantiation as unique as possible.
|
||||
* \note Personalization data can be provided in addition to the more generic
|
||||
* entropy source, to make this instantiation as unique as possible.
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be seeded
|
||||
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
|
||||
* length)
|
||||
* \param p_entropy Entropy context
|
||||
* \param custom Personalization data (Device specific identifiers)
|
||||
* (Can be NULL)
|
||||
* \param len Length of personalization data
|
||||
* \param ctx The CTR_DRBG context to seed.
|
||||
* \param f_entropy The entropy callback, taking as arguments the
|
||||
* \p p_entropy context, the buffer to fill, and the
|
||||
length of the buffer.
|
||||
* \param p_entropy The entropy context.
|
||||
* \param custom Personalization data, that is device-specific
|
||||
identifiers. Can be NULL.
|
||||
* \param len The length of the personalization data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
|
@ -143,138 +166,147 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
|||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Clear CTR_CRBG context data
|
||||
* \brief This function clears CTR_CRBG context data.
|
||||
*
|
||||
* \param ctx CTR_DRBG context to clear
|
||||
* \param ctx The CTR_DRBG context to clear.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Enable / disable prediction resistance (Default: Off)
|
||||
* \brief This function turns prediction resistance on or off.
|
||||
* The default value is off.
|
||||
*
|
||||
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
|
||||
* Only use this if you have ample supply of good entropy!
|
||||
* \note If enabled, entropy is gathered at the beginning of
|
||||
* every call to mbedtls_ctr_drbg_random_with_add().
|
||||
* Only use this if your entropy source has sufficient
|
||||
* throughput.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param resistance MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
|
||||
int resistance );
|
||||
|
||||
/**
|
||||
* \brief Set the amount of entropy grabbed on each (re)seed
|
||||
* (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
|
||||
* \brief This function sets the amount of entropy grabbed on each
|
||||
* seed or reseed. The default value is
|
||||
* #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param len Amount of entropy to grab
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param len The amount of entropy to grab.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Set the reseed interval
|
||||
* (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
|
||||
* \brief This function sets the reseed interval.
|
||||
* The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param interval Reseed interval
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param interval The reseed interval.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
||||
int interval );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG reseeding (extracts data from entropy source)
|
||||
* \brief This function reseeds the CTR_DRBG context, that is
|
||||
* extracts data from the entropy source.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to add to state (Can be NULL)
|
||||
* \param len Length of additional data
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional Additional data to add to the state. Can be NULL.
|
||||
* \param len The length of the additional data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG update state
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to update state with
|
||||
* \param add_len Length of additional data
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
*
|
||||
* \note If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
|
||||
* only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
|
||||
* the remaining ones are silently discarded.
|
||||
* \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
|
||||
* only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random with additional update input
|
||||
* \brief This function updates a CTR_DRBG instance with additional
|
||||
* data and uses it to generate random data.
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param additional Additional data to update with (Can be NULL)
|
||||
* \param add_len Length of additional data
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
* \param additional Additional data to update. Can be NULL.
|
||||
* \param add_len The length of the additional data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random
|
||||
* \brief This function uses CTR_DRBG to generate random data.
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||
unsigned char *output, size_t output_len );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
* \brief This function writes a seed file.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param path Name of the file
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance
|
||||
* \brief This function reads and updates a seed file. The seed
|
||||
* is added to this instance.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param path Name of the file
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CTR_DRBG checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file debug.h
|
||||
*
|
||||
* \brief Functions for controlling and providing debug output from the library.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
*
|
||||
* \brief DES block cipher
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -19,6 +24,7 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_DES_H
|
||||
#define MBEDTLS_DES_H
|
||||
|
@ -36,6 +42,7 @@
|
|||
#define MBEDTLS_DES_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
||||
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_DES_KEY_SIZE 8
|
||||
|
||||
|
@ -49,6 +56,10 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* \brief DES context structure
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -69,6 +80,10 @@ mbedtls_des3_context;
|
|||
* \brief Initialize DES context
|
||||
*
|
||||
* \param ctx DES context to be initialized
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_init( mbedtls_des_context *ctx );
|
||||
|
||||
|
@ -76,6 +91,10 @@ void mbedtls_des_init( mbedtls_des_context *ctx );
|
|||
* \brief Clear DES context
|
||||
*
|
||||
* \param ctx DES context to be cleared
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_free( mbedtls_des_context *ctx );
|
||||
|
||||
|
@ -100,6 +119,10 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
|||
* a parity bit to allow verification.
|
||||
*
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
|
@ -112,6 +135,10 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 is parity was ok, 1 if parity was not correct.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
|
@ -121,6 +148,10 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
|
|||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 if no weak key was found, 1 if a weak key was identified.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
|
@ -131,6 +162,10 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
|
@ -141,6 +176,10 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
|
|||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
|
@ -196,6 +235,10 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
|||
* \param output 64-bit output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||
const unsigned char input[8],
|
||||
|
@ -219,6 +262,10 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
||||
int mode,
|
||||
|
@ -277,6 +324,10 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
*
|
||||
* \param SK Round keys
|
||||
* \param key Base key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_setkey( uint32_t SK[32],
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,9 +1,18 @@
|
|||
/**
|
||||
* \file ecdh.h
|
||||
*
|
||||
* \brief Elliptic curve Diffie-Hellman
|
||||
* \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* ECDH is an anonymous key agreement protocol allowing two parties to
|
||||
* establish a shared secret over an insecure channel. Each party must have an
|
||||
* elliptic-curve public–private key pair.
|
||||
*
|
||||
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
|
||||
* Pair-Wise Key Establishment Schemes Using Discrete Logarithm
|
||||
* Cryptography</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,8 +27,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDH_H
|
||||
#define MBEDTLS_ECDH_H
|
||||
|
||||
|
@ -30,7 +40,9 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* When importing from an EC key, select if it is our key or the peer's key
|
||||
* Defines the source of the imported EC key:
|
||||
* <ul><li>Our key.</li>
|
||||
* <li>The key of the peer.</li></ul>
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
|
@ -39,56 +51,67 @@ typedef enum
|
|||
} mbedtls_ecdh_side;
|
||||
|
||||
/**
|
||||
* \brief ECDH context structure
|
||||
* \brief The ECDH context structure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_ecp_group grp; /*!< elliptic curve used */
|
||||
mbedtls_mpi d; /*!< our secret value (private key) */
|
||||
mbedtls_ecp_point Q; /*!< our public value (public key) */
|
||||
mbedtls_ecp_point Qp; /*!< peer's public value (public key) */
|
||||
mbedtls_mpi z; /*!< shared secret */
|
||||
int point_format; /*!< format for point export in TLS messages */
|
||||
mbedtls_ecp_point Vi; /*!< blinding value (for later) */
|
||||
mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */
|
||||
mbedtls_mpi _d; /*!< previous d (for later) */
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
||||
mbedtls_mpi z; /*!< The shared secret. */
|
||||
int point_format; /*!< The format of point export in TLS messages. */
|
||||
mbedtls_ecp_point Vi; /*!< The blinding value. */
|
||||
mbedtls_ecp_point Vf; /*!< The unblinding value. */
|
||||
mbedtls_mpi _d; /*!< The previous \p d. */
|
||||
}
|
||||
mbedtls_ecdh_context;
|
||||
|
||||
/**
|
||||
* \brief Generate a public key.
|
||||
* Raw function that only does the core computation.
|
||||
* \brief This function generates an ECDH keypair on an elliptic
|
||||
* curve.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param d Destination MPI (secret exponent, aka private key)
|
||||
* \param Q Destination point (public key)
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This function performs the first of two core computations
|
||||
* implemented during the ECDH key exchange. The second core
|
||||
* computation is performed by mbedtls_ecdh_compute_shared().
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \param grp The ECP group.
|
||||
* \param d The destination MPI (private key).
|
||||
* \param Q The destination point (public key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Compute shared secret
|
||||
* Raw function that only does the core computation.
|
||||
* \brief This function computes the shared secret.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param z Destination MPI (shared secret)
|
||||
* \param Q Public key from other party
|
||||
* \param d Our secret exponent (private key)
|
||||
* \param f_rng RNG function (see notes)
|
||||
* \param p_rng RNG parameter
|
||||
* This function performs the second of two core computations
|
||||
* implemented during the ECDH key exchange. The first core
|
||||
* computation is performed by mbedtls_ecdh_gen_public().
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \param grp The ECP group.
|
||||
* \param z The destination MPI (shared secret).
|
||||
* \param Q The public key from another party.
|
||||
* \param d Our secret exponent (private key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note If f_rng is not NULL, it is used to implement
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against potential elaborate timing
|
||||
* attacks, see \c mbedtls_ecp_mul() for details.
|
||||
* attacks. For more information, see mbedtls_ecp_mul().
|
||||
*/
|
||||
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
|
@ -96,34 +119,41 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Initialize context
|
||||
* \brief This function initializes an ECDH context.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
* \param ctx The ECDH context to initialize.
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free context
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx Context to free
|
||||
* \param ctx The context to free.
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate a public key and a TLS ServerKeyExchange payload.
|
||||
* (First function used by a TLS server for ECDHE.)
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ServerKeyExchange payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of chars written
|
||||
* \param buf destination buffer
|
||||
* \param blen length of buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \note This function assumes that ctx->grp has already been
|
||||
* properly set (for example using mbedtls_ecp_group_load).
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
@ -131,45 +161,63 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Parse and procress a TLS ServerKeyExhange payload.
|
||||
* (First function used by a TLS client for ECDHE.)
|
||||
* \brief This function parses and processes a TLS ServerKeyExhange
|
||||
* payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param buf pointer to start of input buffer
|
||||
* \param end one past end of buffer
|
||||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief Setup an ECDH context from an EC key.
|
||||
* (Used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH: import ECDH parameters
|
||||
* from a certificate's EC key information.)
|
||||
* \brief This function sets up an ECDH context from an EC key.
|
||||
*
|
||||
* \param ctx ECDH constext to set
|
||||
* \param key EC key to use
|
||||
* \param side Is it our key (1) or the peer's key (0) ?
|
||||
* It is used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key:
|
||||
* <ul><li>1: Our key.</li>
|
||||
<li>0: The key of the peer.</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
|
||||
/**
|
||||
* \brief Generate a public key and a TLS ClientKeyExchange payload.
|
||||
* (Second function used by a TLS client for ECDH(E).)
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ClientKeyExchange payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of bytes actually written
|
||||
* \param buf destination buffer
|
||||
* \param blen size of destination buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
@ -177,30 +225,45 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Parse and process a TLS ClientKeyExchange payload.
|
||||
* (Second function used by a TLS server for ECDH(E).)
|
||||
* \brief This function parses and processes a TLS ClientKeyExchange
|
||||
* payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param buf start of input buffer
|
||||
* \param blen length of input buffer
|
||||
* This is the second function used by a TLS server for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief Derive and export the shared secret.
|
||||
* (Last function used by both TLS client en servers.)
|
||||
* \brief This function derives and exports the shared secret.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of bytes written
|
||||
* \param buf destination buffer
|
||||
* \param blen buffer length
|
||||
* \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared()
|
||||
* \param p_rng RNG parameter
|
||||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against potential elaborate timing
|
||||
* attacks. For more information, see mbedtls_ecp_mul().
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
/**
|
||||
* \file ecdsa.h
|
||||
*
|
||||
* \brief Elliptic curve DSA
|
||||
* \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* SEC1 Elliptic Curve Cryptography</em>.
|
||||
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
|
||||
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,8 +25,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDSA_H
|
||||
#define MBEDTLS_ECDSA_H
|
||||
|
||||
|
@ -27,7 +35,7 @@
|
|||
#include "md.h"
|
||||
|
||||
/*
|
||||
* RFC 4492 page 20:
|
||||
* RFC-4492 page 20:
|
||||
*
|
||||
* Ecdsa-Sig-Value ::= SEQUENCE {
|
||||
* r INTEGER,
|
||||
|
@ -43,11 +51,11 @@
|
|||
#if MBEDTLS_ECP_MAX_BYTES > 124
|
||||
#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
|
||||
#endif
|
||||
/** Maximum size of an ECDSA signature in bytes */
|
||||
/** The maximal size of an ECDSA signature in Bytes. */
|
||||
#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
|
||||
|
||||
/**
|
||||
* \brief ECDSA context structure
|
||||
* \brief The ECDSA context structure.
|
||||
*/
|
||||
typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
|
||||
|
||||
|
@ -56,25 +64,30 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Compute ECDSA signature of a previously hashed message
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note The deterministic version is usually prefered.
|
||||
* \note The deterministic version is usually preferred.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param r First output integer
|
||||
* \param s Second output integer
|
||||
* \param d Private signing key
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
|
||||
* or \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -82,23 +95,31 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/**
|
||||
* \brief Compute ECDSA signature of a previously hashed message,
|
||||
* deterministic version (RFC 6979).
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message, deterministic version.
|
||||
* For more information, see <em>RFC-6979: Deterministic
|
||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param r First output integer
|
||||
* \param s Second output integer
|
||||
* \param d Private signing key
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param md_alg MD algorithm used to hash the message
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -106,55 +127,73 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief Verify ECDSA signature of a previously hashed message
|
||||
* \brief This function verifies the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param Q Public key to use for verification
|
||||
* \param r First integer of the signature
|
||||
* \param s Second integer of the signature
|
||||
* \param grp The ECP group.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param Q The public key to use for verification.
|
||||
* \param r The first integer of the signature.
|
||||
* \param s The second integer of the signature.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.4 step 3.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
|
||||
|
||||
/**
|
||||
* \brief Compute ECDSA signature and write it to buffer,
|
||||
* serialized as defined in RFC 4492 page 20.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
* to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* \note The deterministic version (RFC 6979) is used if
|
||||
* MBEDTLS_ECDSA_DETERMINISTIC is defined.
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param md_alg Algorithm that was used to hash the message
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
* \param slen Length of the signature written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \note The deterministic version is used if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
|
||||
* information, see <em>RFC-6979: Deterministic Usage
|
||||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note The "sig" buffer must be at least as large as twice the
|
||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||
* MBEDTLS_ERR_ASN1_XXX error code
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -170,31 +209,43 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Compute ECDSA signature and write it to buffer,
|
||||
* serialized as defined in RFC 4492 page 20.
|
||||
* Deterministic version, RFC 6979.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
* \brief This function computes an ECDSA signature and writes it to a buffer,
|
||||
* serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
|
||||
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA) and
|
||||
* Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
* \param slen Length of the signature written
|
||||
* \param md_alg MD algorithm used to hash the message
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The Message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note The "sig" buffer must be at least as large as twice the
|
||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if a
|
||||
* 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||
* MBEDTLS_ERR_ASN1_XXX error code
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -205,63 +256,74 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief Read and verify an ECDSA signature
|
||||
* \brief This function reads and verifies an ECDSA signature.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Size of hash
|
||||
* \param sig Signature to read and verify
|
||||
* \param slen Size of sig
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.4 step 3.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than siglen,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than \p siglen,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
const unsigned char *sig, size_t slen );
|
||||
|
||||
/**
|
||||
* \brief Generate an ECDSA keypair on the given curve
|
||||
* \brief This function generates an ECDSA keypair on the given curve.
|
||||
*
|
||||
* \param ctx ECDSA context in which the keypair should be stored
|
||||
* \param gid Group (elliptic curve) to use. One of the various
|
||||
* MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Set an ECDSA context from an EC key pair
|
||||
* \brief This function sets an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \param ctx ECDSA context to set
|
||||
* \param key EC key to use
|
||||
* \param ctx The ECDSA context to set.
|
||||
* \param key The EC key to use.
|
||||
*
|
||||
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief Initialize context
|
||||
* \brief This function initializes an ECDSA context.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
* \param ctx The ECDSA context to initialize.
|
||||
*/
|
||||
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free context
|
||||
* \brief This function frees an ECDSA context.
|
||||
*
|
||||
* \param ctx Context to free
|
||||
* \param ctx The ECDSA context to free.
|
||||
*/
|
||||
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ecjpake.h
|
||||
*
|
||||
* \brief Elliptic curve J-PAKE
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -43,6 +44,8 @@
|
|||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -222,17 +225,31 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
|||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_ECJPAKE_ALT */
|
||||
#include "ecjpake_alt.h"
|
||||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_ecjpake_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* ecjpake.h */
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ecp.h
|
||||
*
|
||||
* \brief Elliptic curves over GF(p)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -36,6 +37,7 @@
|
|||
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
|
||||
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
|
||||
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
|
||||
#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ECP_ALT)
|
||||
/*
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
*
|
||||
* \brief Function declarations for alternative implementation of elliptic curve
|
||||
* point arithmetic.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file entropy.h
|
||||
*
|
||||
* \brief Entropy accumulator implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -121,6 +122,7 @@ mbedtls_entropy_source_state;
|
|||
*/
|
||||
typedef struct
|
||||
{
|
||||
int accumulator_started;
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_context accumulator;
|
||||
#else
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file entropy_poll.h
|
||||
*
|
||||
* \brief Platform-specific and custom entropy polling functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file error.h
|
||||
*
|
||||
* \brief Error to string translation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -49,23 +50,32 @@
|
|||
*
|
||||
* Module Nr Codes assigned
|
||||
* MPI 7 0x0002-0x0010
|
||||
* GCM 2 0x0012-0x0014
|
||||
* BLOWFISH 2 0x0016-0x0018
|
||||
* GCM 3 0x0012-0x0014 0x0013-0x0013
|
||||
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
|
||||
* THREADING 3 0x001A-0x001E
|
||||
* AES 2 0x0020-0x0022
|
||||
* CAMELLIA 2 0x0024-0x0026
|
||||
* XTEA 1 0x0028-0x0028
|
||||
* AES 4 0x0020-0x0022 0x0023-0x0025
|
||||
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
|
||||
* XTEA 2 0x0028-0x0028 0x0029-0x0029
|
||||
* BASE64 2 0x002A-0x002C
|
||||
* OID 1 0x002E-0x002E 0x000B-0x000B
|
||||
* PADLOCK 1 0x0030-0x0030
|
||||
* DES 1 0x0032-0x0032
|
||||
* DES 2 0x0032-0x0032 0x0033-0x0033
|
||||
* CTR_DBRG 4 0x0034-0x003A
|
||||
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F
|
||||
* NET 11 0x0042-0x0052 0x0043-0x0045
|
||||
* ASN1 7 0x0060-0x006C
|
||||
* CMAC 1 0x007A-0x007A
|
||||
* PBKDF2 1 0x007C-0x007C
|
||||
* HMAC_DRBG 4 0x0003-0x0009
|
||||
* CCM 2 0x000D-0x000F
|
||||
* HMAC_DRBG 4 0x0003-0x0009
|
||||
* CCM 3 0x000D-0x0011
|
||||
* ARC4 1 0x0019-0x0019
|
||||
* MD2 1 0x002B-0x002B
|
||||
* MD4 1 0x002D-0x002D
|
||||
* MD5 1 0x002F-0x002F
|
||||
* RIPEMD160 1 0x0031-0x0031
|
||||
* SHA1 1 0x0035-0x0035
|
||||
* SHA256 1 0x0037-0x0037
|
||||
* SHA512 1 0x0039-0x0039
|
||||
*
|
||||
* High-level module nr (3 bits - 0x0...-0x7...)
|
||||
* Name ID Nr of Errors
|
||||
|
@ -73,12 +83,12 @@
|
|||
* PKCS#12 1 4 (Started from top)
|
||||
* X509 2 20
|
||||
* PKCS5 2 4 (Started from top)
|
||||
* DHM 3 9
|
||||
* PK 3 14 (Started from top)
|
||||
* RSA 4 9
|
||||
* ECP 4 8 (Started from top)
|
||||
* MD 5 4
|
||||
* CIPHER 6 6
|
||||
* DHM 3 11
|
||||
* PK 3 15 (Started from top)
|
||||
* RSA 4 11
|
||||
* ECP 4 9 (Started from top)
|
||||
* MD 5 5
|
||||
* CIPHER 6 8
|
||||
* SSL 6 17 (Started from top)
|
||||
* SSL 7 31
|
||||
*
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
/**
|
||||
* \file gcm.h
|
||||
*
|
||||
* \brief Galois/Counter mode for 128-bit block ciphers
|
||||
* \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
|
||||
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,8 +25,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_GCM_H
|
||||
#define MBEDTLS_GCM_H
|
||||
|
||||
|
@ -31,46 +39,59 @@
|
|||
#define MBEDTLS_GCM_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief GCM context structure
|
||||
* \brief The GCM context structure.
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
|
||||
uint64_t HL[16]; /*!< Precalculated HTable */
|
||||
uint64_t HH[16]; /*!< Precalculated HTable */
|
||||
uint64_t len; /*!< Total data length */
|
||||
uint64_t add_len; /*!< Total add length */
|
||||
unsigned char base_ectr[16];/*!< First ECTR for tag */
|
||||
unsigned char y[16]; /*!< Y working value */
|
||||
unsigned char buf[16]; /*!< buf working value */
|
||||
int mode; /*!< Encrypt or Decrypt */
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
uint64_t HL[16]; /*!< Precalculated HTable low. */
|
||||
uint64_t HH[16]; /*!< Precalculated HTable high. */
|
||||
uint64_t len; /*!< The total length of the encrypted data. */
|
||||
uint64_t add_len; /*!< The total length of the additional data. */
|
||||
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
|
||||
unsigned char y[16]; /*!< The Y working value. */
|
||||
unsigned char buf[16]; /*!< The buf working value. */
|
||||
int mode; /*!< The operation to perform:
|
||||
#MBEDTLS_GCM_ENCRYPT or
|
||||
#MBEDTLS_GCM_DECRYPT. */
|
||||
}
|
||||
mbedtls_gcm_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize GCM context (just makes references valid)
|
||||
* Makes the context ready for mbedtls_gcm_setkey() or
|
||||
* mbedtls_gcm_free().
|
||||
* \brief This function initializes the specified GCM context,
|
||||
* to make references valid, and prepares the context
|
||||
* for mbedtls_gcm_setkey() or mbedtls_gcm_free().
|
||||
*
|
||||
* \param ctx GCM context to initialize
|
||||
* The function does not bind the GCM context to a particular
|
||||
* cipher, nor set the key. For this purpose, use
|
||||
* mbedtls_gcm_setkey().
|
||||
*
|
||||
* \param ctx The GCM context to initialize.
|
||||
*/
|
||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief GCM initialization (encryption)
|
||||
* \brief This function associates a GCM context with a
|
||||
* cipher algorithm and a key.
|
||||
*
|
||||
* \param ctx GCM context to be initialized
|
||||
* \param cipher cipher to use (a 128-bit block cipher)
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The GCM context to initialize.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success, or a cipher specific error code.
|
||||
*/
|
||||
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -78,26 +99,27 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief GCM buffer encryption/decryption using a block cipher
|
||||
* \brief This function performs GCM encryption or decryption of a buffer.
|
||||
*
|
||||
* \note On encryption, the output buffer can be the same as the input buffer.
|
||||
* On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* \note For encryption, the output buffer can be the same as the input buffer.
|
||||
* For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param tag_len length of the tag to generate
|
||||
* \param tag buffer for holding the tag
|
||||
* \param ctx The GCM context to use for encryption or decryption.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
* \param tag_len The length of the tag to generate.
|
||||
* \param tag The buffer for holding the tag.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
|
@ -112,25 +134,26 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
unsigned char *tag );
|
||||
|
||||
/**
|
||||
* \brief GCM buffer authenticated decryption using a block cipher
|
||||
* \brief This function performs a GCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param tag buffer holding the tag
|
||||
* \param tag_len length of the tag
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return 0 if successful and authenticated,
|
||||
* MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -144,16 +167,18 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM stream start function
|
||||
* \brief This function starts a GCM encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data (or NULL if length is 0)
|
||||
* \param add_len length of additional data
|
||||
* \param ctx The GCM context.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or NULL if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0, \p add is NULL.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
|
@ -163,21 +188,23 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM update function. Encrypts/decrypts using the
|
||||
* given GCM context. Expects input to be a multiple of 16
|
||||
* bytes! Only the last call before mbedtls_gcm_finish() can be less
|
||||
* than 16 bytes!
|
||||
* \brief This function feeds an input buffer into an ongoing GCM
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* \note On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* ` The function expects input to be a multiple of 16
|
||||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param length length of the input data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -185,31 +212,46 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM finalisation function. Wraps up the GCM stream
|
||||
* and generates the tag. The tag can have a maximum length of
|
||||
* 16 bytes.
|
||||
* \brief This function finishes the GCM operation and generates
|
||||
* the authentication tag.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param tag buffer for holding the tag
|
||||
* \param tag_len length of the tag to generate (must be at least 4)
|
||||
* It wraps up the GCM stream, and generates the
|
||||
* tag. The tag can have a maximum length of 16 Bytes.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
* \param ctx The GCM context.
|
||||
* \param tag The buffer for holding the tag.
|
||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Free a GCM context and underlying cipher sub-context
|
||||
* \brief This function clears a GCM context and the underlying
|
||||
* cipher sub-context.
|
||||
*
|
||||
* \param ctx GCM context to free
|
||||
* \param ctx The GCM context to clear.
|
||||
*/
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* !MBEDTLS_GCM_ALT */
|
||||
#include "gcm_alt.h"
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The GCM checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_gcm_self_test( int verbose );
|
||||
|
||||
|
@ -217,4 +259,5 @@ int mbedtls_gcm_self_test( int verbose );
|
|||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* gcm.h */
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file havege.h
|
||||
*
|
||||
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file hmac_drbg.h
|
||||
*
|
||||
* \brief HMAC_DRBG (NIST SP 800-90A)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
/**
|
||||
/**
|
||||
* \file md.h
|
||||
*
|
||||
* \brief Generic message digest wrapper
|
||||
* \brief The generic message-digest wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -20,22 +21,38 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_MD_H
|
||||
#define MBEDTLS_MD_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
|
||||
#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Enumeration of supported message digests
|
||||
*
|
||||
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
|
||||
* their use constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_MD_NONE=0,
|
||||
MBEDTLS_MD_MD2,
|
||||
|
@ -56,65 +73,79 @@ typedef enum {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* Opaque struct defined in md_internal.h
|
||||
* Opaque struct defined in md_internal.h.
|
||||
*/
|
||||
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
|
||||
|
||||
/**
|
||||
* Generic message digest context.
|
||||
* The generic message-digest context.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Information about the associated message digest */
|
||||
/** Information about the associated message digest. */
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
/** Digest-specific context */
|
||||
/** The digest-specific context. */
|
||||
void *md_ctx;
|
||||
|
||||
/** HMAC part of the context */
|
||||
/** The HMAC part of the context. */
|
||||
void *hmac_ctx;
|
||||
} mbedtls_md_context_t;
|
||||
|
||||
/**
|
||||
* \brief Returns the list of digests supported by the generic digest module.
|
||||
* \brief This function returns the list of digests supported by the
|
||||
* generic digest module.
|
||||
*
|
||||
* \return a statically allocated array of digests, the last entry
|
||||
* is 0.
|
||||
* \return A statically allocated array of digests. Each element
|
||||
* in the returned list is an integer belonging to the
|
||||
* message-digest enumeration #mbedtls_md_type_t.
|
||||
* The last entry is 0.
|
||||
*/
|
||||
const int *mbedtls_md_list( void );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest name.
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest name.
|
||||
*
|
||||
* \param md_name Name of the digest to search for.
|
||||
* \param md_name The name of the digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_name or
|
||||
* NULL if not found.
|
||||
* \return The message-digest information associated with \p md_name,
|
||||
* or NULL if not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest type.
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest type.
|
||||
*
|
||||
* \param md_type type of digest to search for.
|
||||
* \param md_type The type of digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_type or
|
||||
* NULL if not found.
|
||||
* \return The message-digest information associated with \p md_type,
|
||||
* or NULL if not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a md_context (as NONE)
|
||||
* This should always be called first.
|
||||
* Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
|
||||
* \brief This function initializes a message-digest context without
|
||||
* binding it to a particular message-digest algorithm.
|
||||
*
|
||||
* This function should always be called first. It prepares the
|
||||
* context for mbedtls_md_setup() for binding it to a
|
||||
* message-digest algorithm.
|
||||
*/
|
||||
void mbedtls_md_init( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the internal structures of ctx.
|
||||
* Can be called at any time after mbedtls_md_init().
|
||||
* Mandatory once mbedtls_md_setup() has been called.
|
||||
* \brief This function clears the internal structure of \p ctx and
|
||||
* frees any embedded internal structure, but does not free
|
||||
* \p ctx itself.
|
||||
*
|
||||
* If you have called mbedtls_md_setup() on \p ctx, you must
|
||||
* call mbedtls_md_free() when you are no longer using the
|
||||
* context.
|
||||
* Calling this function if you have previously
|
||||
* called mbedtls_md_init() and nothing else is optional.
|
||||
* You must not call this function if you have not called
|
||||
* mbedtls_md_init().
|
||||
*/
|
||||
void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
||||
|
||||
|
@ -125,220 +156,288 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* It should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md_setup() in 2.0.0
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
*/
|
||||
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
* \param hmac 0 to save some memory if HMAC will not be used,
|
||||
* non-zero is HMAC is going to be used with this context.
|
||||
* It should be called after mbedtls_md_init() or
|
||||
* mbedtls_md_free(). Makes it necessary to call
|
||||
* mbedtls_md_free() later.
|
||||
*
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param hmac <ul><li>0: HMAC is not used. Saves some memory.</li>
|
||||
* <li>non-zero: HMAC is used with this context.</li></ul>
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or
|
||||
* #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure.
|
||||
*/
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
/**
|
||||
* \brief Clone the state of an MD context
|
||||
* \brief This function clones the state of an message-digest
|
||||
* context.
|
||||
*
|
||||
* \note The two contexts must have been setup to the same type
|
||||
* (cloning from SHA-256 to SHA-512 make no sense).
|
||||
* \note You must call mbedtls_md_setup() on \c dst before calling
|
||||
* this function.
|
||||
*
|
||||
* \warning Only clones the MD state, not the HMAC state! (for now)
|
||||
* \note The two contexts must have the same type,
|
||||
* for example, both are SHA-256.
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
* \warning This function clones the message-digest state, not the
|
||||
* HMAC state.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to be cloned.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
|
||||
*/
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
||||
/**
|
||||
* \brief Returns the size of the message digest output.
|
||||
* \brief This function extracts the message-digest size from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return size of the message digest output in bytes.
|
||||
* \return The size of the message-digest output in Bytes.
|
||||
*/
|
||||
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the type of the message digest output.
|
||||
* \brief This function extracts the message-digest type from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return type of the message digest output.
|
||||
* \return The type of the message digest.
|
||||
*/
|
||||
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the name of the message digest output.
|
||||
* \brief This function extracts the message-digest name from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return name of the message digest output.
|
||||
* \return The name of the message digest.
|
||||
*/
|
||||
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Prepare the context to digest a new message.
|
||||
* Generally called after mbedtls_md_setup() or mbedtls_md_finish().
|
||||
* Followed by mbedtls_md_update().
|
||||
* \brief This function starts a message-digest computation.
|
||||
*
|
||||
* \param ctx generic message digest context.
|
||||
* You must call this function after setting up the context
|
||||
* with mbedtls_md_setup(), and before passing data with
|
||||
* mbedtls_md_update().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest process buffer
|
||||
* Called between mbedtls_md_starts() and mbedtls_md_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* message-digest computation.
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param input buffer holding the datal
|
||||
* \param ilen length of the input data
|
||||
* You must call mbedtls_md_starts() before calling this
|
||||
* function. You may call this function multiple times.
|
||||
* Afterwards, call mbedtls_md_finish().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest final digest
|
||||
* Called after mbedtls_md_update().
|
||||
* Usually followed by mbedtls_md_free() or mbedtls_md_starts().
|
||||
* \brief This function finishes the digest operation,
|
||||
* and writes the result to the output buffer.
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param output Generic message digest checksum result
|
||||
* Call this function after a call to mbedtls_md_starts(),
|
||||
* followed by any number of calls to mbedtls_md_update().
|
||||
* Afterwards, you may either clear the context with
|
||||
* mbedtls_md_free(), or call mbedtls_md_starts() to reuse
|
||||
* the context for another digest operation with the same
|
||||
* algorithm.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param output The buffer for the generic message-digest checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Output = message_digest( input buffer )
|
||||
* \brief This function calculates the message-digest of a buffer,
|
||||
* with respect to a configurable message-digest algorithm
|
||||
* in a single call.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic message digest checksum result
|
||||
* The result is calculated as
|
||||
* Output = message_digest(input buffer).
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Output = message_digest( file contents )
|
||||
* \brief This function calculates the message-digest checksum
|
||||
* result of the contents of the provided file.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param path input file name
|
||||
* \param output generic message digest checksum result
|
||||
* The result is calculated as
|
||||
* Output = message_digest(file contents).
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param path The input file name.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
*/
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Set HMAC key and prepare to authenticate a new message.
|
||||
* Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
|
||||
* \brief This function sets the HMAC key and prepares to
|
||||
* authenticate a new message.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
* Call this function after mbedtls_md_setup(), to use
|
||||
* the MD context for an HMAC calculation, then call
|
||||
* mbedtls_md_hmac_update() to provide the input data, and
|
||||
* mbedtls_md_hmac_finish() to get the HMAC value.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC key in Bytes.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
||||
/**
|
||||
* \brief Generic HMAC process buffer.
|
||||
* Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* and mbedtls_md_hmac_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing HMAC
|
||||
* computation.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* before calling this function.
|
||||
* You may call this function multiple times to pass the
|
||||
* input piecewise.
|
||||
* Afterwards, call mbedtls_md_hmac_finish().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output HMAC.
|
||||
* Called after mbedtls_md_hmac_update().
|
||||
* Usually followed by mbedtls_md_hmac_reset(),
|
||||
* mbedtls_md_hmac_starts(), or mbedtls_md_free().
|
||||
* \brief This function finishes the HMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param output Generic HMAC checksum result
|
||||
* Call this function after mbedtls_md_hmac_starts() and
|
||||
* mbedtls_md_hmac_update() to get the HMAC value. Afterwards
|
||||
* you may either call mbedtls_md_free() to clear the context,
|
||||
* or call mbedtls_md_hmac_reset() to reuse the context with
|
||||
* the same HMAC key.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param output The generic HMAC checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_md_hmac_finish() and before
|
||||
* mbedtls_md_hmac_update().
|
||||
* \brief This function prepares to authenticate a new message with
|
||||
* the same key as the previous HMAC operation.
|
||||
*
|
||||
* \param ctx HMAC context to be reset
|
||||
* You may call this function after mbedtls_md_hmac_finish().
|
||||
* Afterwards call mbedtls_md_hmac_update() to pass the new
|
||||
* input.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_HMAC( hmac key, input buffer )
|
||||
* \brief This function calculates the full generic HMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic HMAC-result
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* The HMAC result is calculated as
|
||||
* output = generic HMAC(hmac key, input buffer).
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC secret key in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic HMAC result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
*
|
||||
* \brief MD2 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -19,6 +24,7 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD2_H
|
||||
#define MBEDTLS_MD2_H
|
||||
|
@ -31,6 +37,13 @@
|
|||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -41,6 +54,11 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* \brief MD2 context structure
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -55,6 +73,11 @@ mbedtls_md2_context;
|
|||
* \brief Initialize MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_init( mbedtls_md2_context *ctx );
|
||||
|
||||
|
@ -62,6 +85,11 @@ void mbedtls_md2_init( mbedtls_md2_context *ctx );
|
|||
* \brief Clear MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be cleared
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_free( mbedtls_md2_context *ctx );
|
||||
|
||||
|
@ -70,6 +98,11 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx );
|
|||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
||||
const mbedtls_md2_context *src );
|
||||
|
@ -78,25 +111,150 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
|||
* \brief MD2 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_starts( mbedtls_md2_context *ctx );
|
||||
int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD2 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts(
|
||||
mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_md2_starts_ret( ctx );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_update(
|
||||
mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md2_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish(
|
||||
mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_process(
|
||||
mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_internal_md2_process( ctx );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -113,22 +271,61 @@ extern "C" {
|
|||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md2_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_ret( input, ilen, output );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
*
|
||||
* \brief MD4 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -19,6 +24,7 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD4_H
|
||||
#define MBEDTLS_MD4_H
|
||||
|
@ -32,6 +38,13 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -42,6 +55,11 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* \brief MD4 context structure
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -55,6 +73,11 @@ mbedtls_md4_context;
|
|||
* \brief Initialize MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_init( mbedtls_md4_context *ctx );
|
||||
|
||||
|
@ -62,6 +85,11 @@ void mbedtls_md4_init( mbedtls_md4_context *ctx );
|
|||
* \brief Clear MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be cleared
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_free( mbedtls_md4_context *ctx );
|
||||
|
||||
|
@ -70,6 +98,11 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx );
|
|||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
||||
const mbedtls_md4_context *src );
|
||||
|
@ -78,25 +111,153 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
|||
* \brief MD4 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*/
|
||||
void mbedtls_md4_starts( mbedtls_md4_context *ctx );
|
||||
int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD4 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts(
|
||||
mbedtls_md4_context *ctx )
|
||||
{
|
||||
mbedtls_md4_starts_ret( ctx );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_update(
|
||||
mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md4_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish(
|
||||
mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_process(
|
||||
mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md4_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -113,22 +274,63 @@ extern "C" {
|
|||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md4_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_ret( input, ilen, output );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -32,16 +37,28 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -55,6 +72,11 @@ mbedtls_md5_context;
|
|||
* \brief Initialize MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_init( mbedtls_md5_context *ctx );
|
||||
|
||||
|
@ -62,6 +84,11 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx );
|
|||
* \brief Clear MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be cleared
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_free( mbedtls_md5_context *ctx );
|
||||
|
||||
|
@ -70,6 +97,11 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx );
|
|||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
||||
const mbedtls_md5_context *src );
|
||||
|
@ -78,28 +110,154 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
|||
* \brief MD5 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_starts( mbedtls_md5_context *ctx );
|
||||
int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts(
|
||||
mbedtls_md5_context *ctx )
|
||||
{
|
||||
mbedtls_md5_starts_ret( ctx );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_update(
|
||||
mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md5_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish(
|
||||
mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_process(
|
||||
mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md5_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -116,16 +274,60 @@ extern "C" {
|
|||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md5_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_ret( input, ilen, output );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -6,7 +6,8 @@
|
|||
* \warning This in an internal header. Do not include directly.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -58,17 +59,17 @@ struct mbedtls_md_info_t
|
|||
int block_size;
|
||||
|
||||
/** Digest initialisation function */
|
||||
void (*starts_func)( void *ctx );
|
||||
int (*starts_func)( void *ctx );
|
||||
|
||||
/** Digest update function */
|
||||
void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
|
||||
int (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/** Digest finalisation function */
|
||||
void (*finish_func)( void *ctx, unsigned char *output );
|
||||
int (*finish_func)( void *ctx, unsigned char *output );
|
||||
|
||||
/** Generic digest function */
|
||||
void (*digest_func)( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
int (*digest_func)( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
@ -80,7 +81,7 @@ struct mbedtls_md_info_t
|
|||
void (*clone_func)( void *dst, const void *src );
|
||||
|
||||
/** Internal use only */
|
||||
void (*process_func)( void *ctx, const unsigned char *input );
|
||||
int (*process_func)( void *ctx, const unsigned char *input );
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file memory_buffer_alloc.h
|
||||
*
|
||||
* \brief Buffer-based memory allocator
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -3,6 +3,9 @@
|
|||
*
|
||||
* \brief Deprecated header file that includes mbedtls/net_sockets.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -19,8 +22,6 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file net_sockets.h
|
||||
*
|
||||
* \brief Network communication functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file oid.h
|
||||
*
|
||||
* \brief Object Identifier (OID) database
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
|
||||
* processors
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file pem.h
|
||||
*
|
||||
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file pk.h
|
||||
*
|
||||
* \brief Public Key abstraction layer
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -63,6 +64,7 @@
|
|||
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
|
||||
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
|
||||
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/**
|
||||
* \file pk.h
|
||||
* \file pk_internal.h
|
||||
*
|
||||
* \brief Public Key abstraction layer: wrapper functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
* \brief Wrapper for PKCS#11 library libpkcs11-helper
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file pkcs12.h
|
||||
*
|
||||
* \brief PKCS#12 Personal Information Exchange Syntax
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
* \brief PKCS#5 functions
|
||||
*
|
||||
* \author Mathias Olsson <mathias@kompetensum.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
/**
|
||||
* \file platform.h
|
||||
*
|
||||
* \brief mbed TLS Platform abstraction layer
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* \brief The Mbed TLS platform abstraction layer.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,7 +19,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_H
|
||||
#define MBEDTLS_PLATFORM_H
|
||||
|
@ -51,34 +52,34 @@ extern "C" {
|
|||
#include <time.h>
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(_WIN32)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
|
||||
#else
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
|
@ -115,12 +116,12 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size );
|
|||
extern void (*mbedtls_free)( void *ptr );
|
||||
|
||||
/**
|
||||
* \brief Set your own memory implementation function pointers
|
||||
* \brief This function allows configuring custom memory-management functions.
|
||||
*
|
||||
* \param calloc_func the calloc function implementation
|
||||
* \param free_func the free function implementation
|
||||
* \param calloc_func The \c calloc function implementation.
|
||||
* \param free_func The \c free function implementation.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
||||
void (*free_func)( void * ) );
|
||||
|
@ -139,11 +140,11 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
|||
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own fprintf function pointer
|
||||
* \brief This function allows configuring a custom \p fprintf function pointer.
|
||||
*
|
||||
* \param fprintf_func the fprintf function implementation
|
||||
* \param fprintf_func The \c fprintf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
|
||||
... ) );
|
||||
|
@ -162,11 +163,12 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char
|
|||
extern int (*mbedtls_printf)( const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own printf function pointer
|
||||
* \brief This function allows configuring a custom \c printf function
|
||||
* pointer.
|
||||
*
|
||||
* \param printf_func the printf function implementation
|
||||
* \param printf_func The \c printf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
|
||||
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
|
@ -195,11 +197,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
|
|||
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own snprintf function pointer
|
||||
* \brief This function allows configuring a custom \c snprintf function
|
||||
* pointer.
|
||||
*
|
||||
* \param snprintf_func the snprintf function implementation
|
||||
* \param snprintf_func The \c snprintf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
const char * format, ... ) );
|
||||
|
@ -220,11 +223,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
|||
extern void (*mbedtls_exit)( int status );
|
||||
|
||||
/**
|
||||
* \brief Set your own exit function pointer
|
||||
* \brief This function allows configuring a custom \c exit function
|
||||
* pointer.
|
||||
*
|
||||
* \param exit_func the exit function implementation
|
||||
* \param exit_func The \c exit function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#else
|
||||
|
@ -267,12 +271,13 @@ extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
|
|||
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
|
||||
|
||||
/**
|
||||
* \brief Set your own seed file writing/reading functions
|
||||
* \brief This function allows configuring custom seed file writing and
|
||||
* reading functions.
|
||||
*
|
||||
* \param nv_seed_read_func the seed reading function implementation
|
||||
* \param nv_seed_write_func the seed writing function implementation
|
||||
* \param nv_seed_read_func The seed reading function implementation.
|
||||
* \param nv_seed_write_func The seed writing function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
|
@ -293,13 +298,13 @@ int mbedtls_platform_set_nv_seed(
|
|||
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
|
||||
|
||||
/**
|
||||
* \brief Platform context structure
|
||||
* \brief The platform context structure.
|
||||
*
|
||||
* \note This structure may be used to assist platform-specific
|
||||
* setup/teardown operations.
|
||||
* setup or teardown operations.
|
||||
*/
|
||||
typedef struct {
|
||||
char dummy; /**< Placeholder member as empty structs are not portable */
|
||||
char dummy; /**< Placeholder member, as empty structs are not portable. */
|
||||
}
|
||||
mbedtls_platform_context;
|
||||
|
||||
|
@ -308,32 +313,32 @@ mbedtls_platform_context;
|
|||
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
|
||||
/**
|
||||
* \brief Perform any platform initialisation operations
|
||||
* \brief This function performs any platform initialization operations.
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
* \param ctx The Mbed TLS context.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
* \note This function is intended to allow platform specific initialisation,
|
||||
* \note This function is intended to allow platform-specific initialization,
|
||||
* and should be called before any other library functions. Its
|
||||
* implementation is platform specific, and by default, unless platform
|
||||
* specific code is provided, it does nothing.
|
||||
* implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* Its use and whether it is necessary to call it is dependent on the
|
||||
* platform.
|
||||
*/
|
||||
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
|
||||
/**
|
||||
* \brief Perform any platform teardown operations
|
||||
* \brief This function performs any platform teardown operations.
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
* \param ctx The Mbed TLS context.
|
||||
*
|
||||
* \note This function should be called after every other mbed TLS module has
|
||||
* been correctly freed using the appropriate free function.
|
||||
* Its implementation is platform specific, and by default, unless
|
||||
* platform specific code is provided, it does nothing.
|
||||
* \note This function should be called after every other Mbed TLS module
|
||||
* has been correctly freed using the appropriate free function.
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* Its use and whether it is necessary to call it is dependent on the
|
||||
* platform.
|
||||
*/
|
||||
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file platform_time.h
|
||||
*
|
||||
* \brief mbed TLS Platform time abstraction
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ripemd160.h
|
||||
*
|
||||
* \brief RIPE MD-160 message digest
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -32,6 +33,13 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -78,36 +86,121 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
|
|||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
|
||||
int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] );
|
||||
int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts(
|
||||
mbedtls_ripemd160_context *ctx )
|
||||
{
|
||||
mbedtls_ripemd160_starts_ret( ctx );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_ripemd160_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_ripemd160_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160.h"
|
||||
#include "ripemd160_alt.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -117,12 +210,41 @@ extern "C" {
|
|||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[20] );
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_ret( input, ilen, output );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,216 @@
|
|||
/**
|
||||
* \file rsa_internal.h
|
||||
*
|
||||
* \brief Context-independent RSA helper functions
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*
|
||||
* This file declares some RSA-related helper functions useful when
|
||||
* implementing the RSA interface. They are public and provided in a
|
||||
* separate compilation unit in order to make it easy for designers of
|
||||
* alternative RSA implementations to use them in their code, as it is
|
||||
* conceived that the functionality they provide will be necessary
|
||||
* for most complete implementations.
|
||||
*
|
||||
* End-users of Mbed TLS not intending to re-implement the RSA functionality
|
||||
* are not expected to get into the need of making use of these functions directly,
|
||||
* but instead should be able to use the functions declared in rsa.h.
|
||||
*
|
||||
* There are two classes of helper functions:
|
||||
* (1) Parameter-generating helpers. These are:
|
||||
* - mbedtls_rsa_deduce_primes
|
||||
* - mbedtls_rsa_deduce_private_exponent
|
||||
* - mbedtls_rsa_deduce_crt
|
||||
* Each of these functions takes a set of core RSA parameters
|
||||
* and generates some other, or CRT related parameters.
|
||||
* (2) Parameter-checking helpers. These are:
|
||||
* - mbedtls_rsa_validate_params
|
||||
* - mbedtls_rsa_validate_crt
|
||||
* They take a set of core or CRT related RSA parameters
|
||||
* and check their validity.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_RSA_INTERNAL_H
|
||||
#define MBEDTLS_RSA_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* \brief Compute RSA prime moduli P, Q from public modulus N=PQ
|
||||
* and a pair of private and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ, with P, Q to be found
|
||||
* \param E RSA public exponent
|
||||
* \param D RSA private exponent
|
||||
* \param P Pointer to MPI holding first prime factor of N on success
|
||||
* \param Q Pointer to MPI holding second prime factor of N on success
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, P and Q constitute a
|
||||
* factorization of N.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note It is neither checked that P, Q are prime nor that
|
||||
* D, E are modular inverses wrt. P-1 and Q-1. For that,
|
||||
* use the helper function \c mbedtls_rsa_validate_params.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
|
||||
mbedtls_mpi const *D,
|
||||
mbedtls_mpi *P, mbedtls_mpi *Q );
|
||||
|
||||
/**
|
||||
* \brief Compute RSA private exponent from
|
||||
* prime moduli and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param E RSA public exponent
|
||||
* \param D Pointer to MPI holding the private exponent on success.
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, D is set to a simultaneous
|
||||
* modular inverse of E modulo both P-1 and Q-1.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P and Q are primes.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
|
||||
mbedtls_mpi const *Q,
|
||||
mbedtls_mpi const *E,
|
||||
mbedtls_mpi *D );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Generate RSA-CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param DP Output variable for D modulo P-1
|
||||
* \param DQ Output variable for D modulo Q-1
|
||||
* \param QP Output variable for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return 0 on success, non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P, Q are
|
||||
* prime and whether D is a valid private exponent.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, mbedtls_mpi *DP,
|
||||
mbedtls_mpi *DQ, mbedtls_mpi *QP );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Check validity of core RSA parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param E RSA public exponent
|
||||
* \param f_rng PRNG to be used for primality check, or NULL
|
||||
* \param p_rng PRNG context for f_rng, or NULL
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied
|
||||
* if all relevant parameters are provided:
|
||||
* - P prime if f_rng != NULL (%)
|
||||
* - Q prime if f_rng != NULL (%)
|
||||
* - 1 < N = P * Q
|
||||
* - 1 < D, E < N
|
||||
* - D and E are modular inverses modulo P-1 and Q-1
|
||||
* (%) This is only done if MBEDTLS_GENPRIME is defined.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with
|
||||
* (-,P,-,-,-) and a PRNG amounts to a primality check for P.
|
||||
*/
|
||||
int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *Q, const mbedtls_mpi *D,
|
||||
const mbedtls_mpi *E,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check validity of RSA CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param D RSA private exponent
|
||||
* \param DP MPI to check for D modulo P-1
|
||||
* \param DQ MPI to check for D modulo P-1
|
||||
* \param QP MPI to check for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied:
|
||||
* - D = DP mod P-1 if P, D, DP != NULL
|
||||
* - Q = DQ mod P-1 if P, D, DQ != NULL
|
||||
* - QP = Q^-1 mod P if P, Q, QP != NULL
|
||||
* - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed,
|
||||
* potentially including \c MBEDTLS_ERR_MPI_XXX if some
|
||||
* MPI calculations failed.
|
||||
* - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient
|
||||
* data was provided to check DP, DQ or QP.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with the
|
||||
* parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
|
||||
*/
|
||||
int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, const mbedtls_mpi *DP,
|
||||
const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
|
||||
|
||||
#endif /* rsa_internal.h */
|
|
@ -1,9 +1,14 @@
|
|||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief SHA-1 cryptographic hash function
|
||||
* \brief The SHA-1 cryptographic hash function.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,7 +23,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA1_H
|
||||
#define MBEDTLS_SHA1_H
|
||||
|
@ -32,6 +37,13 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -41,65 +53,213 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
* \brief The SHA-1 context structure.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[5]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[5]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
}
|
||||
mbedtls_sha1_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-1 context
|
||||
* \brief This function initializes a SHA-1 context.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx SHA-1 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-1 context
|
||||
* \brief This function clears a SHA-1 context.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx SHA-1 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-1 context
|
||||
* \brief This function clones the state of a SHA-1 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only)
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context to be initialized.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
|
||||
mbedtls_sha1_context *ctx )
|
||||
{
|
||||
mbedtls_sha1_starts_ret( ctx );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
|
||||
mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha1_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param output SHA-1 checksum result
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
|
||||
mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process(
|
||||
mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha1_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -113,19 +273,69 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-1 checksum result
|
||||
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_ret( input, ilen, output );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The SHA-1 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_sha1_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
/**
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief SHA-224 and SHA-256 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* \brief The SHA-224 and SHA-256 cryptographic hash function.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,7 +19,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA256_H
|
||||
#define MBEDTLS_SHA256_H
|
||||
|
@ -32,6 +33,12 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -41,69 +48,174 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context structure
|
||||
* \brief The SHA-256 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-256 and for SHA-224
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha256_starts_ret().
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
int is224; /*!< 0 => SHA-256, else SHA-224 */
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
int is224; /*!< Determines which function to use.
|
||||
<ul><li>0: Use SHA-256.</li>
|
||||
<li>1: Use SHA-224.</li></ul> */
|
||||
}
|
||||
mbedtls_sha256_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-256 context
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
* \param ctx SHA-256 context to be initialized
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-256 context
|
||||
* \brief This function clears a SHA-256 context.
|
||||
*
|
||||
* \param ctx SHA-256 context to be cleared
|
||||
* \param ctx The SHA-256 context to clear.
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-256 context
|
||||
* \brief This function clones the state of a SHA-256 context.
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context setup
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 process buffer
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 final digest
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param output SHA-224/256 checksum result
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-256 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
|
||||
mbedtls_sha256_context *ctx,
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_starts_ret( ctx, is224 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
|
||||
mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha256_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224or SHA-256 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
|
||||
mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] )
|
||||
{
|
||||
mbedtls_sha256_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process(
|
||||
mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha256_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -117,20 +229,69 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-256( input buffer )
|
||||
* \brief This function calculates the SHA-224 or SHA-256
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-224/256 checksum result
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*/
|
||||
void mbedtls_sha256( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[32], int is224 );
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief This function calculates the SHA-224 or SHA-256 checksum
|
||||
* of a buffer.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_ret( input, ilen, output, is224 );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief The SHA-224 and SHA-256 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
/**
|
||||
* \file sha512.h
|
||||
*
|
||||
* \brief SHA-384 and SHA-512 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* \brief The SHA-384 and SHA-512 cryptographic hash function.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -18,7 +19,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA512_H
|
||||
#define MBEDTLS_SHA512_H
|
||||
|
@ -32,6 +33,12 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -41,65 +48,174 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context structure
|
||||
* \brief The SHA-512 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-384 and for SHA-512
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha512_starts_ret().
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint64_t total[2]; /*!< number of bytes processed */
|
||||
uint64_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[128]; /*!< data block being processed */
|
||||
int is384; /*!< 0 => SHA-512, else SHA-384 */
|
||||
uint64_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint64_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[128]; /*!< The data block being processed. */
|
||||
int is384; /*!< Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul> */
|
||||
}
|
||||
mbedtls_sha512_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-512 context
|
||||
* \brief This function initializes a SHA-512 context.
|
||||
*
|
||||
* \param ctx SHA-512 context to be initialized
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
*/
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-512 context
|
||||
* \brief This function clears a SHA-512 context.
|
||||
*
|
||||
* \param ctx SHA-512 context to be cleared
|
||||
* \param ctx The SHA-512 context to clear.
|
||||
*/
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-512 context
|
||||
* \brief This function clones the state of a SHA-512 context.
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*/
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context setup
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 process buffer
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
|
||||
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 final digest
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
|
||||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts(
|
||||
mbedtls_sha512_context *ctx,
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_starts_ret( ctx, is384 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha512_update_ret( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish(
|
||||
mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] )
|
||||
{
|
||||
mbedtls_sha512_finish_ret( ctx, output );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] )
|
||||
{
|
||||
mbedtls_internal_sha512_process( ctx, data );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -114,26 +230,72 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-512( input buffer )
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
void mbedtls_sha512( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 );
|
||||
int mbedtls_sha512_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_ret( input, ilen, output, is384 );
|
||||
}
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
/**
|
||||
* \brief The SHA-384 or SHA-512 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ssl.h
|
||||
*
|
||||
* \brief SSL/TLS functions.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1699,18 +1700,50 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values,
|
||||
* read as hexadecimal strings (server-side only)
|
||||
* (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
|
||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_P Diffie-Hellman-Merkle modulus
|
||||
* \param dhm_G Diffie-Hellman-Merkle generator
|
||||
*
|
||||
* \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
|
||||
MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
|
||||
const char *dhm_P,
|
||||
const char *dhm_G );
|
||||
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values
|
||||
* from big-endian binary presentations.
|
||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
|
||||
* \param P_len Length of DHM modulus
|
||||
* \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
|
||||
* \param G_len Length of DHM generator
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
|
||||
const unsigned char *dhm_P, size_t P_len,
|
||||
const unsigned char *dhm_G, size_t G_len );
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values,
|
||||
|
@ -1794,15 +1827,22 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set the hostname to check against the received server
|
||||
* certificate. It sets the ServerName TLS extension too,
|
||||
* if the extension is enabled.
|
||||
* (client-side only)
|
||||
* \brief Set or reset the hostname to check against the received
|
||||
* server certificate. It sets the ServerName TLS extension,
|
||||
* too, if that extension is enabled. (client-side only)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param hostname the server hostname
|
||||
* \param hostname the server hostname, may be NULL to clear hostname
|
||||
|
||||
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
|
||||
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
|
||||
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
|
||||
* too long input hostname.
|
||||
*
|
||||
* Hostname set to the one provided on success (cleared
|
||||
* when NULL). On allocation failure hostname is cleared.
|
||||
* On too long input failure, old hostname is unchanged.
|
||||
*/
|
||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ssl_cache.h
|
||||
*
|
||||
* \brief SSL session cache implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ssl_ciphersuites.h
|
||||
*
|
||||
* \brief SSL Ciphersuites for mbed TLS
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ssl_cookie.h
|
||||
*
|
||||
* \brief DTLS cookie callbacks implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/**
|
||||
* \file ssl_ticket.h
|
||||
* \file ssl_internal.h
|
||||
*
|
||||
* \brief Internal functions shared by the SSL modules
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -24,6 +25,7 @@
|
|||
#define MBEDTLS_SSL_INTERNAL_H
|
||||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "md5.h"
|
||||
|
@ -138,13 +140,33 @@
|
|||
#define MBEDTLS_SSL_PADDING_ADD 0
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
|
||||
+ MBEDTLS_SSL_COMPRESSION_ADD \
|
||||
+ 29 /* counter + header + IV */ \
|
||||
+ MBEDTLS_SSL_MAC_ADD \
|
||||
+ MBEDTLS_SSL_PADDING_ADD \
|
||||
#define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
|
||||
+ MBEDTLS_SSL_COMPRESSION_ADD \
|
||||
+ MBEDTLS_MAX_IV_LENGTH \
|
||||
+ MBEDTLS_SSL_MAC_ADD \
|
||||
+ MBEDTLS_SSL_PADDING_ADD \
|
||||
)
|
||||
|
||||
/*
|
||||
* Check that we obey the standard's message size bounds
|
||||
*/
|
||||
|
||||
#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
|
||||
#error Bad configuration - record content too large.
|
||||
#endif
|
||||
|
||||
#if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048
|
||||
#error Bad configuration - protected record payload too large.
|
||||
#endif
|
||||
|
||||
/* Note: Even though the TLS record header is only 5 bytes
|
||||
long, we're internally using 8 bytes to store the
|
||||
implicit sequence number. */
|
||||
#define MBEDTLS_SSL_HEADER_LEN 13
|
||||
|
||||
#define MBEDTLS_SSL_BUFFER_LEN \
|
||||
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
|
||||
|
||||
/*
|
||||
* TLS extension flags (for extensions with outgoing ServerHello content
|
||||
* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
|
||||
|
@ -600,9 +622,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
|||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
const unsigned char *A = (const unsigned char *) a;
|
||||
const unsigned char *B = (const unsigned char *) b;
|
||||
unsigned char diff = 0;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
diff |= A[i] ^ B[i];
|
||||
|
@ -610,6 +632,23 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t
|
|||
return( diff );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len );
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file ssl_ticket.h
|
||||
*
|
||||
* \brief TLS server ticket callbacks implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file threading.h
|
||||
*
|
||||
* \brief Threading abstraction layer
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/**
|
||||
* \file timing.h
|
||||
*
|
||||
* \brief Portable interface to the CPU cycle counter
|
||||
*
|
||||
* \brief Portable interface to timeouts and to the CPU cycle counter
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -65,6 +66,9 @@ extern volatile int mbedtls_timing_alarmed;
|
|||
* \warning This is only a best effort! Do not rely on this!
|
||||
* In particular, it is known to be unreliable on virtual
|
||||
* machines.
|
||||
*
|
||||
* \note This value starts at an unspecified origin and
|
||||
* may wrap around.
|
||||
*/
|
||||
unsigned long mbedtls_timing_hardclock( void );
|
||||
|
||||
|
@ -72,7 +76,18 @@ unsigned long mbedtls_timing_hardclock( void );
|
|||
* \brief Return the elapsed time in milliseconds
|
||||
*
|
||||
* \param val points to a timer structure
|
||||
* \param reset if set to 1, the timer is restarted
|
||||
* \param reset If 0, query the elapsed time. Otherwise (re)start the timer.
|
||||
*
|
||||
* \return Elapsed time since the previous reset in ms. When
|
||||
* restarting, this is always 0.
|
||||
*
|
||||
* \note To initialize a timer, call this function with reset=1.
|
||||
*
|
||||
* Determining the elapsed time and resetting the timer is not
|
||||
* atomic on all platforms, so after the sequence
|
||||
* `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
|
||||
* get_timer(0) }` the value time1+time2 is only approximately
|
||||
* the delay since the first reset.
|
||||
*/
|
||||
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
|
||||
|
||||
|
@ -80,6 +95,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int
|
|||
* \brief Setup an alarm clock
|
||||
*
|
||||
* \param seconds delay before the "mbedtls_timing_alarmed" flag is set
|
||||
* (must be >=0)
|
||||
*
|
||||
* \warning Only one alarm at a time is supported. In a threaded
|
||||
* context, this means one for the whole process, not one per
|
||||
|
@ -91,11 +107,15 @@ void mbedtls_set_alarm( int seconds );
|
|||
* \brief Set a pair of delays to watch
|
||||
* (See \c mbedtls_timing_get_delay().)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* \param data Pointer to timing data.
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
* \param int_ms First (intermediate) delay in milliseconds.
|
||||
* The effect if int_ms > fin_ms is unspecified.
|
||||
* \param fin_ms Second (final) delay in milliseconds.
|
||||
* Pass 0 to cancel the current delay.
|
||||
*
|
||||
* \note To set a single delay, either use \c mbedtls_timing_set_timer
|
||||
* directly or use this function with int_ms == fin_ms.
|
||||
*/
|
||||
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
||||
|
||||
|
@ -106,7 +126,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
|||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
*
|
||||
* \return -1 if cancelled (fin_ms = 0)
|
||||
* \return -1 if cancelled (fin_ms = 0),
|
||||
* 0 if none of the delays are passed,
|
||||
* 1 if only the intermediate delay is passed,
|
||||
* 2 if the final delay is passed.
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file version.h
|
||||
*
|
||||
* \brief Run-time version information
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -38,17 +39,17 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 6
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
#define MBEDTLS_VERSION_MINOR 7
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02060100
|
||||
#define MBEDTLS_VERSION_STRING "2.6.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.1"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02070000
|
||||
#define MBEDTLS_VERSION_STRING "2.7.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file x509.h
|
||||
*
|
||||
* \brief X.509 generic defines and structures
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file x509_crl.h
|
||||
*
|
||||
* \brief X.509 certificate revocation list parsing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file x509_crt.h
|
||||
*
|
||||
* \brief X.509 certificate parsing and writing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -373,21 +374,22 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
|
|||
|
||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
/**
|
||||
* \brief Check usage of certificate against extentedJeyUsage.
|
||||
* \brief Check usage of certificate against extendedKeyUsage.
|
||||
*
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
|
||||
* MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
|
||||
*
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
*
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
*/
|
||||
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
/**
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file x509_csr.h
|
||||
*
|
||||
* \brief X.509 certificate signing request parsing and writing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* \file xtea.h
|
||||
*
|
||||
* \brief XTEA block cipher (32-bit)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -36,6 +37,7 @@
|
|||
#define MBEDTLS_XTEA_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
|
||||
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
|
|
|
@ -1235,9 +1235,11 @@ static const int aes_test_ctr_len[3] =
|
|||
*/
|
||||
int mbedtls_aes_self_test( int verbose )
|
||||
{
|
||||
int ret = 0, i, j, u, v;
|
||||
int ret = 0, i, j, u, mode;
|
||||
unsigned int keybits;
|
||||
unsigned char key[32];
|
||||
unsigned char buf[64];
|
||||
const unsigned char *aes_tests;
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
unsigned char iv[16];
|
||||
#endif
|
||||
|
@ -1263,45 +1265,52 @@ int mbedtls_aes_self_test( int verbose )
|
|||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( buf, 0, 16 );
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
|
||||
aes_tests = aes_test_ecb_dec[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
aes_tests = aes_test_ecb_enc[u];
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
for( j = 0; j < 10000; j++ )
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_tests, 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -1318,55 +1327,64 @@ int mbedtls_aes_self_test( int verbose )
|
|||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( iv , 0, 16 );
|
||||
memset( prv, 0, 16 );
|
||||
memset( buf, 0, 16 );
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
|
||||
aes_tests = aes_test_cbc_dec[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
aes_tests = aes_test_cbc_enc[u];
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
{
|
||||
if( mode == MBEDTLS_AES_ENCRYPT )
|
||||
{
|
||||
unsigned char tmp[16];
|
||||
|
||||
mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
|
||||
|
||||
memcpy( tmp, prv, 16 );
|
||||
memcpy( prv, buf, 16 );
|
||||
memcpy( buf, tmp, 16 );
|
||||
}
|
||||
|
||||
if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_tests, 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -1384,45 +1402,52 @@ int mbedtls_aes_self_test( int verbose )
|
|||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( iv, aes_test_cfb128_iv, 16 );
|
||||
memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
|
||||
memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
|
||||
|
||||
offset = 0;
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
memcpy( buf, aes_test_cfb128_ct[u], 64 );
|
||||
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
aes_tests = aes_test_cfb128_pt;
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy( buf, aes_test_cfb128_pt, 64 );
|
||||
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
|
||||
aes_tests = aes_test_cfb128_ct[u];
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
if( memcmp( buf, aes_tests, 64 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -1440,51 +1465,41 @@ int mbedtls_aes_self_test( int verbose )
|
|||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CTR-128 (%s): ",
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
|
||||
memcpy( key, aes_test_ctr_key[u], 16 );
|
||||
|
||||
offset = 0;
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
len = aes_test_ctr_len[u];
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
len = aes_test_ctr_len[u];
|
||||
memcpy( buf, aes_test_ctr_ct[u], len );
|
||||
|
||||
mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
|
||||
buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
aes_tests = aes_test_ctr_pt[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
len = aes_test_ctr_len[u];
|
||||
memcpy( buf, aes_test_ctr_pt[u], len );
|
||||
aes_tests = aes_test_ctr_ct[u];
|
||||
}
|
||||
|
||||
mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
|
||||
buf, buf );
|
||||
ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
|
||||
stream_block, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
if( memcmp( buf, aes_tests, len ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -1498,6 +1513,9 @@ int mbedtls_aes_self_test( int verbose )
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
if( ret != 0 && verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
mbedtls_aes_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
|
|
|
@ -63,6 +63,11 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
|
|||
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
|
||||
#define biL (ciL << 3) /* bits in limb */
|
||||
#define biH (ciL << 2) /* half limb size */
|
||||
|
@ -672,16 +677,20 @@ cleanup:
|
|||
int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret;
|
||||
size_t i, j, n;
|
||||
size_t i, j;
|
||||
size_t const limbs = CHARS_TO_LIMBS( buflen );
|
||||
|
||||
for( n = 0; n < buflen; n++ )
|
||||
if( buf[n] != 0 )
|
||||
break;
|
||||
/* Ensure that target MPI has exactly the necessary number of limbs */
|
||||
if( X->n != limbs )
|
||||
{
|
||||
mbedtls_mpi_free( X );
|
||||
mbedtls_mpi_init( X );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
||||
|
||||
for( i = buflen, j = 0; i > n; i--, j++ )
|
||||
for( i = buflen, j = 0; i > 0; i--, j++ )
|
||||
X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
|
||||
|
||||
cleanup:
|
||||
|
@ -1882,6 +1891,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -49,6 +49,8 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
|
@ -348,6 +350,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_CCM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/*
|
||||
|
|
|
@ -516,14 +516,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
|
|||
if( NULL == input || NULL == data_len )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
bad = 0xFF;
|
||||
bad = 0x80;
|
||||
*data_len = 0;
|
||||
for( i = input_len; i > 0; i-- )
|
||||
{
|
||||
prev_done = done;
|
||||
done |= ( input[i-1] != 0 );
|
||||
done |= ( input[i - 1] != 0 );
|
||||
*data_len |= ( i - 1 ) * ( done != prev_done );
|
||||
bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
|
||||
bad ^= input[i - 1] * ( done != prev_done );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
|
||||
|
|
|
@ -65,6 +65,8 @@
|
|||
#endif /* MBEDTLS_SELF_TEST */
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
|
@ -164,7 +166,9 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT)
|
||||
static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
|
||||
const unsigned char *input2,
|
||||
const size_t block_size )
|
||||
|
@ -468,6 +472,8 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* CMAC test data for SP800-38B
|
||||
|
|
|
@ -94,11 +94,15 @@ int mbedtls_ctr_drbg_seed_entropy_len(
|
|||
/*
|
||||
* Initialize with an empty key
|
||||
*/
|
||||
mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -148,6 +152,7 @@ static int block_cipher_df( unsigned char *output,
|
|||
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
|
||||
unsigned char *p, *iv;
|
||||
mbedtls_aes_context aes_ctx;
|
||||
int ret = 0;
|
||||
|
||||
int i, j;
|
||||
size_t buf_len, use_len;
|
||||
|
@ -180,7 +185,10 @@ static int block_cipher_df( unsigned char *output,
|
|||
for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
|
||||
key[i] = i;
|
||||
|
||||
mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
|
||||
|
@ -199,7 +207,10 @@ static int block_cipher_df( unsigned char *output,
|
|||
use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
|
||||
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
|
||||
|
||||
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain );
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
|
@ -213,20 +224,40 @@ static int block_cipher_df( unsigned char *output,
|
|||
/*
|
||||
* Do final encryption with reduced data
|
||||
*/
|
||||
mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
|
||||
p = output;
|
||||
|
||||
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_aes_free( &aes_ctx );
|
||||
/*
|
||||
* tidy up the stack
|
||||
*/
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_zeroize( key, sizeof( key ) );
|
||||
mbedtls_zeroize( chain, sizeof( chain ) );
|
||||
if( 0 != ret )
|
||||
{
|
||||
/*
|
||||
* wipe partial seed from memory
|
||||
*/
|
||||
mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
||||
|
@ -235,6 +266,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
|
||||
unsigned char *p = tmp;
|
||||
int i, j;
|
||||
int ret = 0;
|
||||
|
||||
memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
|
||||
|
@ -250,7 +282,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p );
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
@ -261,7 +296,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
|
|||
/*
|
||||
* Update key and counter
|
||||
*/
|
||||
mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
return( 0 );
|
||||
|
@ -289,6 +327,7 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
|||
{
|
||||
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
|
||||
size_t seedlen = 0;
|
||||
int ret;
|
||||
|
||||
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
|
||||
len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
|
||||
|
@ -319,12 +358,18 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
|||
/*
|
||||
* Reduce to 384 bits
|
||||
*/
|
||||
block_cipher_df( seed, seed, seedlen );
|
||||
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Update state
|
||||
*/
|
||||
ctr_drbg_update_internal( ctx, seed );
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
ctx->reseed_counter = 1;
|
||||
|
||||
return( 0 );
|
||||
|
@ -354,15 +399,22 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
ctx->prediction_resistance )
|
||||
{
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
||||
}
|
||||
add_len = 0;
|
||||
}
|
||||
|
||||
if( add_len > 0 )
|
||||
{
|
||||
block_cipher_df( add_input, additional, add_len );
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
while( output_len > 0 )
|
||||
|
@ -377,7 +429,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp );
|
||||
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
|
||||
output_len;
|
||||
|
@ -389,7 +444,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
output_len -= use_len;
|
||||
}
|
||||
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ctx->reseed_counter++;
|
||||
|
||||
|
@ -430,20 +488,20 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
goto exit;
|
||||
|
||||
if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
else
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
|
||||
|
@ -462,14 +520,16 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
}
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
|
||||
else
|
||||
mbedtls_ctr_drbg_update( ctx, buf, n );
|
||||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_ctr_drbg_update( ctx, buf, n );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
|
|
|
@ -57,6 +57,7 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
|
@ -93,6 +94,9 @@ static int dhm_read_bignum( mbedtls_mpi *X,
|
|||
*
|
||||
* Parameter should be: 2 <= public_param <= P - 2
|
||||
*
|
||||
* This means that we need to return an error if
|
||||
* public_param < 2 or public_param > P-2
|
||||
*
|
||||
* For more information on the attack, see:
|
||||
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
|
||||
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
|
||||
|
@ -100,17 +104,17 @@ static int dhm_read_bignum( mbedtls_mpi *X,
|
|||
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
|
||||
{
|
||||
mbedtls_mpi L, U;
|
||||
int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
||||
int ret = 0;
|
||||
|
||||
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
|
||||
mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
|
||||
if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
|
||||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
|
||||
{
|
||||
ret = 0;
|
||||
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
@ -187,10 +191,15 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
/*
|
||||
* export P, G, GX
|
||||
*/
|
||||
#define DHM_MPI_EXPORT(X,n) \
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \
|
||||
*p++ = (unsigned char)( n >> 8 ); \
|
||||
*p++ = (unsigned char)( n ); p += n;
|
||||
#define DHM_MPI_EXPORT( X, n ) \
|
||||
do { \
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \
|
||||
p + 2, \
|
||||
( n ) ) ); \
|
||||
*p++ = (unsigned char)( ( n ) >> 8 ); \
|
||||
*p++ = (unsigned char)( ( n ) ); \
|
||||
p += ( n ); \
|
||||
} while( 0 )
|
||||
|
||||
n1 = mbedtls_mpi_size( &ctx->P );
|
||||
n2 = mbedtls_mpi_size( &ctx->G );
|
||||
|
@ -201,7 +210,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
DHM_MPI_EXPORT( &ctx->G , n2 );
|
||||
DHM_MPI_EXPORT( &ctx->GX, n3 );
|
||||
|
||||
*olen = p - output;
|
||||
*olen = p - output;
|
||||
|
||||
ctx->len = n1;
|
||||
|
||||
|
@ -213,6 +222,28 @@ cleanup:
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Set prime modulus and generator
|
||||
*/
|
||||
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
||||
const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *G )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ctx == NULL || P == NULL || G == NULL )
|
||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );
|
||||
}
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->P );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Import the peer's public value G^Y
|
||||
*/
|
||||
|
@ -400,10 +431,11 @@ cleanup:
|
|||
*/
|
||||
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
|
||||
{
|
||||
mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi );
|
||||
mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
|
||||
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G );
|
||||
mbedtls_mpi_free( &ctx->P );
|
||||
mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
|
||||
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
|
||||
mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
|
||||
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
|
||||
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
@ -542,7 +574,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
|
|||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( *buf, *n + 1 );
|
||||
mbedtls_free( *buf );
|
||||
|
||||
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
|
@ -577,6 +612,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
|||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
|
||||
/*
|
||||
* Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
|
||||
*/
|
||||
|
@ -47,7 +48,9 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
{
|
||||
return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
|
||||
/*
|
||||
* Compute shared secret (SEC1 3.3.1)
|
||||
*/
|
||||
|
@ -81,6 +84,7 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
|
|
|
@ -65,6 +65,7 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
|
||||
/*
|
||||
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
|
||||
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
|
||||
|
@ -81,6 +82,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
if( grp->N.p == NULL )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
/* Make sure d is in range 1..n-1 */
|
||||
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
|
||||
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||
|
||||
mbedtls_ecp_point_init( &R );
|
||||
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
|
||||
|
||||
|
@ -153,6 +158,7 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/*
|
||||
|
@ -192,6 +198,7 @@ cleanup:
|
|||
}
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
|
||||
/*
|
||||
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
|
||||
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
|
||||
|
@ -277,6 +284,7 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
|
||||
|
||||
/*
|
||||
* Convert a signature (given by context) to ASN.1
|
||||
|
@ -402,6 +410,7 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
|
||||
/*
|
||||
* Generate key pair
|
||||
*/
|
||||
|
@ -411,6 +420,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
|||
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
|
||||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
|
||||
|
||||
/*
|
||||
* Set context from an mbedtls_ecp_keypair
|
||||
|
|
|
@ -36,6 +36,8 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
|
||||
/*
|
||||
* Convert a mbedtls_ecjpake_role to identifier string
|
||||
*/
|
||||
|
@ -764,6 +766,7 @@ cleanup:
|
|||
#undef ID_MINE
|
||||
#undef ID_PEER
|
||||
|
||||
#endif /* ! MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
|
|
|
@ -1953,7 +1953,6 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
{
|
||||
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||
int count = 0;
|
||||
unsigned char rnd[MBEDTLS_ECP_MAX_BYTES];
|
||||
|
||||
/*
|
||||
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
||||
|
@ -1964,8 +1963,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
*/
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||
|
||||
/*
|
||||
|
|
|
@ -68,21 +68,26 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
|
||||
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof(mbedtls_entropy_context) );
|
||||
ctx->source_count = 0;
|
||||
memset( ctx->source, 0, sizeof( ctx->source ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &ctx->mutex );
|
||||
#endif
|
||||
|
||||
ctx->accumulator_started = 0;
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_starts( &ctx->accumulator, 0 );
|
||||
mbedtls_sha512_init( &ctx->accumulator );
|
||||
#else
|
||||
mbedtls_sha256_starts( &ctx->accumulator, 0 );
|
||||
mbedtls_sha256_init( &ctx->accumulator );
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
mbedtls_havege_init( &ctx->havege_data );
|
||||
#endif
|
||||
|
||||
/* Reminder: Update ENTROPY_HAVE_STRONG in the test files
|
||||
* when adding more strong entropy sources here. */
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
|
||||
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||
|
@ -113,6 +118,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
|||
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
|
||||
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||
ctx->initial_entropy_run = 0;
|
||||
#endif
|
||||
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
|
||||
}
|
||||
|
@ -125,7 +131,17 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
|
|||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) );
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_free( &ctx->accumulator );
|
||||
#else
|
||||
mbedtls_sha256_free( &ctx->accumulator );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
ctx->initial_entropy_run = 0;
|
||||
#endif
|
||||
ctx->source_count = 0;
|
||||
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
|
||||
ctx->accumulator_started = 0;
|
||||
}
|
||||
|
||||
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
|
||||
|
@ -172,13 +188,16 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
|
|||
unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
size_t use_len = len;
|
||||
const unsigned char *p = data;
|
||||
int ret = 0;
|
||||
|
||||
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||
{
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512( data, len, tmp, 0 );
|
||||
if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
#else
|
||||
mbedtls_sha256( data, len, tmp, 0 );
|
||||
if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
#endif
|
||||
p = tmp;
|
||||
use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
|
||||
|
@ -187,15 +206,35 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
|
|||
header[0] = source_id;
|
||||
header[1] = use_len & 0xFF;
|
||||
|
||||
/*
|
||||
* Start the accumulator if this has not already happened. Note that
|
||||
* it is sufficient to start the accumulator here only because all calls to
|
||||
* gather entropy eventually execute this code.
|
||||
*/
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_update( &ctx->accumulator, header, 2 );
|
||||
mbedtls_sha512_update( &ctx->accumulator, p, use_len );
|
||||
if( ctx->accumulator_started == 0 &&
|
||||
( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
else
|
||||
ctx->accumulator_started = 1;
|
||||
if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
|
||||
goto cleanup;
|
||||
ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
|
||||
#else
|
||||
mbedtls_sha256_update( &ctx->accumulator, header, 2 );
|
||||
mbedtls_sha256_update( &ctx->accumulator, p, use_len );
|
||||
if( ctx->accumulator_started == 0 &&
|
||||
( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
else
|
||||
ctx->accumulator_started = 1;
|
||||
if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
|
||||
goto cleanup;
|
||||
ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
cleanup:
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
|
||||
|
@ -242,7 +281,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
|
|||
if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
|
||||
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -250,15 +289,20 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
|
|||
*/
|
||||
if( olen > 0 )
|
||||
{
|
||||
entropy_update( ctx, (unsigned char) i, buf, olen );
|
||||
if( ( ret = entropy_update( ctx, (unsigned char) i,
|
||||
buf, olen ) ) != 0 )
|
||||
return( ret );
|
||||
ctx->source[i].size += olen;
|
||||
}
|
||||
}
|
||||
|
||||
if( have_one_strong == 0 )
|
||||
return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );
|
||||
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
|
||||
|
||||
return( 0 );
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -333,33 +377,52 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_finish( &ctx->accumulator, buf );
|
||||
/*
|
||||
* Note that at this stage it is assumed that the accumulator was started
|
||||
* in a previous call to entropy_update(). If this is not guaranteed, the
|
||||
* code below will fail.
|
||||
*/
|
||||
if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Reset accumulator and counters and recycle existing entropy
|
||||
*/
|
||||
memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
|
||||
mbedtls_sha512_starts( &ctx->accumulator, 0 );
|
||||
mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
mbedtls_sha512_free( &ctx->accumulator );
|
||||
mbedtls_sha512_init( &ctx->accumulator );
|
||||
if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
|
||||
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Perform second SHA-512 on entropy
|
||||
*/
|
||||
mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
|
||||
if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||
buf, 0 ) ) != 0 )
|
||||
goto exit;
|
||||
#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
|
||||
mbedtls_sha256_finish( &ctx->accumulator, buf );
|
||||
if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Reset accumulator and counters and recycle existing entropy
|
||||
*/
|
||||
memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
|
||||
mbedtls_sha256_starts( &ctx->accumulator, 0 );
|
||||
mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
mbedtls_sha256_free( &ctx->accumulator );
|
||||
mbedtls_sha256_init( &ctx->accumulator );
|
||||
if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
|
||||
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
/*
|
||||
* Perform second SHA-256 on entropy
|
||||
*/
|
||||
mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
|
||||
if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||
buf, 0 ) ) != 0 )
|
||||
goto exit;
|
||||
#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
|
||||
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
|
@ -370,6 +433,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
|
@ -382,7 +447,7 @@ exit:
|
|||
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
|
||||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
|
||||
/* Read new seed and write it to NV */
|
||||
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
|
@ -393,9 +458,9 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
|||
|
||||
/* Manually update the remaining stream with a separator value to diverge */
|
||||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
|
@ -421,12 +486,15 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
|
||||
|
@ -442,14 +510,16 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
|
|||
n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
}
|
||||
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
else
|
||||
ret = mbedtls_entropy_update_manual( ctx, buf, n );
|
||||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_entropy_update_manual( ctx, buf, n );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_entropy_write_seed_file( ctx, path ) );
|
||||
}
|
||||
|
|
|
@ -45,6 +45,10 @@
|
|||
#include "mbedtls/aes.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
#include "mbedtls/arc4.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BASE64_C)
|
||||
#include "mbedtls/base64.h"
|
||||
#endif
|
||||
|
@ -69,6 +73,10 @@
|
|||
#include "mbedtls/cipher.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
#include "mbedtls/cmac.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#endif
|
||||
|
@ -101,6 +109,18 @@
|
|||
#include "mbedtls/md.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
#include "mbedtls/md2.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
#include "mbedtls/md4.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "mbedtls/md5.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_NET_C)
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#endif
|
||||
|
@ -129,10 +149,26 @@
|
|||
#include "mbedtls/pkcs5.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "mbedtls/rsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#include "mbedtls/sha1.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#include "mbedtls/sha256.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#include "mbedtls/sha512.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
#include "mbedtls/ssl.h"
|
||||
#endif
|
||||
|
@ -174,7 +210,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" );
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) )
|
||||
|
@ -184,12 +220,14 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid. For example, because it was freed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters to function" );
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) )
|
||||
|
@ -205,7 +243,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" );
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Read or write of file failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "DHM - Setting the modulus and generator failed" );
|
||||
#endif /* MBEDTLS_DHM_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
|
@ -225,6 +267,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
|
@ -236,6 +280,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" );
|
||||
if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) )
|
||||
mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
|
||||
|
@ -288,6 +334,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
|
||||
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
|
||||
if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
|
@ -320,7 +368,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the library's validity check" );
|
||||
mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the validity check of the library" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) )
|
||||
|
@ -331,6 +379,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );
|
||||
if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
|
@ -518,8 +570,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ARC4_C */
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
|
||||
|
@ -566,6 +627,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#if defined(MBEDTLS_BLOWFISH_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
|
||||
#endif /* MBEDTLS_BLOWFISH_C */
|
||||
|
@ -575,29 +638,40 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) )
|
||||
mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" );
|
||||
mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) )
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - The requested random buffer length is too big" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) )
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - The input (entropy + additional data) is too large" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) )
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
|
||||
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read or write error in file" );
|
||||
#endif /* MBEDTLS_CTR_DRBG_C */
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C)
|
||||
|
@ -616,6 +690,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#if defined(MBEDTLS_GCM_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) )
|
||||
mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" );
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
@ -631,6 +707,21 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
|
||||
#endif /* MBEDTLS_HMAC_DRBG_C */
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_MD2_C */
|
||||
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_MD4_C */
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_MD5_C */
|
||||
|
||||
#if defined(MBEDTLS_NET_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" );
|
||||
|
@ -668,6 +759,26 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
|
||||
#endif /* MBEDTLS_PADLOCK_C */
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_RIPEMD160_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
|
||||
|
@ -680,6 +791,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#if defined(MBEDTLS_XTEA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_XTEA_C */
|
||||
// END generated code
|
||||
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
#include "mbedtls/aes.h"
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
|
@ -54,6 +55,8 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -508,6 +511,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
|
|||
mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/*
|
||||
* AES-GCM test vectors from:
|
||||
|
@ -744,34 +749,48 @@ int mbedtls_gcm_self_test( int verbose )
|
|||
int i, j, ret;
|
||||
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
|
||||
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
for( j = 0; j < 3; j++ )
|
||||
{
|
||||
int key_len = 128 + 64 * j;
|
||||
|
||||
for( i = 0; i < MAX_TESTS; i++ )
|
||||
{
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
|
||||
key_len, i, "enc" );
|
||||
key_len, i, "enc" );
|
||||
|
||||
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
|
||||
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
|
||||
key_len );
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
break;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
|
||||
pt_len[i],
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i],
|
||||
pt[pt_index[i]], buf, 16, tag_buf );
|
||||
pt_len[i],
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i],
|
||||
pt[pt_index[i]], buf, 16, tag_buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_gcm_free( &ctx );
|
||||
|
@ -779,26 +798,31 @@ int mbedtls_gcm_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
|
||||
key_len, i, "dec" );
|
||||
key_len, i, "dec" );
|
||||
|
||||
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
|
||||
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
|
||||
key_len );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
|
||||
pt_len[i],
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i],
|
||||
ct[j * 6 + i], buf, 16, tag_buf );
|
||||
pt_len[i],
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i],
|
||||
ct[j * 6 + i], buf, 16, tag_buf );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_gcm_free( &ctx );
|
||||
|
@ -806,66 +830,51 @@ int mbedtls_gcm_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
|
||||
key_len, i, "enc" );
|
||||
key_len, i, "enc" );
|
||||
|
||||
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
|
||||
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
|
||||
key_len );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i] );
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i] );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
if( pt_len[i] > 32 )
|
||||
{
|
||||
size_t rest_len = pt_len[i] - 32;
|
||||
ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
|
||||
buf + 32 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
|
||||
if( ret != 0 ||
|
||||
memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_gcm_free( &ctx );
|
||||
|
@ -873,80 +882,75 @@ int mbedtls_gcm_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
mbedtls_gcm_init( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
|
||||
key_len, i, "dec" );
|
||||
key_len, i, "dec" );
|
||||
|
||||
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
|
||||
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
|
||||
key_len );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
|
||||
iv[iv_index[i]], iv_len[i],
|
||||
additional[add_index[i]], add_len[i] );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
if( pt_len[i] > 32 )
|
||||
{
|
||||
size_t rest_len = pt_len[i] - 32;
|
||||
ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
|
||||
buf + 32 );
|
||||
buf + 32 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
|
||||
ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
|
||||
buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
|
||||
if( ret != 0 ||
|
||||
memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_gcm_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
mbedtls_gcm_free( &ctx );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
|
|
@ -364,11 +364,14 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
|
|||
|
||||
exit:
|
||||
fclose( f );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
|
||||
|
@ -387,14 +390,16 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
|
|||
}
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
|
||||
else
|
||||
mbedtls_hmac_drbg_update( ctx, buf, n );
|
||||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_hmac_drbg_update( ctx, buf, n );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
|
|
|
@ -250,9 +250,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
|
|||
if( ctx == NULL || ctx->md_info == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->starts_func( ctx->md_ctx );
|
||||
|
||||
return( 0 );
|
||||
return( ctx->md_info->starts_func( ctx->md_ctx ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
|
||||
|
@ -260,9 +258,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
|
|||
if( ctx == NULL || ctx->md_info == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->update_func( ctx->md_ctx, input, ilen );
|
||||
|
||||
return( 0 );
|
||||
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
||||
|
@ -270,9 +266,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
|||
if( ctx == NULL || ctx->md_info == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->finish_func( ctx->md_ctx, output );
|
||||
|
||||
return( 0 );
|
||||
return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
|
||||
}
|
||||
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
|
@ -281,9 +275,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
|
|||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
md_info->digest_func( input, ilen, output );
|
||||
|
||||
return( 0 );
|
||||
return( md_info->digest_func( input, ilen, output ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
|
@ -306,20 +298,20 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
|
|||
if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
md_info->starts_func( ctx.md_ctx );
|
||||
if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
md_info->update_func( ctx.md_ctx, buf, n );
|
||||
if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
md_info->finish_func( ctx.md_ctx, output );
|
||||
else
|
||||
ret = md_info->finish_func( ctx.md_ctx, output );
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
mbedtls_md_free( &ctx );
|
||||
|
||||
|
@ -329,6 +321,7 @@ cleanup:
|
|||
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char *ipad, *opad;
|
||||
size_t i;
|
||||
|
@ -338,9 +331,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
|
||||
if( keylen > (size_t) ctx->md_info->block_size )
|
||||
{
|
||||
ctx->md_info->starts_func( ctx->md_ctx );
|
||||
ctx->md_info->update_func( ctx->md_ctx, key, keylen );
|
||||
ctx->md_info->finish_func( ctx->md_ctx, sum );
|
||||
if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
keylen = ctx->md_info->size;
|
||||
key = sum;
|
||||
|
@ -358,12 +354,16 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
opad[i] = (unsigned char)( opad[i] ^ key[i] );
|
||||
}
|
||||
|
||||
if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad,
|
||||
ctx->md_info->block_size ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( sum, sizeof( sum ) );
|
||||
|
||||
ctx->md_info->starts_func( ctx->md_ctx );
|
||||
ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
|
||||
|
@ -371,13 +371,12 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
|
|||
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->update_func( ctx->md_ctx, input, ilen );
|
||||
|
||||
return( 0 );
|
||||
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
||||
{
|
||||
int ret;
|
||||
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char *opad;
|
||||
|
||||
|
@ -386,17 +385,22 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
|||
|
||||
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
|
||||
|
||||
ctx->md_info->finish_func( ctx->md_ctx, tmp );
|
||||
ctx->md_info->starts_func( ctx->md_ctx );
|
||||
ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size );
|
||||
ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size );
|
||||
ctx->md_info->finish_func( ctx->md_ctx, output );
|
||||
|
||||
return( 0 );
|
||||
if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 )
|
||||
return( ret );
|
||||
if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
|
||||
return( ret );
|
||||
if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad,
|
||||
ctx->md_info->block_size ) ) != 0 )
|
||||
return( ret );
|
||||
if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp,
|
||||
ctx->md_info->size ) ) != 0 )
|
||||
return( ret );
|
||||
return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *ipad;
|
||||
|
||||
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
|
||||
|
@ -404,15 +408,16 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
|
|||
|
||||
ipad = (unsigned char *) ctx->hmac_ctx;
|
||||
|
||||
ctx->md_info->starts_func( ctx->md_ctx );
|
||||
ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
|
||||
|
||||
return( 0 );
|
||||
if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
|
||||
return( ret );
|
||||
return( ctx->md_info->update_func( ctx->md_ctx, ipad,
|
||||
ctx->md_info->block_size ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
|
||||
const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
{
|
||||
mbedtls_md_context_t ctx;
|
||||
int ret;
|
||||
|
@ -423,15 +428,19 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key,
|
|||
mbedtls_md_init( &ctx );
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
|
||||
return( ret );
|
||||
goto cleanup;
|
||||
|
||||
mbedtls_md_hmac_starts( &ctx, key, keylen );
|
||||
mbedtls_md_hmac_update( &ctx, input, ilen );
|
||||
mbedtls_md_hmac_finish( &ctx, output );
|
||||
if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
mbedtls_md_free( &ctx );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
|
||||
|
@ -439,9 +448,7 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
|
|||
if( ctx == NULL || ctx->md_info == NULL )
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->process_func( ctx->md_ctx, data );
|
||||
|
||||
return( 0 );
|
||||
return( ctx->md_info->process_func( ctx->md_ctx, data ) );
|
||||
}
|
||||
|
||||
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
|
||||
|
|
|
@ -105,16 +105,18 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
|||
/*
|
||||
* MD2 context setup
|
||||
*/
|
||||
void mbedtls_md2_starts( mbedtls_md2_context *ctx )
|
||||
int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
|
||||
{
|
||||
memset( ctx->cksum, 0, 16 );
|
||||
memset( ctx->state, 0, 46 );
|
||||
memset( ctx->buffer, 0, 16 );
|
||||
ctx->left = 0;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD2_PROCESS_ALT)
|
||||
void mbedtls_md2_process( mbedtls_md2_context *ctx )
|
||||
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
|
||||
{
|
||||
int i, j;
|
||||
unsigned char t = 0;
|
||||
|
@ -146,14 +148,19 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx )
|
|||
( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
|
||||
t = ctx->cksum[i];
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_MD2_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
* MD2 process buffer
|
||||
*/
|
||||
void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen )
|
||||
int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
|
||||
while( ilen > 0 )
|
||||
|
@ -172,16 +179,21 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s
|
|||
if( ctx->left == 16 )
|
||||
{
|
||||
ctx->left = 0;
|
||||
mbedtls_md2_process( ctx );
|
||||
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* MD2 final digest
|
||||
*/
|
||||
void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] )
|
||||
int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
size_t i;
|
||||
unsigned char x;
|
||||
|
||||
|
@ -190,12 +202,16 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] )
|
|||
for( i = ctx->left; i < 16; i++ )
|
||||
ctx->buffer[i] = x;
|
||||
|
||||
mbedtls_md2_process( ctx );
|
||||
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
memcpy( ctx->buffer, ctx->cksum, 16 );
|
||||
mbedtls_md2_process( ctx );
|
||||
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
memcpy( output, ctx->state, 16 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_MD2_ALT */
|
||||
|
@ -203,15 +219,28 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] )
|
|||
/*
|
||||
* output = MD2( input buffer )
|
||||
*/
|
||||
void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
||||
int mbedtls_md2_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_md2_context ctx;
|
||||
|
||||
mbedtls_md2_init( &ctx );
|
||||
mbedtls_md2_starts( &ctx );
|
||||
mbedtls_md2_update( &ctx, input, ilen );
|
||||
mbedtls_md2_finish( &ctx, output );
|
||||
|
||||
if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_md2_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
@ -219,7 +248,7 @@ void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[
|
|||
/*
|
||||
* RFC 1319 test vectors
|
||||
*/
|
||||
static const char md2_test_str[7][81] =
|
||||
static const unsigned char md2_test_str[7][81] =
|
||||
{
|
||||
{ "" },
|
||||
{ "a" },
|
||||
|
@ -227,10 +256,15 @@ static const char md2_test_str[7][81] =
|
|||
{ "message digest" },
|
||||
{ "abcdefghijklmnopqrstuvwxyz" },
|
||||
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012" \
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012"
|
||||
"345678901234567890" }
|
||||
};
|
||||
|
||||
static const size_t md2_test_strlen[7] =
|
||||
{
|
||||
0, 1, 3, 14, 26, 62, 80
|
||||
};
|
||||
|
||||
static const unsigned char md2_test_sum[7][16] =
|
||||
{
|
||||
{ 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
|
||||
|
@ -254,7 +288,7 @@ static const unsigned char md2_test_sum[7][16] =
|
|||
*/
|
||||
int mbedtls_md2_self_test( int verbose )
|
||||
{
|
||||
int i;
|
||||
int i, ret = 0;
|
||||
unsigned char md2sum[16];
|
||||
|
||||
for( i = 0; i < 7; i++ )
|
||||
|
@ -262,15 +296,14 @@ int mbedtls_md2_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " MD2 test #%d: ", i + 1 );
|
||||
|
||||
mbedtls_md2( (unsigned char *) md2_test_str[i],
|
||||
strlen( md2_test_str[i] ), md2sum );
|
||||
ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
|
||||
if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -281,6 +314,12 @@ int mbedtls_md2_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
|
||||
fail:
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -98,7 +98,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
|||
/*
|
||||
* MD4 context setup
|
||||
*/
|
||||
void mbedtls_md4_starts( mbedtls_md4_context *ctx )
|
||||
int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
|
||||
{
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
@ -107,10 +107,13 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx )
|
|||
ctx->state[1] = 0xEFCDAB89;
|
||||
ctx->state[2] = 0x98BADCFE;
|
||||
ctx->state[3] = 0x10325476;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD4_PROCESS_ALT)
|
||||
void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] )
|
||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
uint32_t X[16], A, B, C, D;
|
||||
|
||||
|
@ -211,19 +214,24 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64]
|
|||
ctx->state[1] += B;
|
||||
ctx->state[2] += C;
|
||||
ctx->state[3] += D;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_MD4_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
* MD4 process buffer
|
||||
*/
|
||||
void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen )
|
||||
int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
if( ilen == 0 )
|
||||
return;
|
||||
return( 0 );
|
||||
|
||||
left = ctx->total[0] & 0x3F;
|
||||
fill = 64 - left;
|
||||
|
@ -238,7 +246,10 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s
|
|||
{
|
||||
memcpy( (void *) (ctx->buffer + left),
|
||||
(void *) input, fill );
|
||||
mbedtls_md4_process( ctx, ctx->buffer );
|
||||
|
||||
if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
|
@ -246,7 +257,9 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s
|
|||
|
||||
while( ilen >= 64 )
|
||||
{
|
||||
mbedtls_md4_process( ctx, input );
|
||||
if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += 64;
|
||||
ilen -= 64;
|
||||
}
|
||||
|
@ -256,6 +269,8 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s
|
|||
memcpy( (void *) (ctx->buffer + left),
|
||||
(void *) input, ilen );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static const unsigned char md4_padding[64] =
|
||||
|
@ -269,8 +284,10 @@ static const unsigned char md4_padding[64] =
|
|||
/*
|
||||
* MD4 final digest
|
||||
*/
|
||||
void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] )
|
||||
int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
uint32_t last, padn;
|
||||
uint32_t high, low;
|
||||
unsigned char msglen[8];
|
||||
|
@ -285,13 +302,20 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] )
|
|||
last = ctx->total[0] & 0x3F;
|
||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||
|
||||
mbedtls_md4_update( ctx, (unsigned char *) md4_padding, padn );
|
||||
mbedtls_md4_update( ctx, msglen, 8 );
|
||||
ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_MD4_ALT */
|
||||
|
@ -299,15 +323,28 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] )
|
|||
/*
|
||||
* output = MD4( input buffer )
|
||||
*/
|
||||
void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
||||
int mbedtls_md4_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_md4_context ctx;
|
||||
|
||||
mbedtls_md4_init( &ctx );
|
||||
mbedtls_md4_starts( &ctx );
|
||||
mbedtls_md4_update( &ctx, input, ilen );
|
||||
mbedtls_md4_finish( &ctx, output );
|
||||
|
||||
if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_md4_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
@ -315,7 +352,7 @@ void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[
|
|||
/*
|
||||
* RFC 1320 test vectors
|
||||
*/
|
||||
static const char md4_test_str[7][81] =
|
||||
static const unsigned char md4_test_str[7][81] =
|
||||
{
|
||||
{ "" },
|
||||
{ "a" },
|
||||
|
@ -323,10 +360,15 @@ static const char md4_test_str[7][81] =
|
|||
{ "message digest" },
|
||||
{ "abcdefghijklmnopqrstuvwxyz" },
|
||||
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012" \
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012"
|
||||
"345678901234567890" }
|
||||
};
|
||||
|
||||
static const size_t md4_test_strlen[7] =
|
||||
{
|
||||
0, 1, 3, 14, 26, 62, 80
|
||||
};
|
||||
|
||||
static const unsigned char md4_test_sum[7][16] =
|
||||
{
|
||||
{ 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
|
||||
|
@ -350,7 +392,7 @@ static const unsigned char md4_test_sum[7][16] =
|
|||
*/
|
||||
int mbedtls_md4_self_test( int verbose )
|
||||
{
|
||||
int i;
|
||||
int i, ret = 0;
|
||||
unsigned char md4sum[16];
|
||||
|
||||
for( i = 0; i < 7; i++ )
|
||||
|
@ -358,15 +400,14 @@ int mbedtls_md4_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " MD4 test #%d: ", i + 1 );
|
||||
|
||||
mbedtls_md4( (unsigned char *) md4_test_str[i],
|
||||
strlen( md4_test_str[i] ), md4sum );
|
||||
ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
|
||||
if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -377,6 +418,12 @@ int mbedtls_md4_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
|
||||
fail:
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -97,7 +97,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
|||
/*
|
||||
* MD5 context setup
|
||||
*/
|
||||
void mbedtls_md5_starts( mbedtls_md5_context *ctx )
|
||||
int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
|
||||
{
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
@ -106,10 +106,13 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx )
|
|||
ctx->state[1] = 0xEFCDAB89;
|
||||
ctx->state[2] = 0x98BADCFE;
|
||||
ctx->state[3] = 0x10325476;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
|
||||
void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
|
||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
uint32_t X[16], A, B, C, D;
|
||||
|
||||
|
@ -230,19 +233,24 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64]
|
|||
ctx->state[1] += B;
|
||||
ctx->state[2] += C;
|
||||
ctx->state[3] += D;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
* MD5 process buffer
|
||||
*/
|
||||
void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
|
||||
int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
if( ilen == 0 )
|
||||
return;
|
||||
return( 0 );
|
||||
|
||||
left = ctx->total[0] & 0x3F;
|
||||
fill = 64 - left;
|
||||
|
@ -256,7 +264,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s
|
|||
if( left && ilen >= fill )
|
||||
{
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
mbedtls_md5_process( ctx, ctx->buffer );
|
||||
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
|
@ -264,7 +274,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s
|
|||
|
||||
while( ilen >= 64 )
|
||||
{
|
||||
mbedtls_md5_process( ctx, input );
|
||||
if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += 64;
|
||||
ilen -= 64;
|
||||
}
|
||||
|
@ -273,6 +285,8 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s
|
|||
{
|
||||
memcpy( (void *) (ctx->buffer + left), input, ilen );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static const unsigned char md5_padding[64] =
|
||||
|
@ -286,8 +300,10 @@ static const unsigned char md5_padding[64] =
|
|||
/*
|
||||
* MD5 final digest
|
||||
*/
|
||||
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
|
||||
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
uint32_t last, padn;
|
||||
uint32_t high, low;
|
||||
unsigned char msglen[8];
|
||||
|
@ -302,13 +318,18 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
|
|||
last = ctx->total[0] & 0x3F;
|
||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||
|
||||
mbedtls_md5_update( ctx, md5_padding, padn );
|
||||
mbedtls_md5_update( ctx, msglen, 8 );
|
||||
if( ( ret = mbedtls_md5_update_ret( ctx, md5_padding, padn ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_md5_update_ret( ctx, msglen, 8 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_MD5_ALT */
|
||||
|
@ -316,15 +337,28 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
|
|||
/*
|
||||
* output = MD5( input buffer )
|
||||
*/
|
||||
void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
||||
int mbedtls_md5_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_md5_context ctx;
|
||||
|
||||
mbedtls_md5_init( &ctx );
|
||||
mbedtls_md5_starts( &ctx );
|
||||
mbedtls_md5_update( &ctx, input, ilen );
|
||||
mbedtls_md5_finish( &ctx, output );
|
||||
|
||||
if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_md5_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
@ -339,11 +373,11 @@ static const unsigned char md5_test_buf[7][81] =
|
|||
{ "message digest" },
|
||||
{ "abcdefghijklmnopqrstuvwxyz" },
|
||||
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012" \
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012"
|
||||
"345678901234567890" }
|
||||
};
|
||||
|
||||
static const int md5_test_buflen[7] =
|
||||
static const size_t md5_test_buflen[7] =
|
||||
{
|
||||
0, 1, 3, 14, 26, 62, 80
|
||||
};
|
||||
|
@ -371,7 +405,7 @@ static const unsigned char md5_test_sum[7][16] =
|
|||
*/
|
||||
int mbedtls_md5_self_test( int verbose )
|
||||
{
|
||||
int i;
|
||||
int i, ret = 0;
|
||||
unsigned char md5sum[16];
|
||||
|
||||
for( i = 0; i < 7; i++ )
|
||||
|
@ -379,14 +413,14 @@ int mbedtls_md5_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " MD5 test #%d: ", i + 1 );
|
||||
|
||||
mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
|
||||
ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
|
||||
if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -397,6 +431,12 @@ int mbedtls_md5_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
|
||||
fail:
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -71,20 +71,20 @@
|
|||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
|
||||
static void md2_starts_wrap( void *ctx )
|
||||
static int md2_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_md2_starts( (mbedtls_md2_context *) ctx );
|
||||
return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) );
|
||||
}
|
||||
|
||||
static void md2_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int md2_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen );
|
||||
return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) );
|
||||
}
|
||||
|
||||
static void md2_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int md2_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output );
|
||||
return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) );
|
||||
}
|
||||
|
||||
static void *md2_ctx_alloc( void )
|
||||
|
@ -109,11 +109,11 @@ static void md2_clone_wrap( void *dst, const void *src )
|
|||
(const mbedtls_md2_context *) src );
|
||||
}
|
||||
|
||||
static void md2_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int md2_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
((void) data);
|
||||
|
||||
mbedtls_md2_process( (mbedtls_md2_context *) ctx );
|
||||
return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_md2_info = {
|
||||
|
@ -124,7 +124,7 @@ const mbedtls_md_info_t mbedtls_md2_info = {
|
|||
md2_starts_wrap,
|
||||
md2_update_wrap,
|
||||
md2_finish_wrap,
|
||||
mbedtls_md2,
|
||||
mbedtls_md2_ret,
|
||||
md2_ctx_alloc,
|
||||
md2_ctx_free,
|
||||
md2_clone_wrap,
|
||||
|
@ -135,20 +135,20 @@ const mbedtls_md_info_t mbedtls_md2_info = {
|
|||
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
|
||||
static void md4_starts_wrap( void *ctx )
|
||||
static int md4_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_md4_starts( (mbedtls_md4_context *) ctx );
|
||||
return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) );
|
||||
}
|
||||
|
||||
static void md4_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int md4_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen );
|
||||
return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) );
|
||||
}
|
||||
|
||||
static void md4_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int md4_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output );
|
||||
return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) );
|
||||
}
|
||||
|
||||
static void *md4_ctx_alloc( void )
|
||||
|
@ -170,12 +170,12 @@ static void md4_ctx_free( void *ctx )
|
|||
static void md4_clone_wrap( void *dst, const void *src )
|
||||
{
|
||||
mbedtls_md4_clone( (mbedtls_md4_context *) dst,
|
||||
(const mbedtls_md4_context *) src );
|
||||
(const mbedtls_md4_context *) src );
|
||||
}
|
||||
|
||||
static void md4_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int md4_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_md4_process( (mbedtls_md4_context *) ctx, data );
|
||||
return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_md4_info = {
|
||||
|
@ -186,7 +186,7 @@ const mbedtls_md_info_t mbedtls_md4_info = {
|
|||
md4_starts_wrap,
|
||||
md4_update_wrap,
|
||||
md4_finish_wrap,
|
||||
mbedtls_md4,
|
||||
mbedtls_md4_ret,
|
||||
md4_ctx_alloc,
|
||||
md4_ctx_free,
|
||||
md4_clone_wrap,
|
||||
|
@ -197,20 +197,20 @@ const mbedtls_md_info_t mbedtls_md4_info = {
|
|||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
|
||||
static void md5_starts_wrap( void *ctx )
|
||||
static int md5_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_md5_starts( (mbedtls_md5_context *) ctx );
|
||||
return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) );
|
||||
}
|
||||
|
||||
static void md5_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int md5_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen );
|
||||
return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) );
|
||||
}
|
||||
|
||||
static void md5_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int md5_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output );
|
||||
return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) );
|
||||
}
|
||||
|
||||
static void *md5_ctx_alloc( void )
|
||||
|
@ -232,12 +232,12 @@ static void md5_ctx_free( void *ctx )
|
|||
static void md5_clone_wrap( void *dst, const void *src )
|
||||
{
|
||||
mbedtls_md5_clone( (mbedtls_md5_context *) dst,
|
||||
(const mbedtls_md5_context *) src );
|
||||
(const mbedtls_md5_context *) src );
|
||||
}
|
||||
|
||||
static void md5_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int md5_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_md5_process( (mbedtls_md5_context *) ctx, data );
|
||||
return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_md5_info = {
|
||||
|
@ -248,7 +248,7 @@ const mbedtls_md_info_t mbedtls_md5_info = {
|
|||
md5_starts_wrap,
|
||||
md5_update_wrap,
|
||||
md5_finish_wrap,
|
||||
mbedtls_md5,
|
||||
mbedtls_md5_ret,
|
||||
md5_ctx_alloc,
|
||||
md5_ctx_free,
|
||||
md5_clone_wrap,
|
||||
|
@ -259,20 +259,22 @@ const mbedtls_md_info_t mbedtls_md5_info = {
|
|||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
|
||||
static void ripemd160_starts_wrap( void *ctx )
|
||||
static int ripemd160_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx );
|
||||
return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) );
|
||||
}
|
||||
|
||||
static void ripemd160_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int ripemd160_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen );
|
||||
return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx,
|
||||
input, ilen ) );
|
||||
}
|
||||
|
||||
static void ripemd160_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int ripemd160_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output );
|
||||
return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx,
|
||||
output ) );
|
||||
}
|
||||
|
||||
static void *ripemd160_ctx_alloc( void )
|
||||
|
@ -297,9 +299,10 @@ static void ripemd160_clone_wrap( void *dst, const void *src )
|
|||
(const mbedtls_ripemd160_context *) src );
|
||||
}
|
||||
|
||||
static void ripemd160_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int ripemd160_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data );
|
||||
return( mbedtls_internal_ripemd160_process(
|
||||
(mbedtls_ripemd160_context *) ctx, data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_ripemd160_info = {
|
||||
|
@ -310,7 +313,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = {
|
|||
ripemd160_starts_wrap,
|
||||
ripemd160_update_wrap,
|
||||
ripemd160_finish_wrap,
|
||||
mbedtls_ripemd160,
|
||||
mbedtls_ripemd160_ret,
|
||||
ripemd160_ctx_alloc,
|
||||
ripemd160_ctx_free,
|
||||
ripemd160_clone_wrap,
|
||||
|
@ -321,20 +324,21 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = {
|
|||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
|
||||
static void sha1_starts_wrap( void *ctx )
|
||||
static int sha1_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx );
|
||||
return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) );
|
||||
}
|
||||
|
||||
static void sha1_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int sha1_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen );
|
||||
return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx,
|
||||
input, ilen ) );
|
||||
}
|
||||
|
||||
static void sha1_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int sha1_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output );
|
||||
return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) );
|
||||
}
|
||||
|
||||
static void *sha1_ctx_alloc( void )
|
||||
|
@ -359,9 +363,10 @@ static void sha1_ctx_free( void *ctx )
|
|||
mbedtls_free( ctx );
|
||||
}
|
||||
|
||||
static void sha1_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int sha1_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data );
|
||||
return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx,
|
||||
data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_sha1_info = {
|
||||
|
@ -372,7 +377,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = {
|
|||
sha1_starts_wrap,
|
||||
sha1_update_wrap,
|
||||
sha1_finish_wrap,
|
||||
mbedtls_sha1,
|
||||
mbedtls_sha1_ret,
|
||||
sha1_ctx_alloc,
|
||||
sha1_ctx_free,
|
||||
sha1_clone_wrap,
|
||||
|
@ -386,26 +391,28 @@ const mbedtls_md_info_t mbedtls_sha1_info = {
|
|||
*/
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
|
||||
static void sha224_starts_wrap( void *ctx )
|
||||
static int sha224_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 );
|
||||
return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) );
|
||||
}
|
||||
|
||||
static void sha224_update_wrap( void *ctx, const unsigned char *input,
|
||||
static int sha224_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen );
|
||||
return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx,
|
||||
input, ilen ) );
|
||||
}
|
||||
|
||||
static void sha224_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int sha224_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output );
|
||||
return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx,
|
||||
output ) );
|
||||
}
|
||||
|
||||
static void sha224_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
static int sha224_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
{
|
||||
mbedtls_sha256( input, ilen, output, 1 );
|
||||
return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
|
||||
}
|
||||
|
||||
static void *sha224_ctx_alloc( void )
|
||||
|
@ -430,9 +437,10 @@ static void sha224_clone_wrap( void *dst, const void *src )
|
|||
(const mbedtls_sha256_context *) src );
|
||||
}
|
||||
|
||||
static void sha224_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int sha224_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data );
|
||||
return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx,
|
||||
data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_sha224_info = {
|
||||
|
@ -450,15 +458,15 @@ const mbedtls_md_info_t mbedtls_sha224_info = {
|
|||
sha224_process_wrap,
|
||||
};
|
||||
|
||||
static void sha256_starts_wrap( void *ctx )
|
||||
static int sha256_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 );
|
||||
return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) );
|
||||
}
|
||||
|
||||
static void sha256_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
static int sha256_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
{
|
||||
mbedtls_sha256( input, ilen, output, 0 );
|
||||
return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_sha256_info = {
|
||||
|
@ -480,26 +488,28 @@ const mbedtls_md_info_t mbedtls_sha256_info = {
|
|||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
|
||||
static void sha384_starts_wrap( void *ctx )
|
||||
static int sha384_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 );
|
||||
return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) );
|
||||
}
|
||||
|
||||
static void sha384_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
static int sha384_update_wrap( void *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen );
|
||||
return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx,
|
||||
input, ilen ) );
|
||||
}
|
||||
|
||||
static void sha384_finish_wrap( void *ctx, unsigned char *output )
|
||||
static int sha384_finish_wrap( void *ctx, unsigned char *output )
|
||||
{
|
||||
mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output );
|
||||
return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx,
|
||||
output ) );
|
||||
}
|
||||
|
||||
static void sha384_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
static int sha384_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
{
|
||||
mbedtls_sha512( input, ilen, output, 1 );
|
||||
return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
|
||||
}
|
||||
|
||||
static void *sha384_ctx_alloc( void )
|
||||
|
@ -524,9 +534,10 @@ static void sha384_clone_wrap( void *dst, const void *src )
|
|||
(const mbedtls_sha512_context *) src );
|
||||
}
|
||||
|
||||
static void sha384_process_wrap( void *ctx, const unsigned char *data )
|
||||
static int sha384_process_wrap( void *ctx, const unsigned char *data )
|
||||
{
|
||||
mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data );
|
||||
return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx,
|
||||
data ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_sha384_info = {
|
||||
|
@ -544,15 +555,15 @@ const mbedtls_md_info_t mbedtls_sha384_info = {
|
|||
sha384_process_wrap,
|
||||
};
|
||||
|
||||
static void sha512_starts_wrap( void *ctx )
|
||||
static int sha512_starts_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 );
|
||||
return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) );
|
||||
}
|
||||
|
||||
static void sha512_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
static int sha512_wrap( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output )
|
||||
{
|
||||
mbedtls_sha512( input, ilen, output, 0 );
|
||||
return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
|
||||
}
|
||||
|
||||
const mbedtls_md_info_t mbedtls_sha512_info = {
|
||||
|
|
|
@ -82,31 +82,33 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
||||
unsigned char *iv,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_pbkdf1( unsigned char *key, size_t keylen,
|
||||
unsigned char *iv,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
mbedtls_md5_context md5_ctx;
|
||||
unsigned char md5sum[16];
|
||||
size_t use_len;
|
||||
int ret;
|
||||
|
||||
mbedtls_md5_init( &md5_ctx );
|
||||
|
||||
/*
|
||||
* key[ 0..15] = MD5(pwd || IV)
|
||||
*/
|
||||
mbedtls_md5_starts( &md5_ctx );
|
||||
mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
|
||||
mbedtls_md5_update( &md5_ctx, iv, 8 );
|
||||
mbedtls_md5_finish( &md5_ctx, md5sum );
|
||||
if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( keylen <= 16 )
|
||||
{
|
||||
memcpy( key, md5sum, keylen );
|
||||
|
||||
mbedtls_md5_free( &md5_ctx );
|
||||
mbedtls_zeroize( md5sum, 16 );
|
||||
return;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
memcpy( key, md5sum, 16 );
|
||||
|
@ -114,11 +116,16 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
/*
|
||||
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
|
||||
*/
|
||||
mbedtls_md5_starts( &md5_ctx );
|
||||
mbedtls_md5_update( &md5_ctx, md5sum, 16 );
|
||||
mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
|
||||
mbedtls_md5_update( &md5_ctx, iv, 8 );
|
||||
mbedtls_md5_finish( &md5_ctx, md5sum );
|
||||
if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
use_len = 16;
|
||||
if( keylen < 32 )
|
||||
|
@ -126,53 +133,68 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
|
||||
memcpy( key + 16, md5sum, use_len );
|
||||
|
||||
exit:
|
||||
mbedtls_md5_free( &md5_ctx );
|
||||
mbedtls_zeroize( md5sum, 16 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
/*
|
||||
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des_decrypt( unsigned char des_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_des_decrypt( unsigned char des_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
mbedtls_des_context des_ctx;
|
||||
unsigned char des_key[8];
|
||||
int ret;
|
||||
|
||||
mbedtls_des_init( &des_ctx );
|
||||
|
||||
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
||||
if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_des_setkey_dec( &des_ctx, des_key );
|
||||
mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||
if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||
des_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
mbedtls_des_free( &des_ctx );
|
||||
mbedtls_zeroize( des_key, 8 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
mbedtls_des3_context des3_ctx;
|
||||
unsigned char des3_key[24];
|
||||
int ret;
|
||||
|
||||
mbedtls_des3_init( &des3_ctx );
|
||||
|
||||
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
||||
if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
|
||||
mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||
if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
mbedtls_des3_free( &des3_ctx );
|
||||
mbedtls_zeroize( des3_key, 24 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
|
||||
|
@ -180,23 +202,29 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
|
|||
/*
|
||||
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
mbedtls_aes_context aes_ctx;
|
||||
unsigned char aes_key[32];
|
||||
int ret;
|
||||
|
||||
mbedtls_aes_init( &aes_ctx );
|
||||
|
||||
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
||||
if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
|
||||
mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
|
||||
if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
|
||||
aes_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
mbedtls_aes_free( &aes_ctx );
|
||||
mbedtls_zeroize( aes_key, keylen );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -331,6 +359,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
|
||||
}
|
||||
|
@ -341,26 +370,35 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
|
||||
if( pwd == NULL )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
|
||||
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
|
||||
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
|
||||
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
|
||||
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
|
||||
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_free( buf );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
||||
* length bytes (allow 4 to be sure) in all known use cases.
|
||||
|
@ -369,10 +407,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
*/
|
||||
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
|
||||
}
|
||||
#else
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
|
||||
|
@ -387,6 +427,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
||||
{
|
||||
if( ctx->buf != NULL )
|
||||
mbedtls_zeroize( ctx->buf, ctx->buflen );
|
||||
mbedtls_free( ctx->buf );
|
||||
mbedtls_free( ctx->info );
|
||||
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/pk_internal.h"
|
||||
|
||||
#include "mbedtls/bignum.h"
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "mbedtls/rsa.h"
|
||||
#endif
|
||||
|
@ -42,6 +40,7 @@
|
|||
#endif
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
|
@ -213,10 +212,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
int ret;
|
||||
const mbedtls_pk_rsassa_pss_options *pss_opts;
|
||||
|
||||
#if defined(MBEDTLS_HAVE_INT64)
|
||||
#if SIZE_MAX > UINT_MAX
|
||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_HAVE_INT64 */
|
||||
#endif /* SIZE_MAX > UINT_MAX */
|
||||
|
||||
if( options == NULL )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
|
|
@ -30,7 +30,6 @@
|
|||
|
||||
/* Even if RSA not activated, for the sake of RSA-alt */
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -51,6 +50,7 @@
|
|||
#endif
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
|
@ -68,7 +68,8 @@ static int rsa_can_do( mbedtls_pk_type_t type )
|
|||
|
||||
static size_t rsa_get_bitlen( const void *ctx )
|
||||
{
|
||||
return( 8 * ((const mbedtls_rsa_context *) ctx)->len );
|
||||
const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
|
||||
return( 8 * mbedtls_rsa_get_len( rsa ) );
|
||||
}
|
||||
|
||||
static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
|
@ -76,21 +77,23 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||
size_t rsa_len = mbedtls_rsa_get_len( rsa );
|
||||
|
||||
#if defined(MBEDTLS_HAVE_INT64)
|
||||
#if SIZE_MAX > UINT_MAX
|
||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_HAVE_INT64 */
|
||||
#endif /* SIZE_MAX > UINT_MAX */
|
||||
|
||||
if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
|
||||
if( sig_len < rsa_len )
|
||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL,
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
|
||||
MBEDTLS_RSA_PUBLIC, md_alg,
|
||||
(unsigned int) hash_len, hash, sig ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( sig_len > ((mbedtls_rsa_context *) ctx)->len )
|
||||
if( sig_len > rsa_len )
|
||||
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
||||
|
||||
return( 0 );
|
||||
|
@ -101,14 +104,16 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_INT64)
|
||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||
|
||||
#if SIZE_MAX > UINT_MAX
|
||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_HAVE_INT64 */
|
||||
#endif /* SIZE_MAX > UINT_MAX */
|
||||
|
||||
*sig_len = ((mbedtls_rsa_context *) ctx)->len;
|
||||
*sig_len = mbedtls_rsa_get_len( rsa );
|
||||
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
||||
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
||||
md_alg, (unsigned int) hash_len, hash, sig ) );
|
||||
}
|
||||
|
||||
|
@ -117,10 +122,12 @@ static int rsa_decrypt_wrap( void *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ilen != ((mbedtls_rsa_context *) ctx)->len )
|
||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||
|
||||
if( ilen != mbedtls_rsa_get_len( rsa ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
|
||||
return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
|
||||
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
|
||||
}
|
||||
|
||||
|
@ -129,13 +136,14 @@ static int rsa_encrypt_wrap( void *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
*olen = ((mbedtls_rsa_context *) ctx)->len;
|
||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||
*olen = mbedtls_rsa_get_len( rsa );
|
||||
|
||||
if( *olen > osize )
|
||||
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
|
||||
return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx,
|
||||
f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) );
|
||||
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
|
||||
ilen, input, output ) );
|
||||
}
|
||||
|
||||
static int rsa_check_pair_wrap( const void *pub, const void *prv )
|
||||
|
@ -415,10 +423,10 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
{
|
||||
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
|
||||
|
||||
#if defined(MBEDTLS_HAVE_INT64)
|
||||
#if SIZE_MAX > UINT_MAX
|
||||
if( UINT_MAX < hash_len )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_HAVE_INT64 */
|
||||
#endif /* SIZE_MAX > UINT_MAX */
|
||||
|
||||
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
|
||||
|
||||
|
|
|
@ -60,12 +60,15 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if defined(MBEDTLS_FS_IO) || \
|
||||
defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*
|
||||
|
@ -101,7 +104,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
|||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( *buf, *n );
|
||||
mbedtls_free( *buf );
|
||||
|
||||
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
|
@ -520,19 +526,36 @@ static int pk_get_rsapubkey( unsigned char **p,
|
|||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
|
||||
/* Import N */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
||||
|
||||
if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
||||
|
||||
*p += len;
|
||||
|
||||
/* Import E */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
||||
|
||||
if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
||||
NULL, 0, *p, len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
||||
|
||||
*p += len;
|
||||
|
||||
if( mbedtls_rsa_complete( rsa ) != 0 ||
|
||||
mbedtls_rsa_check_pubkey( rsa ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
||||
}
|
||||
|
||||
if( *p != end )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
||||
|
||||
rsa->len = mbedtls_mpi_size( &rsa->N );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
@ -643,10 +666,13 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||
const unsigned char *key,
|
||||
size_t keylen )
|
||||
{
|
||||
int ret;
|
||||
int ret, version;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
|
||||
mbedtls_mpi T;
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
p = (unsigned char *) key;
|
||||
end = p + keylen;
|
||||
|
||||
|
@ -674,45 +700,88 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||
|
||||
end = p + len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
||||
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
|
||||
if( rsa->ver != 0 )
|
||||
if( version != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
||||
{
|
||||
mbedtls_rsa_free( rsa );
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
/* Import N */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
rsa->len = mbedtls_mpi_size( &rsa->N );
|
||||
/* Import E */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
||||
NULL, 0, p, len ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import D */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
||||
p, len, NULL, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import P */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Import Q */
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
||||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
|
||||
NULL, 0, NULL, 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
p += len;
|
||||
|
||||
/* Complete the RSA private key */
|
||||
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Check optional parameters */
|
||||
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
mbedtls_rsa_free( rsa );
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
|
||||
cleanup:
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
/* Wrap error code if it's coming from a lower level */
|
||||
if( ( ret & 0xff80 ) == 0 )
|
||||
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
|
||||
else
|
||||
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
|
||||
|
||||
mbedtls_rsa_free( rsa );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
|
@ -844,6 +913,16 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
|||
|
||||
/*
|
||||
* Parse an unencrypted PKCS#8 encoded private key
|
||||
*
|
||||
* Notes:
|
||||
*
|
||||
* - This function does not own the key buffer. It is the
|
||||
* responsibility of the caller to take care of zeroizing
|
||||
* and freeing it after use.
|
||||
*
|
||||
* - The function is responsible for freeing the provided
|
||||
* PK context on failure.
|
||||
*
|
||||
*/
|
||||
static int pk_parse_key_pkcs8_unencrypted_der(
|
||||
mbedtls_pk_context *pk,
|
||||
|
@ -859,7 +938,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||
const mbedtls_pk_info_t *pk_info;
|
||||
|
||||
/*
|
||||
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
||||
* This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
||||
*
|
||||
* PrivateKeyInfo ::= SEQUENCE {
|
||||
* version Version,
|
||||
|
@ -932,16 +1011,22 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||
|
||||
/*
|
||||
* Parse an encrypted PKCS#8 encoded private key
|
||||
*
|
||||
* To save space, the decryption happens in-place on the given key buffer.
|
||||
* Also, while this function may modify the keybuffer, it doesn't own it,
|
||||
* and instead it is the responsibility of the caller to zeroize and properly
|
||||
* free it after use.
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||
static int pk_parse_key_pkcs8_encrypted_der(
|
||||
mbedtls_pk_context *pk,
|
||||
const unsigned char *key, size_t keylen,
|
||||
unsigned char *key, size_t keylen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
int ret, decrypted = 0;
|
||||
size_t len;
|
||||
unsigned char buf[2048];
|
||||
unsigned char *buf;
|
||||
unsigned char *p, *end;
|
||||
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
|
@ -949,16 +1034,14 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||
mbedtls_md_type_t md_alg;
|
||||
#endif
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
p = (unsigned char *) key;
|
||||
p = key;
|
||||
end = p + keylen;
|
||||
|
||||
if( pwdlen == 0 )
|
||||
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
||||
|
||||
/*
|
||||
* This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
|
||||
* This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
|
||||
*
|
||||
* EncryptedPrivateKeyInfo ::= SEQUENCE {
|
||||
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
||||
|
@ -970,6 +1053,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||
* EncryptedData ::= OCTET STRING
|
||||
*
|
||||
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
||||
*
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
|
@ -985,11 +1069,10 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
|
||||
if( len > sizeof( buf ) )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
buf = p;
|
||||
|
||||
/*
|
||||
* Decrypt EncryptedData with appropriate PDE
|
||||
* Decrypt EncryptedData with appropriate PBE
|
||||
*/
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
||||
|
@ -1081,10 +1164,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
|
||||
if( ret == 0 )
|
||||
{
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
{
|
||||
|
@ -1113,10 +1194,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
key, pwd, pwdlen, &len );
|
||||
if( ret == 0 )
|
||||
{
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
{
|
||||
|
@ -1194,12 +1274,24 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
* error
|
||||
*/
|
||||
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
|
||||
pwd, pwdlen ) ) == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
unsigned char *key_copy;
|
||||
|
||||
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
|
||||
memcpy( key_copy, key, keylen );
|
||||
|
||||
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
|
||||
pwd, pwdlen );
|
||||
|
||||
mbedtls_zeroize( key_copy, keylen );
|
||||
mbedtls_free( key_copy );
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
return( 0 );
|
||||
|
||||
mbedtls_pk_free( pk );
|
||||
|
||||
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
|
||||
|
@ -1214,29 +1306,35 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
mbedtls_pk_free( pk );
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
||||
key, keylen ) ) != 0 )
|
||||
{
|
||||
mbedtls_pk_free( pk );
|
||||
}
|
||||
else
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
mbedtls_pk_free( pk );
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
||||
key, keylen ) ) != 0 )
|
||||
{
|
||||
mbedtls_pk_free( pk );
|
||||
}
|
||||
else
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
mbedtls_pk_free( pk );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
|
|
@ -62,13 +62,31 @@
|
|||
* }
|
||||
*/
|
||||
static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_rsa_context *rsa )
|
||||
mbedtls_rsa_context *rsa )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
mbedtls_mpi T;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->E ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->N ) );
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
/* Export E */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export N */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
end_of_export:
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
|
||||
|
@ -83,7 +101,7 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
|
|||
* EC public key is an EC point
|
||||
*/
|
||||
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_ecp_keypair *ec )
|
||||
mbedtls_ecp_keypair *ec )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
@ -111,7 +129,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
|||
* }
|
||||
*/
|
||||
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
||||
mbedtls_ecp_keypair *ec )
|
||||
mbedtls_ecp_keypair *ec )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
@ -128,7 +146,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
|||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
||||
const mbedtls_pk_context *key )
|
||||
const mbedtls_pk_context *key )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
@ -205,21 +223,79 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
#if defined(MBEDTLS_RSA_C)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
mbedtls_mpi T; /* Temporary holding the exported parameters */
|
||||
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->QP ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DQ ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DP ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->Q ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->P ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->D ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->E ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->N ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
|
||||
/*
|
||||
* Export the parameters one after another to avoid simultaneous copies.
|
||||
*/
|
||||
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
/* Export QP */
|
||||
if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export DQ */
|
||||
if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export DP */
|
||||
if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export Q */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
||||
&T, NULL, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export P */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
|
||||
NULL, NULL, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export D */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
||||
NULL, &T, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export E */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
|
||||
NULL, NULL, &T ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
/* Export N */
|
||||
if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
|
||||
NULL, NULL, NULL ) ) != 0 ||
|
||||
( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
|
||||
goto end_of_export;
|
||||
len += ret;
|
||||
|
||||
end_of_export:
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
|
||||
MBEDTLS_ASN1_SEQUENCE ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
|
||||
buf, MBEDTLS_ASN1_CONSTRUCTED |
|
||||
MBEDTLS_ASN1_SEQUENCE ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
|
|
@ -25,13 +25,26 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
// XXX Espressif are hacks sometimes. This is BS, but is taken from
|
||||
// the mbedtls platform.c from their SDK. Really, this should go
|
||||
// somewhere else. Note that the prototype here for vPortFree differs (!)
|
||||
// from the one in sdk-overrides.h. That's above my pay grade.
|
||||
// --nwf; 2018 Feb 18
|
||||
extern void *pvPortCalloc(unsigned int count, unsigned int size);
|
||||
extern void vPortFree( void *pv );
|
||||
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
extern int ets_snprintf(char *buf, unsigned int size, const char *format, ...);
|
||||
extern void *pvPortCalloc(unsigned int count, unsigned int size);
|
||||
extern void vPortFree( void *pv );
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
|
||||
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
|
@ -232,12 +245,13 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
|
|||
size_t n;
|
||||
|
||||
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
|
||||
return -1;
|
||||
return( -1 );
|
||||
|
||||
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
|
||||
{
|
||||
fclose( file );
|
||||
return -1;
|
||||
mbedtls_zeroize( buf, buf_len );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
fclose( file );
|
||||
|
|
|
@ -46,6 +46,8 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -96,7 +98,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
|
|||
/*
|
||||
* RIPEMD-160 context setup
|
||||
*/
|
||||
void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
|
||||
int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
|
||||
{
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
@ -106,13 +108,16 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
|
|||
ctx->state[2] = 0x98BADCFE;
|
||||
ctx->state[3] = 0x10325476;
|
||||
ctx->state[4] = 0xC3D2E1F0;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
|
||||
/*
|
||||
* Process one block
|
||||
*/
|
||||
void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] )
|
||||
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
||||
|
||||
|
@ -287,20 +292,24 @@ void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned c
|
|||
ctx->state[3] = ctx->state[4] + A + Bp;
|
||||
ctx->state[4] = ctx->state[0] + B + Cp;
|
||||
ctx->state[0] = C;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
* RIPEMD-160 process buffer
|
||||
*/
|
||||
void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input, size_t ilen )
|
||||
int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
if( ilen == 0 )
|
||||
return;
|
||||
return( 0 );
|
||||
|
||||
left = ctx->total[0] & 0x3F;
|
||||
fill = 64 - left;
|
||||
|
@ -314,7 +323,10 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
|||
if( left && ilen >= fill )
|
||||
{
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
mbedtls_ripemd160_process( ctx, ctx->buffer );
|
||||
|
||||
if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
|
@ -322,7 +334,9 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
|||
|
||||
while( ilen >= 64 )
|
||||
{
|
||||
mbedtls_ripemd160_process( ctx, input );
|
||||
if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
input += 64;
|
||||
ilen -= 64;
|
||||
}
|
||||
|
@ -331,6 +345,8 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
|||
{
|
||||
memcpy( (void *) (ctx->buffer + left), input, ilen );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static const unsigned char ripemd160_padding[64] =
|
||||
|
@ -344,8 +360,10 @@ static const unsigned char ripemd160_padding[64] =
|
|||
/*
|
||||
* RIPEMD-160 final digest
|
||||
*/
|
||||
void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] )
|
||||
int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
int ret;
|
||||
uint32_t last, padn;
|
||||
uint32_t high, low;
|
||||
unsigned char msglen[8];
|
||||
|
@ -360,29 +378,50 @@ void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char out
|
|||
last = ctx->total[0] & 0x3F;
|
||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||
|
||||
mbedtls_ripemd160_update( ctx, ripemd160_padding, padn );
|
||||
mbedtls_ripemd160_update( ctx, msglen, 8 );
|
||||
ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
PUT_UINT32_LE( ctx->state[0], output, 0 );
|
||||
PUT_UINT32_LE( ctx->state[1], output, 4 );
|
||||
PUT_UINT32_LE( ctx->state[2], output, 8 );
|
||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
PUT_UINT32_LE( ctx->state[4], output, 16 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* ! MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
/*
|
||||
* output = RIPEMD-160( input buffer )
|
||||
*/
|
||||
void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[20] )
|
||||
int mbedtls_ripemd160_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ripemd160_context ctx;
|
||||
|
||||
mbedtls_ripemd160_init( &ctx );
|
||||
mbedtls_ripemd160_starts( &ctx );
|
||||
mbedtls_ripemd160_update( &ctx, input, ilen );
|
||||
mbedtls_ripemd160_finish( &ctx, output );
|
||||
|
||||
if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_ripemd160_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
@ -391,18 +430,22 @@ void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
|
|||
* http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
|
||||
*/
|
||||
#define TESTS 8
|
||||
#define KEYS 2
|
||||
static const char *ripemd160_test_input[TESTS] =
|
||||
static const unsigned char ripemd160_test_str[TESTS][81] =
|
||||
{
|
||||
"",
|
||||
"a",
|
||||
"abc",
|
||||
"message digest",
|
||||
"abcdefghijklmnopqrstuvwxyz",
|
||||
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
|
||||
"1234567890123456789012345678901234567890"
|
||||
"1234567890123456789012345678901234567890",
|
||||
{ "" },
|
||||
{ "a" },
|
||||
{ "abc" },
|
||||
{ "message digest" },
|
||||
{ "abcdefghijklmnopqrstuvwxyz" },
|
||||
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
|
||||
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
|
||||
{ "12345678901234567890123456789012345678901234567890123456789012"
|
||||
"345678901234567890" },
|
||||
};
|
||||
|
||||
static const size_t ripemd160_test_strlen[TESTS] =
|
||||
{
|
||||
0, 1, 3, 14, 26, 56, 62, 80
|
||||
};
|
||||
|
||||
static const unsigned char ripemd160_test_md[TESTS][20] =
|
||||
|
@ -430,7 +473,7 @@ static const unsigned char ripemd160_test_md[TESTS][20] =
|
|||
*/
|
||||
int mbedtls_ripemd160_self_test( int verbose )
|
||||
{
|
||||
int i;
|
||||
int i, ret = 0;
|
||||
unsigned char output[20];
|
||||
|
||||
memset( output, 0, sizeof output );
|
||||
|
@ -440,16 +483,15 @@ int mbedtls_ripemd160_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 );
|
||||
|
||||
mbedtls_ripemd160( (const unsigned char *) ripemd160_test_input[i],
|
||||
strlen( ripemd160_test_input[i] ),
|
||||
output );
|
||||
ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
|
||||
ripemd160_test_strlen[i], output );
|
||||
if( ret != 0 )
|
||||
goto fail;
|
||||
|
||||
if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -460,6 +502,12 @@ int mbedtls_ripemd160_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
|
||||
fail:
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,487 @@
|
|||
/*
|
||||
* Helper functions for the RSA module
|
||||
*
|
||||
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/rsa_internal.h"
|
||||
|
||||
/*
|
||||
* Compute RSA prime factors from public and private exponents
|
||||
*
|
||||
* Summary of algorithm:
|
||||
* Setting F := lcm(P-1,Q-1), the idea is as follows:
|
||||
*
|
||||
* (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2)
|
||||
* is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the
|
||||
* square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four
|
||||
* possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1)
|
||||
* or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime
|
||||
* factors of N.
|
||||
*
|
||||
* (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same
|
||||
* construction still applies since (-)^K is the identity on the set of
|
||||
* roots of 1 in Z/NZ.
|
||||
*
|
||||
* The public and private key primitives (-)^E and (-)^D are mutually inverse
|
||||
* bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e.
|
||||
* if and only if DE - 1 is a multiple of F, say DE - 1 = F * L.
|
||||
* Splitting L = 2^t * K with K odd, we have
|
||||
*
|
||||
* DE - 1 = FL = (F/2) * (2^(t+1)) * K,
|
||||
*
|
||||
* so (F / 2) * K is among the numbers
|
||||
*
|
||||
* (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord
|
||||
*
|
||||
* where ord is the order of 2 in (DE - 1).
|
||||
* We can therefore iterate through these numbers apply the construction
|
||||
* of (a) and (b) above to attempt to factor N.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
|
||||
mbedtls_mpi const *E, mbedtls_mpi const *D,
|
||||
mbedtls_mpi *P, mbedtls_mpi *Q )
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
uint16_t attempt; /* Number of current attempt */
|
||||
uint16_t iter; /* Number of squares computed in the current attempt */
|
||||
|
||||
uint16_t order; /* Order of 2 in DE - 1 */
|
||||
|
||||
mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */
|
||||
mbedtls_mpi K; /* Temporary holding the current candidate */
|
||||
|
||||
const unsigned char primes[] = { 2,
|
||||
3, 5, 7, 11, 13, 17, 19, 23,
|
||||
29, 31, 37, 41, 43, 47, 53, 59,
|
||||
61, 67, 71, 73, 79, 83, 89, 97,
|
||||
101, 103, 107, 109, 113, 127, 131, 137,
|
||||
139, 149, 151, 157, 163, 167, 173, 179,
|
||||
181, 191, 193, 197, 199, 211, 223, 227,
|
||||
229, 233, 239, 241, 251
|
||||
};
|
||||
|
||||
const size_t num_primes = sizeof( primes ) / sizeof( *primes );
|
||||
|
||||
if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
|
||||
mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
* Initializations and temporary changes
|
||||
*/
|
||||
|
||||
mbedtls_mpi_init( &K );
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
/* T := DE - 1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) );
|
||||
|
||||
if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* After this operation, T holds the largest odd divisor of DE - 1. */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) );
|
||||
|
||||
/*
|
||||
* Actual work
|
||||
*/
|
||||
|
||||
/* Skip trying 2 if N == 1 mod 8 */
|
||||
attempt = 0;
|
||||
if( N->p[0] % 8 == 1 )
|
||||
attempt = 1;
|
||||
|
||||
for( ; attempt < num_primes; ++attempt )
|
||||
{
|
||||
mbedtls_mpi_lset( &K, primes[attempt] );
|
||||
|
||||
/* Check if gcd(K,N) = 1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
|
||||
if( mbedtls_mpi_cmp_int( P, 1 ) != 0 )
|
||||
continue;
|
||||
|
||||
/* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ...
|
||||
* and check whether they have nontrivial GCD with N. */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N,
|
||||
Q /* temporarily use Q for storing Montgomery
|
||||
* multiplication helper values */ ) );
|
||||
|
||||
for( iter = 1; iter <= order; ++iter )
|
||||
{
|
||||
/* If we reach 1 prematurely, there's no point
|
||||
* in continuing to square K */
|
||||
if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 )
|
||||
break;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( P, 1 ) == 1 &&
|
||||
mbedtls_mpi_cmp_mpi( P, N ) == -1 )
|
||||
{
|
||||
/*
|
||||
* Have found a nontrivial divisor P of N.
|
||||
* Set Q := N / P.
|
||||
*/
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* If we get here, then either we prematurely aborted the loop because
|
||||
* we reached 1, or K holds primes[attempt]^(DE - 1) mod N, which must
|
||||
* be 1 if D,E,N were consistent.
|
||||
* Check if that's the case and abort if not, to avoid very long,
|
||||
* yet eventually failing, computations if N,D,E were not sane.
|
||||
*/
|
||||
if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
|
||||
cleanup:
|
||||
|
||||
mbedtls_mpi_free( &K );
|
||||
mbedtls_mpi_free( &T );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Given P, Q and the public exponent E, deduce D.
|
||||
* This is essentially a modular inversion.
|
||||
*/
|
||||
int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
|
||||
mbedtls_mpi const *Q,
|
||||
mbedtls_mpi const *E,
|
||||
mbedtls_mpi *D )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_mpi K, L;
|
||||
|
||||
if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_int( E, 0 ) == 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
mbedtls_mpi_init( &K );
|
||||
mbedtls_mpi_init( &L );
|
||||
|
||||
/* Temporarily put K := P-1 and L := Q-1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
|
||||
|
||||
/* Temporarily put D := gcd(P-1, Q-1) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
|
||||
|
||||
/* K := LCM(P-1, Q-1) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
|
||||
|
||||
/* Compute modular inverse of E in LCM(P-1, Q-1) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
|
||||
|
||||
cleanup:
|
||||
|
||||
mbedtls_mpi_free( &K );
|
||||
mbedtls_mpi_free( &L );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check that RSA CRT parameters are in accordance with core parameters.
|
||||
*/
|
||||
int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, const mbedtls_mpi *DP,
|
||||
const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
mbedtls_mpi K, L;
|
||||
mbedtls_mpi_init( &K );
|
||||
mbedtls_mpi_init( &L );
|
||||
|
||||
/* Check that DP - D == 0 mod P - 1 */
|
||||
if( DP != NULL )
|
||||
{
|
||||
if( P == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check that DQ - D == 0 mod Q - 1 */
|
||||
if( DQ != NULL )
|
||||
{
|
||||
if( Q == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check that QP * Q - 1 == 0 mod P */
|
||||
if( QP != NULL )
|
||||
{
|
||||
if( P == NULL || Q == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
|
||||
if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
/* Wrap MPI error codes by RSA check failure error code */
|
||||
if( ret != 0 &&
|
||||
ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
|
||||
ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
|
||||
{
|
||||
ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
}
|
||||
|
||||
mbedtls_mpi_free( &K );
|
||||
mbedtls_mpi_free( &L );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check that core RSA parameters are sane.
|
||||
*/
|
||||
int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *Q, const mbedtls_mpi *D,
|
||||
const mbedtls_mpi *E,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_mpi K, L;
|
||||
|
||||
mbedtls_mpi_init( &K );
|
||||
mbedtls_mpi_init( &L );
|
||||
|
||||
/*
|
||||
* Step 1: If PRNG provided, check that P and Q are prime
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_GENPRIME)
|
||||
if( f_rng != NULL && P != NULL &&
|
||||
( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( f_rng != NULL && Q != NULL &&
|
||||
( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
#else
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
#endif /* MBEDTLS_GENPRIME */
|
||||
|
||||
/*
|
||||
* Step 2: Check that 1 < N = P * Q
|
||||
*/
|
||||
|
||||
if( P != NULL && Q != NULL && N != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
|
||||
if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Step 3: Check and 1 < D, E < N if present.
|
||||
*/
|
||||
|
||||
if( N != NULL && D != NULL && E != NULL )
|
||||
{
|
||||
if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
|
||||
mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Step 4: Check that D, E are inverse modulo P-1 and Q-1
|
||||
*/
|
||||
|
||||
if( P != NULL && Q != NULL && D != NULL && E != NULL )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
|
||||
mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Compute DE-1 mod P-1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
|
||||
if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Compute DE-1 mod Q-1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
|
||||
if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
mbedtls_mpi_free( &K );
|
||||
mbedtls_mpi_free( &L );
|
||||
|
||||
/* Wrap MPI error codes by RSA check failure error code */
|
||||
if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
|
||||
{
|
||||
ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, mbedtls_mpi *DP,
|
||||
mbedtls_mpi *DQ, mbedtls_mpi *QP )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_mpi K;
|
||||
mbedtls_mpi_init( &K );
|
||||
|
||||
/* DP = D mod P-1 */
|
||||
if( DP != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
|
||||
}
|
||||
|
||||
/* DQ = D mod Q-1 */
|
||||
if( DQ != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
|
||||
}
|
||||
|
||||
/* QP = Q^{-1} mod P */
|
||||
if( QP != NULL )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &K );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_RSA_C */
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue