Merge pull request #19422 from Faless/mbedtls_2.10
Bump mbedTLS to version 2.10.0
This commit is contained in:
commit
27b70914e4
|
@ -11,6 +11,7 @@ if env['builtin_mbedtls']:
|
|||
"aes.c",
|
||||
"aesni.c",
|
||||
"arc4.c",
|
||||
"aria.c",
|
||||
"asn1parse.c",
|
||||
"asn1write.c",
|
||||
"base64.c",
|
||||
|
@ -55,6 +56,7 @@ if env['builtin_mbedtls']:
|
|||
"pk_wrap.c",
|
||||
"pkwrite.c",
|
||||
"platform.c",
|
||||
"platform_util.c",
|
||||
"ripemd160.c",
|
||||
"rsa.c",
|
||||
"rsa_internal.c",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
|
||||
index 67900c46c8..cefe882d2a 100644
|
||||
--- a/thirdparty/mbedtls/library/entropy_poll.c
|
||||
+++ b/thirdparty/mbedtls/library/entropy_poll.c
|
||||
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
|
||||
index 67900c46..cefe882d 100644
|
||||
--- a/library/entropy_poll.c
|
||||
+++ b/library/entropy_poll.c
|
||||
@@ -54,28 +54,43 @@
|
||||
#define _WIN32_WINNT 0x0400
|
||||
#endif
|
||||
|
@ -53,11 +53,11 @@ index 67900c46c8..cefe882d2a 100644
|
|||
*olen = len;
|
||||
|
||||
return( 0 );
|
||||
diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c
|
||||
index afff4e18bf..7960fa1a1a 100644
|
||||
--- a/thirdparty/mbedtls/library/x509_crt.c
|
||||
+++ b/thirdparty/mbedtls/library/x509_crt.c
|
||||
@@ -64,6 +64,19 @@
|
||||
diff --git a/library/x509_crt.c b/library/x509_crt.c
|
||||
index 290c1eb3..038eae02 100644
|
||||
--- a/library/x509_crt.c
|
||||
+++ b/library/x509_crt.c
|
||||
@@ -65,6 +65,19 @@
|
||||
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
#include <windows.h>
|
||||
|
@ -77,7 +77,7 @@ index afff4e18bf..7960fa1a1a 100644
|
|||
#else
|
||||
#include <time.h>
|
||||
#endif
|
||||
@@ -1130,6 +1143,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
@@ -1126,6 +1139,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
char filename[MAX_PATH];
|
||||
char *p;
|
||||
size_t len = strlen( path );
|
||||
|
@ -85,7 +85,7 @@ index afff4e18bf..7960fa1a1a 100644
|
|||
|
||||
WIN32_FIND_DATAW file_data;
|
||||
HANDLE hFind;
|
||||
@@ -1144,7 +1158,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
@@ -1140,7 +1154,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
p = filename + len;
|
||||
filename[len++] = '*';
|
||||
|
||||
|
@ -105,7 +105,7 @@ index afff4e18bf..7960fa1a1a 100644
|
|||
MAX_PATH - 3 );
|
||||
if( w_ret == 0 )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
@@ -1161,8 +1186,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
@@ -1157,8 +1182,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
||||
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
||||
continue;
|
||||
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved
|
||||
* \brief This file contains AES definitions and functions.
|
||||
*
|
||||
* The Advanced Encryption Standard (AES) specifies a FIPS-approved
|
||||
* cryptographic algorithm that can be used to protect electronic
|
||||
* data.
|
||||
*
|
||||
|
@ -12,6 +14,7 @@
|
|||
* techniques -- Encryption algorithms -- Part 2: Asymmetric
|
||||
* ciphers</em>.
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -50,7 +53,8 @@
|
|||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
/* Error codes in range 0x0023-0x0025 */
|
||||
/* Error codes in range 0x0021-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||
|
||||
|
@ -59,14 +63,14 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The AES context-type definition.
|
||||
*/
|
||||
|
@ -85,6 +89,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified AES context.
|
||||
*
|
||||
|
@ -112,8 +120,8 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -128,7 +136,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -192,7 +201,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
|
@ -300,7 +310,49 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
* must use the context initialized with mbedtls_aes_setkey_enc()
|
||||
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \warning You must keep the maximum use of your counter in mind.
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an AES block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
|
@ -313,7 +365,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
|
@ -391,22 +443,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -38,14 +38,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief ARC4 context structure
|
||||
*
|
||||
|
@ -61,6 +61,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_arc4_context;
|
||||
|
||||
#else /* MBEDTLS_ARC4_ALT */
|
||||
#include "arc4_alt.h"
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize ARC4 context
|
||||
*
|
||||
|
@ -118,18 +122,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
|||
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_ARC4_ALT */
|
||||
#include "arc4_alt.h"
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
|
@ -0,0 +1,331 @@
|
|||
/**
|
||||
* \file aria.h
|
||||
*
|
||||
* \brief ARIA block cipher
|
||||
*
|
||||
* The ARIA algorithm is a symmetric block cipher that can encrypt and
|
||||
* decrypt information. It is defined by the Korean Agency for
|
||||
* Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
|
||||
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
|
||||
* and also described by the IETF in <em>RFC 5794</em>.
|
||||
*/
|
||||
/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ARIA_H
|
||||
#define MBEDTLS_ARIA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
|
||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
|
||||
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ARIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The ARIA context-type definition.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
|
||||
/*! The ARIA round keys. */
|
||||
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
|
||||
}
|
||||
mbedtls_aria_context;
|
||||
|
||||
#else /* MBEDTLS_ARIA_ALT */
|
||||
#include "aria_alt.h"
|
||||
#endif /* MBEDTLS_ARIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified ARIA context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The ARIA context to initialize.
|
||||
*/
|
||||
void mbedtls_aria_init( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ARIA context.
|
||||
*
|
||||
* \param ctx The ARIA context to clear.
|
||||
*/
|
||||
void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The decryption key.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function performs an ARIA single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* It performs encryption or decryption (depending on whether
|
||||
* the key was set for encryption on decryption) on the input
|
||||
* data buffer defined in the \p input parameter.
|
||||
*
|
||||
* mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
|
||||
* mbedtls_aria_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aria_init(), and either
|
||||
* mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the ARIA block size of 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aria_setkey_enc()
|
||||
* for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an ARIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aria_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* aria.h */
|
|
@ -204,6 +204,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X );
|
|||
/**
|
||||
* \brief Enlarge to the specified number of limbs
|
||||
*
|
||||
* This function does nothing if the MPI is already large enough.
|
||||
*
|
||||
* \param X MPI to grow
|
||||
* \param nblimbs The target number of limbs
|
||||
*
|
||||
|
@ -215,19 +217,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
|
|||
/**
|
||||
* \brief Resize down, keeping at least the specified number of limbs
|
||||
*
|
||||
* If \c X is smaller than \c nblimbs, it is resized up
|
||||
* instead.
|
||||
*
|
||||
* \param X MPI to shrink
|
||||
* \param nblimbs The minimum number of limbs to keep
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* (this can only happen when resizing up).
|
||||
*/
|
||||
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
|
||||
|
||||
/**
|
||||
* \brief Copy the contents of Y into X
|
||||
*
|
||||
* \param X Destination MPI
|
||||
* \param Y Source MPI
|
||||
* \param X Destination MPI. It is enlarged if necessary.
|
||||
* \param Y Source MPI.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
|
|
|
@ -44,14 +44,14 @@
|
|||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief Blowfish context structure
|
||||
*/
|
||||
|
@ -62,6 +62,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_blowfish_context;
|
||||
|
||||
#else /* MBEDTLS_BLOWFISH_ALT */
|
||||
#include "blowfish_alt.h"
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize Blowfish context
|
||||
*
|
||||
|
@ -170,7 +174,46 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
|||
/**
|
||||
* \brief Blowfish-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**64
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 4 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 4 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**32 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a Blowfish block is 8 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param length The length of the data
|
||||
|
@ -198,8 +241,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_BLOWFISH_ALT */
|
||||
#include "blowfish_alt.h"
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
#endif /* blowfish.h */
|
||||
|
|
|
@ -521,7 +521,7 @@
|
|||
"swi r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4" "r5", "r6", "r7", "r8", \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", \
|
||||
"r9", "r10", "r11", "r12", "r13" \
|
||||
);
|
||||
|
||||
|
|
|
@ -40,14 +40,14 @@
|
|||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA context structure
|
||||
*/
|
||||
|
@ -58,6 +58,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_camellia_context;
|
||||
|
||||
#else /* MBEDTLS_CAMELLIA_ALT */
|
||||
#include "camellia_alt.h"
|
||||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize CAMELLIA context
|
||||
*
|
||||
|
@ -183,12 +187,54 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
|||
/**
|
||||
* \brief CAMELLIA-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a CAMELLIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
|
@ -211,18 +257,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
|
|||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_CAMELLIA_ALT */
|
||||
#include "camellia_alt.h"
|
||||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
/**
|
||||
* \file ccm.h
|
||||
*
|
||||
* \brief CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
* \brief This file provides an API for the CCM authenticated encryption
|
||||
* mode for block ciphers.
|
||||
*
|
||||
* CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
*
|
||||
* Input to CCM includes the following elements:
|
||||
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
|
||||
|
@ -40,14 +43,15 @@
|
|||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The CCM context-type definition. The CCM context is passed
|
||||
* to the APIs called.
|
||||
|
@ -57,6 +61,10 @@ typedef struct {
|
|||
}
|
||||
mbedtls_ccm_context;
|
||||
|
||||
#else /* MBEDTLS_CCM_ALT */
|
||||
#include "ccm_alt.h"
|
||||
#endif /* MBEDTLS_CCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified CCM context,
|
||||
* to make references valid, and prepare the context
|
||||
|
@ -75,7 +83,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
|||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return \c 0 on success, or a cipher-specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -93,6 +102,13 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
/**
|
||||
* \brief This function encrypts a buffer using CCM.
|
||||
*
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
|
@ -107,13 +123,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
* \param tag_len The length of the tag to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -139,8 +150,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \param tag_len The length of the tag in Bytes.
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return \c 0 on success. This indicates that the message is authentic.
|
||||
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return A cipher-specific error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -148,23 +160,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_CCM_ALT */
|
||||
#include "ccm_alt.h"
|
||||
#endif /* MBEDTLS_CCM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief The CCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ccm_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
/**
|
||||
* \file cipher.h
|
||||
*
|
||||
* \brief The generic cipher wrapper.
|
||||
* \brief This file contains an abstraction interface for use with the cipher
|
||||
* primitives provided by the library. It provides a common interface to all of
|
||||
* the available cipher operations.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
|
@ -69,93 +71,112 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported ciphers.
|
||||
* \brief Supported cipher types.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_ID_NONE = 0,
|
||||
MBEDTLS_CIPHER_ID_NULL,
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
MBEDTLS_CIPHER_ID_DES,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA,
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH,
|
||||
MBEDTLS_CIPHER_ID_ARC4,
|
||||
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
|
||||
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
|
||||
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
|
||||
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
|
||||
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
|
||||
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
|
||||
} mbedtls_cipher_id_t;
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported (cipher, mode) pairs.
|
||||
* \brief Supported {cipher type, cipher mode} pairs.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_NONE = 0,
|
||||
MBEDTLS_CIPHER_NULL,
|
||||
MBEDTLS_CIPHER_AES_128_ECB,
|
||||
MBEDTLS_CIPHER_AES_192_ECB,
|
||||
MBEDTLS_CIPHER_AES_256_ECB,
|
||||
MBEDTLS_CIPHER_AES_128_CBC,
|
||||
MBEDTLS_CIPHER_AES_192_CBC,
|
||||
MBEDTLS_CIPHER_AES_256_CBC,
|
||||
MBEDTLS_CIPHER_AES_128_CFB128,
|
||||
MBEDTLS_CIPHER_AES_192_CFB128,
|
||||
MBEDTLS_CIPHER_AES_256_CFB128,
|
||||
MBEDTLS_CIPHER_AES_128_CTR,
|
||||
MBEDTLS_CIPHER_AES_192_CTR,
|
||||
MBEDTLS_CIPHER_AES_256_CTR,
|
||||
MBEDTLS_CIPHER_AES_128_GCM,
|
||||
MBEDTLS_CIPHER_AES_192_GCM,
|
||||
MBEDTLS_CIPHER_AES_256_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM,
|
||||
MBEDTLS_CIPHER_DES_ECB,
|
||||
MBEDTLS_CIPHER_DES_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR,
|
||||
MBEDTLS_CIPHER_ARC4_128,
|
||||
MBEDTLS_CIPHER_AES_128_CCM,
|
||||
MBEDTLS_CIPHER_AES_192_CCM,
|
||||
MBEDTLS_CIPHER_AES_256_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM,
|
||||
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
|
||||
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
|
||||
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
|
||||
MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
|
||||
} mbedtls_cipher_type_t;
|
||||
|
||||
/** Supported cipher modes. */
|
||||
typedef enum {
|
||||
MBEDTLS_MODE_NONE = 0,
|
||||
MBEDTLS_MODE_ECB,
|
||||
MBEDTLS_MODE_CBC,
|
||||
MBEDTLS_MODE_CFB,
|
||||
MBEDTLS_MODE_OFB, /* Unused! */
|
||||
MBEDTLS_MODE_CTR,
|
||||
MBEDTLS_MODE_GCM,
|
||||
MBEDTLS_MODE_STREAM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
MBEDTLS_MODE_NONE = 0, /**< None. */
|
||||
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
|
||||
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
|
||||
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
|
||||
MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */
|
||||
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
|
||||
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
|
||||
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
|
||||
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
|
||||
} mbedtls_cipher_mode_t;
|
||||
|
||||
/** Supported cipher padding types. */
|
||||
|
@ -163,8 +184,8 @@ typedef enum {
|
|||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
|
||||
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */
|
||||
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
|
||||
} mbedtls_cipher_padding_t;
|
||||
|
||||
/** Type of operation. */
|
||||
|
@ -228,7 +249,10 @@ typedef struct {
|
|||
*/
|
||||
unsigned int iv_size;
|
||||
|
||||
/** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */
|
||||
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
|
||||
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
|
||||
* cipher supports variable IV or variable key sizes, respectively.
|
||||
*/
|
||||
int flags;
|
||||
|
||||
/** The block size, in Bytes. */
|
||||
|
@ -299,7 +323,8 @@ const int *mbedtls_cipher_list( void );
|
|||
* \param cipher_name Name of the cipher to search for.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_name, or NULL if not found.
|
||||
* given \p cipher_name.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
|
@ -310,7 +335,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
|
|||
* \param cipher_type Type of the cipher to search for.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_type, or NULL if not found.
|
||||
* given \p cipher_type.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
|
@ -325,7 +351,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
|
|||
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_id, or NULL if not found.
|
||||
* given \p cipher_id.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
|
@ -352,10 +379,11 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
|||
* \param ctx The context to initialize. May not be NULL.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
|
||||
* #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context failed.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context fails.
|
||||
*
|
||||
* \internal Currently, the function also clears the structure.
|
||||
* In future versions, the caller will be required to call
|
||||
|
@ -368,8 +396,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The size of the blocks of the cipher, or zero if \p ctx
|
||||
* has not been initialized.
|
||||
* \return The size of the blocks of the cipher.
|
||||
* \return 0 if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -385,8 +413,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The mode of operation, or #MBEDTLS_MODE_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
* \return The mode of operation.
|
||||
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -402,9 +430,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return <ul><li>If no IV has been set: the recommended IV size.
|
||||
* 0 for ciphers not using IV or nonce.</li>
|
||||
* <li>If IV has already been set: the actual size.</li></ul>
|
||||
* \return The recommended IV size if no IV has been set.
|
||||
* \return \c 0 for ciphers not using an IV or a nonce.
|
||||
* \return The actual size if an IV has been set.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -422,8 +450,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
* \return The type of the cipher.
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -439,8 +467,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The name of the cipher, or NULL if \p ctx has not
|
||||
* been not initialized.
|
||||
* \return The name of the cipher.
|
||||
* \return NULL if \p ctx has not been not initialized.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -455,8 +483,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The key length of the cipher in bits, or
|
||||
* #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* \return The key length of the cipher in bits.
|
||||
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* initialized.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
|
||||
|
@ -472,9 +500,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or
|
||||
* #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx
|
||||
* has not been initialized.
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -495,9 +522,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
|
|||
* \param operation The operation that the key will be used for:
|
||||
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails, or a cipher-specific
|
||||
* error code.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
int key_bitlen, const mbedtls_operation_t operation );
|
||||
|
@ -512,9 +540,10 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
* \param ctx The generic cipher context.
|
||||
* \param mode The padding mode.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
|
||||
|
@ -524,15 +553,17 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
|
|||
* \brief This function sets the initialization vector (IV)
|
||||
* or nonce.
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len );
|
||||
|
@ -542,8 +573,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
*
|
||||
* \param ctx The generic cipher context.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
@ -557,7 +589,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
|||
* \param ad The additional data to use.
|
||||
* \param ad_len the Length of \p ad.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len );
|
||||
|
@ -573,6 +606,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
* Exception: For MBEDTLS_MODE_ECB, expects a single block
|
||||
* in size. For example, 16 Bytes for AES.
|
||||
*
|
||||
* \note If the underlying cipher is used in GCM mode, all calls
|
||||
* to this function, except for the last one before
|
||||
* mbedtls_cipher_finish(), must have \p ilen as a
|
||||
* multiple of the block size of the cipher.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
|
@ -582,16 +620,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher, or a cipher-specific
|
||||
* error code.
|
||||
*
|
||||
* \note If the underlying cipher is GCM, all calls to this
|
||||
* function, except the last one before
|
||||
* mbedtls_cipher_finish(). Must have \p ilen as a
|
||||
* multiple of the block_size.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen, unsigned char *output, size_t *olen );
|
||||
|
@ -606,13 +640,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
* \param output The buffer to write data to. Needs block_size available.
|
||||
* \param olen The length of the data written to the \p output buffer.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one,
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code
|
||||
* on failure for any other reason.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
@ -627,7 +662,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer to write the tag to.
|
||||
* \param tag_len The length of the tag to write.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
@ -641,7 +677,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to check.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
@ -667,13 +704,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
|||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, use \p iv = NULL and \p iv_len = 0.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one, or
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code on
|
||||
* failure for any other reason.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -699,9 +737,10 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer for the authentication tag.
|
||||
* \param tag_len The desired length of the authentication tag.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* a cipher-specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -713,6 +752,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief The generic autenticated decryption (AEAD) function.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
|
@ -728,14 +771,11 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer holding the authentication tag.
|
||||
* \param tag_len The length of the authentication tag.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic,
|
||||
* or a cipher-specific error code on failure for any other reason.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
/**
|
||||
* \file cmac.h
|
||||
*
|
||||
* \brief The Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication.
|
||||
* \brief This file contains CMAC definitions and functions.
|
||||
*
|
||||
* The Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
|
@ -38,9 +40,9 @@ extern "C" {
|
|||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT)
|
||||
|
@ -61,22 +63,25 @@ struct mbedtls_cmac_context_t
|
|||
size_t unprocessed_len;
|
||||
};
|
||||
|
||||
#else /* !MBEDTLS_CMAC_ALT */
|
||||
#include "cmac_alt.h"
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function sets the CMAC key, and prepares to authenticate
|
||||
* the input data.
|
||||
* Must be called with an initialized cipher context.
|
||||
*
|
||||
* \param ctx The cipher context used for the CMAC operation, initialized
|
||||
* as one of the following types:<ul>
|
||||
* <li>MBEDTLS_CIPHER_AES_128_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_AES_192_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_AES_256_ECB</li>
|
||||
* <li>MBEDTLS_CIPHER_DES_EDE3_ECB</li></ul>
|
||||
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
|
||||
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
|
||||
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||
* \param key The CMAC key.
|
||||
* \param keybits The length of the CMAC key in bits.
|
||||
* Must be supported by the cipher.
|
||||
*
|
||||
* \return \c 0 on success, or a cipher-specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key, size_t keybits );
|
||||
|
@ -93,8 +98,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
@ -110,7 +116,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
|||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param output The output buffer for the CMAC checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||
|
@ -126,7 +133,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
|||
*
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
@ -149,7 +157,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
|||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the generic CMAC result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
|
@ -180,23 +189,12 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
|||
unsigned char output[16] );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* !MBEDTLS_CMAC_ALT */
|
||||
#include "cmac_alt.h"
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
|
||||
/**
|
||||
* \brief The CMAC checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_cmac_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
|
|
|
@ -48,10 +48,14 @@
|
|||
* Requires support for asm() in compiler.
|
||||
*
|
||||
* Used in:
|
||||
* library/aria.c
|
||||
* library/timing.c
|
||||
* library/padlock.c
|
||||
* include/mbedtls/bn_mul.h
|
||||
*
|
||||
* Required by:
|
||||
* MBEDTLS_AESNI_C
|
||||
* MBEDTLS_PADLOCK_C
|
||||
*
|
||||
* Comment to disable the use of assembly code.
|
||||
*/
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
|
@ -271,6 +275,7 @@
|
|||
*/
|
||||
//#define MBEDTLS_AES_ALT
|
||||
//#define MBEDTLS_ARC4_ALT
|
||||
//#define MBEDTLS_ARIA_ALT
|
||||
//#define MBEDTLS_BLOWFISH_ALT
|
||||
//#define MBEDTLS_CAMELLIA_ALT
|
||||
//#define MBEDTLS_CCM_ALT
|
||||
|
@ -288,6 +293,7 @@
|
|||
//#define MBEDTLS_SHA256_ALT
|
||||
//#define MBEDTLS_SHA512_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
|
||||
/*
|
||||
* When replacing the elliptic curve module, pleace consider, that it is
|
||||
* implemented with two .c files:
|
||||
|
@ -440,12 +446,45 @@
|
|||
/**
|
||||
* \def MBEDTLS_AES_ROM_TABLES
|
||||
*
|
||||
* Store the AES tables in ROM.
|
||||
* Use precomputed AES tables stored in ROM.
|
||||
*
|
||||
* Uncomment this macro to use precomputed AES tables stored in ROM.
|
||||
* Comment this macro to generate AES tables in RAM at runtime.
|
||||
*
|
||||
* Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
|
||||
* (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
|
||||
* initialization time before the first AES operation can be performed.
|
||||
* It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
|
||||
* MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
|
||||
* performance if ROM access is slower than RAM access.
|
||||
*
|
||||
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
|
||||
*
|
||||
* Uncomment this macro to store the AES tables in ROM.
|
||||
*/
|
||||
//#define MBEDTLS_AES_ROM_TABLES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_AES_FEWER_TABLES
|
||||
*
|
||||
* Use less ROM/RAM for AES tables.
|
||||
*
|
||||
* Uncommenting this macro omits 75% of the AES tables from
|
||||
* ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
|
||||
* by computing their values on the fly during operations
|
||||
* (the tables are entry-wise rotations of one another).
|
||||
*
|
||||
* Tradeoff: Uncommenting this reduces the RAM / ROM footprint
|
||||
* by ~6kb but at the cost of more arithmetic operations during
|
||||
* runtime. Specifically, one has to compare 4 accesses within
|
||||
* different tables to 4 accesses with additional arithmetic
|
||||
* operations within the same table. The performance gain/loss
|
||||
* depends on the system and memory details.
|
||||
*
|
||||
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_FEWER_TABLES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||
*
|
||||
|
@ -576,6 +615,7 @@
|
|||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_NIST_OPTIM
|
||||
|
@ -1583,7 +1623,7 @@
|
|||
* Enable the AES block cipher.
|
||||
*
|
||||
* Module: library/aes.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
* library/pem.c
|
||||
* library/ctr_drbg.c
|
||||
*
|
||||
|
@ -1658,7 +1698,7 @@
|
|||
* Enable the ARCFOUR stream cipher.
|
||||
*
|
||||
* Module: library/arc4.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -1752,7 +1792,7 @@
|
|||
* Enable the Camellia block cipher.
|
||||
*
|
||||
* Module: library/camellia.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -1801,6 +1841,58 @@
|
|||
*/
|
||||
#define MBEDTLS_CAMELLIA_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ARIA_C
|
||||
*
|
||||
* Enable the ARIA block cipher.
|
||||
*
|
||||
* Module: library/aria.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
*
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
*/
|
||||
//#define MBEDTLS_ARIA_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CCM_C
|
||||
*
|
||||
|
@ -1887,7 +1979,7 @@
|
|||
*
|
||||
* Module: library/des.c
|
||||
* Caller: library/pem.c
|
||||
* library/ssl_tls.c
|
||||
* library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -2818,6 +2910,26 @@
|
|||
*/
|
||||
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* mbedtls_platform_zeroize() is a widely used function across the library to
|
||||
* zero a block of memory. The implementation is expected to be secure in the
|
||||
* sense that it has been written to prevent the compiler from removing calls
|
||||
* to mbedtls_platform_zeroize() as part of redundant code elimination
|
||||
* optimizations. However, it is difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
|
||||
* versions of the C language standards do not provide a secure implementation
|
||||
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
|
||||
* configure their own implementation of mbedtls_platform_zeroize(), for
|
||||
* example by using directives specific to their compiler, features from newer
|
||||
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
|
||||
* their system (e.g explicit_bzero() in BSD).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
/**
|
||||
* \file ctr_drbg.h
|
||||
*
|
||||
* \brief CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A:
|
||||
* Recommendation for Random Number Generation Using Deterministic
|
||||
* Random Bit Generators</em>.
|
||||
* \brief This file contains CTR_DRBG definitions and functions.
|
||||
*
|
||||
* CTR_DRBG is a standardized way of building a PRNG from a block-cipher
|
||||
* in counter mode operation, as defined in <em>NIST SP 800-90A:
|
||||
* Recommendation for Random Number Generation Using Deterministic Random
|
||||
* Bit Generators</em>.
|
||||
*
|
||||
* The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying
|
||||
* block cipher.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
|
@ -156,8 +161,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
|||
identifiers. Can be NULL.
|
||||
* \param len The length of the personalization data.
|
||||
*
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
|
@ -216,22 +221,24 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
|||
* \param additional Additional data to add to the state. Can be NULL.
|
||||
* \param len The length of the additional data.
|
||||
*
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
* \note If \p add_len is greater than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
*
|
||||
* \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
|
||||
* only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
@ -249,8 +256,8 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
|||
* \param additional Additional data to update. Can be NULL.
|
||||
* \param add_len The length of the additional data.
|
||||
*
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
|
@ -267,8 +274,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
*
|
||||
* \return \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||
|
@ -281,9 +288,9 @@ int mbedtls_ctr_drbg_random( void *p_rng,
|
|||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
|
@ -295,9 +302,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
|
||||
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
|
@ -306,7 +313,8 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
/**
|
||||
* \brief The CTR_DRBG checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -46,14 +46,14 @@
|
|||
|
||||
#define MBEDTLS_DES_KEY_SIZE 8
|
||||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief DES context structure
|
||||
*
|
||||
|
@ -76,6 +76,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_des3_context;
|
||||
|
||||
#else /* MBEDTLS_DES_ALT */
|
||||
#include "des_alt.h"
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize DES context
|
||||
*
|
||||
|
@ -331,17 +335,6 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|||
*/
|
||||
void mbedtls_des_setkey( uint32_t SK[32],
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DES_ALT */
|
||||
#include "des_alt.h"
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
|
|
@ -1,7 +1,13 @@
|
|||
/**
|
||||
* \file dhm.h
|
||||
*
|
||||
* \brief Diffie-Hellman-Merkle key exchange.
|
||||
* \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange
|
||||
* definitions and functions.
|
||||
*
|
||||
* Diffie-Hellman-Merkle (DHM) key exchange is defined in
|
||||
* <em>RFC-2631: Diffie-Hellman Key Agreement Method</em> and
|
||||
* <em>Public-Key Cryptography Standards (PKCS) #3: Diffie
|
||||
* Hellman Key Agreement Standard</em>.
|
||||
*
|
||||
* <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
|
||||
* Internet Key Exchange (IKE)</em> defines a number of standardized
|
||||
|
@ -65,7 +71,6 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
#include "bignum.h"
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
|
||||
/*
|
||||
* DHM Error codes
|
||||
|
@ -86,6 +91,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
|
||||
/**
|
||||
* \brief The DHM context structure.
|
||||
*/
|
||||
|
@ -105,6 +112,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_dhm_context;
|
||||
|
||||
#else /* MBEDTLS_DHM_ALT */
|
||||
#include "dhm_alt.h"
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the DHM context.
|
||||
*
|
||||
|
@ -125,8 +136,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
|
|||
* failures.
|
||||
* \param end The end of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
||||
unsigned char **p,
|
||||
|
@ -136,13 +147,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
* \brief This function sets up and writes the ServerKeyExchange
|
||||
* parameters.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private value size in Bytes.
|
||||
* \param olen The number of characters written.
|
||||
* \param output The destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note The destination buffer must be large enough to hold
|
||||
* the reduced binary presentation of the modulus, the generator
|
||||
* and the public key, each wrapped with a 2-byte length field.
|
||||
|
@ -155,8 +159,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
* mbedtls_dhm_set_group() below in conjunction with
|
||||
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param olen The number of characters written.
|
||||
* \param output The destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t *olen,
|
||||
|
@ -164,54 +175,54 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Set prime modulus and generator
|
||||
* \brief This function sets the prime modulus and generator.
|
||||
*
|
||||
* \note This function can be used to set \p P, \p G
|
||||
* in preparation for mbedtls_dhm_make_params().
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param P The MPI holding DHM prime modulus.
|
||||
* \param G The MPI holding DHM generator.
|
||||
* \param P The MPI holding the DHM prime modulus.
|
||||
* \param G The MPI holding the DHM generator.
|
||||
*
|
||||
* \note This function can be used to set P, G
|
||||
* in preparation for \c mbedtls_dhm_make_params.
|
||||
*
|
||||
* \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 if successful.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
||||
const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *G );
|
||||
|
||||
/**
|
||||
* \brief This function imports the public value G^Y of the peer.
|
||||
* \brief This function imports the public value of the peer, G^Y.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param input The input buffer.
|
||||
* \param input The input buffer containing the G^Y value of the peer.
|
||||
* \param ilen The size of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function creates its own private value \c X and
|
||||
* \brief This function creates its own private key, \c X, and
|
||||
* exports \c G^X.
|
||||
*
|
||||
* \note The destination buffer is always fully written
|
||||
* so as to contain a big-endian representation of G^X mod P.
|
||||
* If it is larger than ctx->len, it is padded accordingly
|
||||
* with zero-bytes at the beginning.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private value size in Bytes.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param output The destination buffer.
|
||||
* \param olen The length of the destination buffer. Must be at least
|
||||
equal to ctx->len (the size of \c P).
|
||||
* equal to ctx->len (the size of \c P).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note The destination buffer will always be fully written
|
||||
* so as to contain a big-endian presentation of G^X mod P.
|
||||
* If it is larger than ctx->len, it will accordingly be
|
||||
* padded with zero-bytes in the beginning.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t olen,
|
||||
|
@ -222,22 +233,22 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||
* \brief This function derives and exports the shared secret
|
||||
* \c (G^Y)^X mod \c P.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our private key \c X is re-used, and not used
|
||||
* otherwise. We recommend always passing a non-NULL
|
||||
* \p f_rng argument.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param output The destination buffer.
|
||||
* \param output_size The size of the destination buffer. Must be at least
|
||||
* the size of ctx->len.
|
||||
* the size of ctx->len (the size of \c P).
|
||||
* \param olen On exit, holds the actual number of Bytes written.
|
||||
* \param f_rng The RNG function, for blinding purposes.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \note If non-NULL, \p f_rng is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our secret value \p X is re-used and omitted
|
||||
* otherwise. Therefore, we recommend always passing a
|
||||
* non-NULL \p f_rng argument.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
||||
unsigned char *output, size_t output_size, size_t *olen,
|
||||
|
@ -245,7 +256,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function frees and clears the components of a DHM key.
|
||||
* \brief This function frees and clears the components of a DHM context.
|
||||
*
|
||||
* \param ctx The DHM context to free and clear.
|
||||
*/
|
||||
|
@ -261,8 +272,9 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
|
|||
* \param dhminlen The size of the buffer, including the terminating null
|
||||
* Byte for PEM data.
|
||||
*
|
||||
* \return \c 0 on success, or a specific DHM or PEM error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
||||
size_t dhminlen );
|
||||
|
@ -275,29 +287,19 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
|||
* \param dhm The DHM context to load the parameters to.
|
||||
* \param path The filename to read the DHM parameters from.
|
||||
*
|
||||
* \return \c 0 on success, or a specific DHM or PEM error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DHM_ALT */
|
||||
#include "dhm_alt.h"
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The DMH checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_dhm_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
/**
|
||||
* \file ecdh.h
|
||||
*
|
||||
* \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs.
|
||||
* \brief This file contains ECDH definitions and functions.
|
||||
*
|
||||
* ECDH is an anonymous key agreement protocol allowing two parties to
|
||||
* establish a shared secret over an insecure channel. Each party must have an
|
||||
* The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
|
||||
* key agreement protocol allowing two parties to establish a shared
|
||||
* secret over an insecure channel. Each party must have an
|
||||
* elliptic-curve public–private key pair.
|
||||
*
|
||||
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
|
||||
|
@ -40,14 +41,12 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* Defines the source of the imported EC key:
|
||||
* <ul><li>Our key.</li>
|
||||
* <li>The key of the peer.</li></ul>
|
||||
* Defines the source of the imported EC key.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECDH_OURS,
|
||||
MBEDTLS_ECDH_THEIRS,
|
||||
MBEDTLS_ECDH_OURS, /**< Our key. */
|
||||
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
|
||||
} mbedtls_ecdh_side;
|
||||
|
||||
/**
|
||||
|
@ -75,16 +74,18 @@ mbedtls_ecdh_context;
|
|||
* implemented during the ECDH key exchange. The second core
|
||||
* computation is performed by mbedtls_ecdh_compute_shared().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param d The destination MPI (private key).
|
||||
* \param Q The destination point (public key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -97,21 +98,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
* implemented during the ECDH key exchange. The first core
|
||||
* computation is performed by mbedtls_ecdh_gen_public().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param z The destination MPI (shared secret).
|
||||
* \param Q The public key from another party.
|
||||
* \param d Our secret exponent (private key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against potential elaborate timing
|
||||
* attacks. For more information, see mbedtls_ecp_mul().
|
||||
*/
|
||||
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
|
@ -139,21 +141,21 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
|||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
@ -167,14 +169,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
@ -186,16 +189,16 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
|||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key:
|
||||
* <ul><li>1: Our key.</li>
|
||||
<li>0: The key of the peer.</li></ul>
|
||||
* \param side Defines the source of the key: 1: Our key, or
|
||||
* 0: The key of the peer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
|
@ -207,17 +210,17 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai
|
|||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
@ -231,14 +234,14 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
|||
* This is the second function used by a TLS server for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
@ -249,21 +252,21 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
|||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against potential elaborate timing
|
||||
* attacks. For more information, see mbedtls_ecp_mul().
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
/**
|
||||
* \file ecdsa.h
|
||||
*
|
||||
* \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
|
||||
* \brief This file contains ECDSA definitions and functions.
|
||||
*
|
||||
* ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
|
||||
* <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* SEC1 Elliptic Curve Cryptography</em>.
|
||||
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
|
||||
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
|
@ -69,6 +70,14 @@ extern "C" {
|
|||
*
|
||||
* \note The deterministic version is usually preferred.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
|
@ -76,18 +85,11 @@ extern "C" {
|
|||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX
|
||||
* or \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -97,10 +99,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
/**
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message, deterministic version.
|
||||
*
|
||||
* For more information, see <em>RFC-6979: Deterministic
|
||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
|
@ -109,17 +120,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
* \param blen The length of \p buf.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -130,6 +133,14 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
* \brief This function verifies the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
|
@ -137,18 +148,11 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
* \param r The first integer of the signature.
|
||||
* \param s The second integer of the signature.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
|
||||
* is invalid.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
|
@ -169,15 +173,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
|
@ -189,11 +184,20 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -209,26 +213,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function computes an ECDSA signature and writes it to a buffer,
|
||||
* serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
|
||||
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
* \brief This function computes an ECDSA signature and writes
|
||||
* it to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA) and
|
||||
* Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA)
|
||||
* and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The Message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if a
|
||||
|
@ -241,11 +236,21 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
||||
* Mbed TLS version 2.0 and later.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -258,26 +263,26 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|||
/**
|
||||
* \brief This function reads and verifies an ECDSA signature.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than \p siglen,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -286,16 +291,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
|||
/**
|
||||
* \brief This function generates an ECDSA keypair on the given curve.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
@ -303,13 +308,13 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
|||
/**
|
||||
* \brief This function sets an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to set.
|
||||
* \param key The EC key to use.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
|
||||
|
||||
|
|
|
@ -44,8 +44,6 @@
|
|||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -58,6 +56,7 @@ typedef enum {
|
|||
MBEDTLS_ECJPAKE_SERVER, /**< Server */
|
||||
} mbedtls_ecjpake_role;
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
/**
|
||||
* EC J-PAKE context structure.
|
||||
*
|
||||
|
@ -88,6 +87,10 @@ typedef struct
|
|||
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
|
||||
} mbedtls_ecjpake_context;
|
||||
|
||||
#else /* MBEDTLS_ECJPAKE_ALT */
|
||||
#include "ecjpake_alt.h"
|
||||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* (just makes it ready for setup() or free()).
|
||||
|
@ -225,20 +228,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
|||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_ECJPAKE_ALT */
|
||||
#include "ecjpake_alt.h"
|
||||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
@ -246,10 +239,11 @@ extern "C" {
|
|||
*/
|
||||
int mbedtls_ecjpake_self_test( int verbose );
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* ecjpake.h */
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -48,7 +48,7 @@
|
|||
* [6] Digital Signature Standard (DSS), FIPS 186-4.
|
||||
* <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
|
||||
*
|
||||
* [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
|
||||
* [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
|
||||
* Security (TLS), RFC 4492.
|
||||
* <https://tools.ietf.org/search/rfc4492>
|
||||
*
|
||||
|
|
|
@ -166,7 +166,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
|
|||
* \param threshold Minimum required from source before entropy is released
|
||||
* ( with mbedtls_entropy_func() ) (in bytes)
|
||||
* \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
|
||||
* MBEDTSL_ENTROPY_SOURCE_WEAK.
|
||||
* MBEDTLS_ENTROPY_SOURCE_WEAK.
|
||||
* At least one strong source needs to be added.
|
||||
* Weaker sources (such as the cycle counter) can be used as
|
||||
* a complement.
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
* GCM 3 0x0012-0x0014 0x0013-0x0013
|
||||
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
|
||||
* THREADING 3 0x001A-0x001E
|
||||
* AES 4 0x0020-0x0022 0x0023-0x0025
|
||||
* AES 5 0x0020-0x0022 0x0021-0x0025
|
||||
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
|
||||
* XTEA 2 0x0028-0x0028 0x0029-0x0029
|
||||
* BASE64 2 0x002A-0x002C
|
||||
|
@ -63,6 +63,7 @@
|
|||
* CTR_DBRG 4 0x0034-0x003A
|
||||
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F
|
||||
* NET 11 0x0042-0x0052 0x0043-0x0045
|
||||
* ARIA 4 0x0058-0x005E
|
||||
* ASN1 7 0x0060-0x006C
|
||||
* CMAC 1 0x007A-0x007A
|
||||
* PBKDF2 1 0x007C-0x007C
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
/**
|
||||
* \file gcm.h
|
||||
*
|
||||
* \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
* \brief This file contains GCM definitions and functions.
|
||||
*
|
||||
* The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
*
|
||||
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
|
||||
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
|
||||
|
@ -42,12 +44,12 @@
|
|||
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
/**
|
||||
* \brief The GCM context structure.
|
||||
*/
|
||||
|
@ -66,6 +68,10 @@ typedef struct {
|
|||
}
|
||||
mbedtls_gcm_context;
|
||||
|
||||
#else /* !MBEDTLS_GCM_ALT */
|
||||
#include "gcm_alt.h"
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified GCM context,
|
||||
* to make references valid, and prepares the context
|
||||
|
@ -91,7 +97,8 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or a cipher specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -101,15 +108,16 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
/**
|
||||
* \brief This function performs GCM encryption or decryption of a buffer.
|
||||
*
|
||||
* \note For encryption, the output buffer can be the same as the input buffer.
|
||||
* For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For encryption, the output buffer can be the same as the
|
||||
* input buffer. For decryption, the output buffer cannot be
|
||||
* the same as input buffer. If the buffers overlap, the output
|
||||
* buffer must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context to use for encryption or decryption.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
|
@ -137,12 +145,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
* \brief This function performs a GCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple
|
||||
* of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
|
@ -152,8 +161,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
|
||||
* \return 0 if successful and authenticated.
|
||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -175,10 +184,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or NULL if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0, \p add is NULL.
|
||||
* \param add The buffer holding the additional data, or NULL
|
||||
* if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0,
|
||||
* \p add is NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
|
@ -195,16 +206,18 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -222,7 +235,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
* \param tag The buffer for holding the tag.
|
||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
|
@ -236,22 +250,11 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||
*/
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* !MBEDTLS_GCM_ALT */
|
||||
#include "gcm_alt.h"
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The GCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_gcm_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file md.h
|
||||
*
|
||||
* \brief The generic message-digest wrapper.
|
||||
* \brief This file contains the generic message-digest wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
|
@ -46,7 +46,7 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Enumeration of supported message digests
|
||||
* \brief Supported message digests.
|
||||
*
|
||||
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
|
||||
* their use constitutes a security risk. We recommend considering
|
||||
|
@ -54,16 +54,16 @@ extern "C" {
|
|||
*
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_MD_NONE=0,
|
||||
MBEDTLS_MD_MD2,
|
||||
MBEDTLS_MD_MD4,
|
||||
MBEDTLS_MD_MD5,
|
||||
MBEDTLS_MD_SHA1,
|
||||
MBEDTLS_MD_SHA224,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_SHA512,
|
||||
MBEDTLS_MD_RIPEMD160,
|
||||
MBEDTLS_MD_NONE=0, /**< None. */
|
||||
MBEDTLS_MD_MD2, /**< The MD2 message digest. */
|
||||
MBEDTLS_MD_MD4, /**< The MD4 message digest. */
|
||||
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
|
||||
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
|
||||
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
|
||||
MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
|
||||
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
|
||||
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
|
||||
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
|
||||
} mbedtls_md_type_t;
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
|
@ -108,8 +108,8 @@ const int *mbedtls_md_list( void );
|
|||
*
|
||||
* \param md_name The name of the digest to search for.
|
||||
*
|
||||
* \return The message-digest information associated with \p md_name,
|
||||
* or NULL if not found.
|
||||
* \return The message-digest information associated with \p md_name.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
||||
|
||||
|
@ -119,8 +119,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
|||
*
|
||||
* \param md_type The type of digest to search for.
|
||||
*
|
||||
* \return The message-digest information associated with \p md_type,
|
||||
* or NULL if not found.
|
||||
* \return The message-digest information associated with \p md_type.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
|
||||
|
||||
|
@ -168,9 +168,10 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
|||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
|
@ -187,12 +188,13 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_
|
|||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param hmac <ul><li>0: HMAC is not used. Saves some memory.</li>
|
||||
* <li>non-zero: HMAC is used with this context.</li></ul>
|
||||
* \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
|
||||
* or non-zero: HMAC is used with this context.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or
|
||||
* #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
|
@ -212,8 +214,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
|
|||
* \param dst The destination context.
|
||||
* \param src The context to be cloned.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
@ -260,8 +262,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
|||
*
|
||||
* \param ctx The generic message-digest context.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
|
@ -277,8 +280,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
|||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
|
@ -296,8 +300,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
|
|||
* \param ctx The generic message-digest context.
|
||||
* \param output The buffer for the generic message-digest checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
|
@ -315,8 +320,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
|||
* \param ilen The length of the input data.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
@ -334,9 +340,10 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
|
|||
* \param path The input file name.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or
|
||||
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
|
||||
* the file pointed by \p path.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
*/
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
|
@ -356,8 +363,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
|||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC key in Bytes.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
@ -377,8 +385,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
@ -397,8 +406,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
|
|||
* context.
|
||||
* \param output The generic HMAC checksum result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
|
@ -413,8 +423,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
|||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
|
@ -436,8 +447,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
|||
* \param ilen The length of the input data.
|
||||
* \param output The generic HMAC result.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
|
|
|
@ -39,14 +39,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD2 context structure
|
||||
*
|
||||
|
@ -64,6 +64,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_md2_context;
|
||||
|
||||
#else /* MBEDTLS_MD2_ALT */
|
||||
#include "md2_alt.h"
|
||||
#endif /* MBEDTLS_MD2_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD2 context
|
||||
*
|
||||
|
@ -235,18 +239,6 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_MD2_ALT */
|
||||
#include "md2_alt.h"
|
||||
#endif /* MBEDTLS_MD2_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
|
|
|
@ -40,14 +40,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD4 context structure
|
||||
*
|
||||
|
@ -64,6 +64,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_md4_context;
|
||||
|
||||
#else /* MBEDTLS_MD4_ALT */
|
||||
#include "md4_alt.h"
|
||||
#endif /* MBEDTLS_MD4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD4 context
|
||||
*
|
||||
|
@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_MD4_ALT */
|
||||
#include "md4_alt.h"
|
||||
#endif /* MBEDTLS_MD4_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
|
|
|
@ -39,14 +39,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*
|
||||
|
@ -63,6 +63,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_md5_context;
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD5 context
|
||||
*
|
||||
|
@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
|
|
|
@ -46,12 +46,17 @@
|
|||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
|
||||
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
|
||||
#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */
|
||||
#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
|
||||
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
|
||||
|
||||
#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */
|
||||
#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -118,9 +123,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
|
|||
*
|
||||
* \param bind_ctx Relevant socket
|
||||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address
|
||||
* \param client_ip Will contain the client IP address, can be NULL
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written
|
||||
* \param ip_len Will receive the size of the client IP written,
|
||||
* can be NULL if client_ip is null
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
|
@ -132,6 +138,29 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
|||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len );
|
||||
|
||||
/**
|
||||
* \brief Check and wait for the context to be ready for read/write
|
||||
*
|
||||
* \param ctx Socket to check
|
||||
* \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
|
||||
* MBEDTLS_NET_POLL_WRITE specifying the events
|
||||
* to wait for:
|
||||
* - If MBEDTLS_NET_POLL_READ is set, the function
|
||||
* will return as soon as the net context is available
|
||||
* for reading.
|
||||
* - If MBEDTLS_NET_POLL_WRITE is set, the function
|
||||
* will return as soon as the net context is available
|
||||
* for writing.
|
||||
* \param timeout Maximal amount of time to wait before returning,
|
||||
* in milliseconds. If \c timeout is zero, the
|
||||
* function returns immediately. If \c timeout is
|
||||
* -1u, the function blocks potentially indefinitely.
|
||||
*
|
||||
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
|
||||
* on success or timeout, or a negative return code otherwise.
|
||||
*/
|
||||
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Set the socket blocking
|
||||
*
|
||||
|
|
|
@ -63,7 +63,7 @@
|
|||
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
|
||||
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
|
||||
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
|
||||
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -269,8 +269,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
|
|||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than sig_len,
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
|
@ -300,10 +300,10 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
|
||||
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
|
||||
* used for this type of signatures,
|
||||
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than sig_len,
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
/**
|
||||
* \file platform.h
|
||||
*
|
||||
* \brief The Mbed TLS platform abstraction layer.
|
||||
* \brief This file contains the definitions and functions of the
|
||||
* Mbed TLS platform abstraction layer.
|
||||
*
|
||||
* The platform abstraction layer removes the need for the library
|
||||
* to directly link to standard C library functions or operating
|
||||
* system services, making the library easier to port and embed.
|
||||
* Application developers and users of the library can provide their own
|
||||
* implementations of these functions, or implementations specific to
|
||||
* their platform, which can be statically linked to the library or
|
||||
* dynamically configured at runtime.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
|
@ -102,7 +111,7 @@ extern "C" {
|
|||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free
|
||||
* The function pointers for calloc and free.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
|
@ -116,7 +125,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size );
|
|||
extern void (*mbedtls_free)( void *ptr );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring custom memory-management functions.
|
||||
* \brief This function dynamically sets the memory-management
|
||||
* functions used by the library, during runtime.
|
||||
*
|
||||
* \param calloc_func The \c calloc function implementation.
|
||||
* \param free_func The \c free function implementation.
|
||||
|
@ -140,7 +150,9 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
|||
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring a custom \p fprintf function pointer.
|
||||
* \brief This function dynamically configures the fprintf
|
||||
* function that is called when the
|
||||
* mbedtls_fprintf() function is invoked by the library.
|
||||
*
|
||||
* \param fprintf_func The \c fprintf function implementation.
|
||||
*
|
||||
|
@ -163,8 +175,9 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char
|
|||
extern int (*mbedtls_printf)( const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring a custom \c printf function
|
||||
* pointer.
|
||||
* \brief This function dynamically configures the snprintf
|
||||
* function that is called when the mbedtls_snprintf()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param printf_func The \c printf function implementation.
|
||||
*
|
||||
|
@ -197,12 +210,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
|
|||
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring a custom \c snprintf function
|
||||
* pointer.
|
||||
* \brief This function allows configuring a custom
|
||||
* \c snprintf function pointer.
|
||||
*
|
||||
* \param snprintf_func The \c snprintf function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
const char * format, ... ) );
|
||||
|
@ -210,7 +223,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
|||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
|
||||
|
@ -221,12 +234,13 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
|||
extern void (*mbedtls_exit)( int status );
|
||||
|
||||
/**
|
||||
* \brief This function allows configuring a custom \c exit function
|
||||
* pointer.
|
||||
* \brief This function dynamically configures the exit
|
||||
* function that is called when the mbedtls_exit()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param exit_func The \c exit function implementation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#else
|
||||
|
@ -302,7 +316,7 @@ int mbedtls_platform_set_nv_seed(
|
|||
* setup or teardown operations.
|
||||
*/
|
||||
typedef struct {
|
||||
char dummy; /**< Placeholder member, as empty structs are not portable. */
|
||||
char dummy; /**< A placeholder member, as empty structs are not portable. */
|
||||
}
|
||||
mbedtls_platform_context;
|
||||
|
||||
|
@ -311,33 +325,34 @@ mbedtls_platform_context;
|
|||
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function performs any platform initialization operations.
|
||||
* \brief This function performs any platform-specific initialization
|
||||
* operations.
|
||||
*
|
||||
* \param ctx The Mbed TLS context.
|
||||
* \note This function should be called before any other library functions.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
* \note This function is intended to allow platform-specific initialization,
|
||||
* and should be called before any other library functions. Its
|
||||
* implementation is platform-specific, and unless
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether it is necessary to call it is dependent on the
|
||||
* platform.
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
|
||||
/**
|
||||
* \brief This function performs any platform teardown operations.
|
||||
*
|
||||
* \param ctx The Mbed TLS context.
|
||||
*
|
||||
* \note This function should be called after every other Mbed TLS module
|
||||
* has been correctly freed using the appropriate free function.
|
||||
*
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether it is necessary to call it is dependent on the
|
||||
* platform.
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
|
||||
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
/**
|
||||
* \file platform_util.h
|
||||
*
|
||||
* \brief Common and shared functions used by multiple modules in the Mbed TLS
|
||||
* library.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_UTIL_H
|
||||
#define MBEDTLS_PLATFORM_UTIL_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
* The function is meant to wipe the data contained in a buffer so
|
||||
* that it can no longer be recovered even if the program memory
|
||||
* is later compromised. Call this function on sensitive data
|
||||
* stored on the stack before returning from a function, and on
|
||||
* sensitive data stored on the heap before freeing the heap
|
||||
* object.
|
||||
*
|
||||
* It is extremely difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() are not removed by aggressive
|
||||
* compiler optimizations in a portable way. For this reason, Mbed
|
||||
* TLS provides the configuration option
|
||||
* MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
|
||||
* mbedtls_platform_zeroize() to use a suitable implementation for
|
||||
* their platform and needs
|
||||
*
|
||||
* \param buf Buffer to be zeroized
|
||||
* \param len Length of the buffer in bytes
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_zeroize( void *buf, size_t len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_UTIL_H */
|
|
@ -35,14 +35,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 context structure
|
||||
*/
|
||||
|
@ -54,6 +54,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_ripemd160_context;
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize RIPEMD-160 context
|
||||
*
|
||||
|
@ -178,18 +182,6 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160_alt.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -2,6 +2,37 @@
|
|||
* \file rsa_internal.h
|
||||
*
|
||||
* \brief Context-independent RSA helper functions
|
||||
*
|
||||
* This module declares some RSA-related helper functions useful when
|
||||
* implementing the RSA interface. These functions are provided in a separate
|
||||
* compilation unit in order to make it easy for designers of alternative RSA
|
||||
* implementations to use them in their own code, as it is conceived that the
|
||||
* functionality they provide will be necessary for most complete
|
||||
* implementations.
|
||||
*
|
||||
* End-users of Mbed TLS who are not providing their own alternative RSA
|
||||
* implementations should not use these functions directly, and should instead
|
||||
* use only the functions declared in rsa.h.
|
||||
*
|
||||
* The interface provided by this module will be maintained through LTS (Long
|
||||
* Term Support) branches of Mbed TLS, but may otherwise be subject to change,
|
||||
* and must be considered an internal interface of the library.
|
||||
*
|
||||
* There are two classes of helper functions:
|
||||
*
|
||||
* (1) Parameter-generating helpers. These are:
|
||||
* - mbedtls_rsa_deduce_primes
|
||||
* - mbedtls_rsa_deduce_private_exponent
|
||||
* - mbedtls_rsa_deduce_crt
|
||||
* Each of these functions takes a set of core RSA parameters and
|
||||
* generates some other, or CRT related parameters.
|
||||
*
|
||||
* (2) Parameter-checking helpers. These are:
|
||||
* - mbedtls_rsa_validate_params
|
||||
* - mbedtls_rsa_validate_crt
|
||||
* They take a set of core or CRT related RSA parameters and check their
|
||||
* validity.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
|
||||
|
@ -21,31 +52,6 @@
|
|||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*
|
||||
* This file declares some RSA-related helper functions useful when
|
||||
* implementing the RSA interface. They are public and provided in a
|
||||
* separate compilation unit in order to make it easy for designers of
|
||||
* alternative RSA implementations to use them in their code, as it is
|
||||
* conceived that the functionality they provide will be necessary
|
||||
* for most complete implementations.
|
||||
*
|
||||
* End-users of Mbed TLS not intending to re-implement the RSA functionality
|
||||
* are not expected to get into the need of making use of these functions directly,
|
||||
* but instead should be able to use the functions declared in rsa.h.
|
||||
*
|
||||
* There are two classes of helper functions:
|
||||
* (1) Parameter-generating helpers. These are:
|
||||
* - mbedtls_rsa_deduce_primes
|
||||
* - mbedtls_rsa_deduce_private_exponent
|
||||
* - mbedtls_rsa_deduce_crt
|
||||
* Each of these functions takes a set of core RSA parameters
|
||||
* and generates some other, or CRT related parameters.
|
||||
* (2) Parameter-checking helpers. These are:
|
||||
* - mbedtls_rsa_validate_params
|
||||
* - mbedtls_rsa_validate_crt
|
||||
* They take a set of core or CRT related RSA parameters
|
||||
* and check their validity.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_RSA_INTERNAL_H
|
||||
|
@ -213,4 +219,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
|||
const mbedtls_mpi *D, const mbedtls_mpi *DP,
|
||||
const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* rsa_internal.h */
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief The SHA-1 cryptographic hash function.
|
||||
* \brief This file contains SHA-1 definitions and functions.
|
||||
*
|
||||
* The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
|
||||
* <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. We recommend considering stronger message
|
||||
|
@ -39,14 +42,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-1 context structure.
|
||||
*
|
||||
|
@ -63,40 +66,44 @@ typedef struct
|
|||
}
|
||||
mbedtls_sha1_context;
|
||||
|
||||
#else /* MBEDTLS_SHA1_ALT */
|
||||
#include "sha1_alt.h"
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-1 context.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-1 context.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-1 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param dst The SHA-1 context to clone to.
|
||||
* \param src The SHA-1 context to clone from.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
@ -104,14 +111,14 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
|||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
||||
|
||||
|
@ -119,16 +126,15 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
|||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -138,31 +144,30 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
|||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only)
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
@ -174,65 +179,67 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context to be initialized.
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
@ -240,18 +247,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA1_ALT */
|
||||
#include "sha1_alt.h"
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
|
@ -261,15 +256,15 @@ extern "C" {
|
|||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 if successful
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_ret( const unsigned char *input,
|
||||
|
@ -283,7 +278,17 @@ int mbedtls_sha1_ret( const unsigned char *input,
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
|
||||
*
|
||||
|
@ -291,10 +296,6 @@ int mbedtls_sha1_ret( const unsigned char *input,
|
|||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -306,12 +307,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
|||
/**
|
||||
* \brief The SHA-1 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
/**
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief The SHA-224 and SHA-256 cryptographic hash function.
|
||||
* \brief This file contains SHA-224 and SHA-256 definitions and functions.
|
||||
*
|
||||
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
|
@ -35,14 +38,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-256 context structure.
|
||||
*
|
||||
|
@ -55,12 +58,15 @@ typedef struct
|
|||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
int is224; /*!< Determines which function to use.
|
||||
<ul><li>0: Use SHA-256.</li>
|
||||
<li>1: Use SHA-224.</li></ul> */
|
||||
int is224; /*!< Determines which function to use:
|
||||
0: Use SHA-256, or 1: Use SHA-224. */
|
||||
}
|
||||
mbedtls_sha256_context;
|
||||
|
||||
#else /* MBEDTLS_SHA256_ALT */
|
||||
#include "sha256_alt.h"
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
|
@ -89,9 +95,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
|||
* calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -101,9 +106,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
|||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -143,14 +148,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-256 checksum calculation.
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
|
@ -176,7 +182,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
|||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224or SHA-256 checksum result.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
@ -196,17 +202,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
|||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA256_ALT */
|
||||
#include "sha256_alt.h"
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-224 or SHA-256
|
||||
|
@ -221,9 +216,8 @@ extern "C" {
|
|||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -252,9 +246,8 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -267,7 +260,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
|||
/**
|
||||
* \brief The SHA-224 and SHA-256 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
/**
|
||||
* \file sha512.h
|
||||
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
|
||||
*
|
||||
* \brief The SHA-384 and SHA-512 cryptographic hash function.
|
||||
* The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
|
@ -35,14 +37,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The SHA-512 context structure.
|
||||
*
|
||||
|
@ -55,12 +57,15 @@ typedef struct
|
|||
uint64_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint64_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[128]; /*!< The data block being processed. */
|
||||
int is384; /*!< Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul> */
|
||||
int is384; /*!< Determines which function to use:
|
||||
0: Use SHA-512, or 1: Use SHA-384. */
|
||||
}
|
||||
mbedtls_sha512_context;
|
||||
|
||||
#else /* MBEDTLS_SHA512_ALT */
|
||||
#include "sha512_alt.h"
|
||||
#endif /* MBEDTLS_SHA512_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes a SHA-512 context.
|
||||
*
|
||||
|
@ -89,9 +94,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
|||
* calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -148,9 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 );
|
||||
|
@ -159,7 +162,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
|||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the data.
|
||||
|
@ -173,7 +176,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
|||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
|
@ -186,7 +189,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
|||
* the ongoing SHA-512 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
|
@ -198,18 +201,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
|||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA512_ALT */
|
||||
#include "sha512_alt.h"
|
||||
#endif /* MBEDTLS_SHA512_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
|
@ -223,9 +214,8 @@ extern "C" {
|
|||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
|
@ -255,9 +245,8 @@ int mbedtls_sha512_ret( const unsigned char *input,
|
|||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use.
|
||||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -269,7 +258,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
|||
/**
|
||||
* \brief The SHA-384 or SHA-512 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -112,13 +112,14 @@
|
|||
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
|
||||
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
|
||||
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
|
||||
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */
|
||||
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */
|
||||
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
|
||||
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
|
||||
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
|
||||
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
|
||||
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
|
||||
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
||||
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
|
@ -682,10 +683,18 @@ struct mbedtls_ssl_config
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char *psk; /*!< pre-shared key */
|
||||
size_t psk_len; /*!< length of the pre-shared key */
|
||||
unsigned char *psk_identity; /*!< identity for PSK negotiation */
|
||||
size_t psk_identity_len;/*!< length of identity */
|
||||
unsigned char *psk; /*!< pre-shared key. This field should
|
||||
only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
size_t psk_len; /*!< length of the pre-shared key. This
|
||||
field should only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
unsigned char *psk_identity; /*!< identity for PSK negotiation. This
|
||||
field should only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
size_t psk_identity_len;/*!< length of identity. This field should
|
||||
only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
|
@ -937,14 +946,6 @@ extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
|
|||
extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
/**
|
||||
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
|
||||
*
|
||||
* \return a statically allocated array of ciphersuites, the last
|
||||
* entry is 0.
|
||||
*/
|
||||
const int *mbedtls_ssl_list_ciphersuites( void );
|
||||
|
||||
/**
|
||||
* \brief Return the name of the ciphersuite associated with the
|
||||
* given ID
|
||||
|
@ -1601,6 +1602,10 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
|
|||
/**
|
||||
* \brief Set the data required to verify peer certificate
|
||||
*
|
||||
* \note See \c mbedtls_x509_crt_verify() for notes regarding the
|
||||
* parameters ca_chain (maps to trust_ca for that function)
|
||||
* and ca_crl.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
|
||||
* \param ca_crl trusted CA CRLs
|
||||
|
@ -1841,21 +1846,21 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set or reset the hostname to check against the received
|
||||
* server certificate. It sets the ServerName TLS extension,
|
||||
* \brief Set or reset the hostname to check against the received
|
||||
* server certificate. It sets the ServerName TLS extension,
|
||||
* too, if that extension is enabled. (client-side only)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param hostname the server hostname, may be NULL to clear hostname
|
||||
|
||||
|
||||
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
|
||||
*
|
||||
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
|
||||
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
|
||||
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
|
||||
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
|
||||
* too long input hostname.
|
||||
*
|
||||
* Hostname set to the one provided on success (cleared
|
||||
* when NULL). On allocation failure hostname is cleared.
|
||||
* when NULL). On allocation failure hostname is cleared.
|
||||
* On too long input failure, old hostname is unchanged.
|
||||
*/
|
||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||
|
@ -2289,11 +2294,59 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
|
|||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
/**
|
||||
* \brief Return the number of data bytes available to read
|
||||
* \brief Check if there is data already read from the
|
||||
* underlying transport but not yet processed.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return how many bytes are available in the read buffer
|
||||
* \return 0 if nothing's pending, 1 otherwise.
|
||||
*
|
||||
* \note This is different in purpose and behaviour from
|
||||
* \c mbedtls_ssl_get_bytes_avail in that it considers
|
||||
* any kind of unprocessed data, not only unread
|
||||
* application data. If \c mbedtls_ssl_get_bytes
|
||||
* returns a non-zero value, this function will
|
||||
* also signal pending data, but the converse does
|
||||
* not hold. For example, in DTLS there might be
|
||||
* further records waiting to be processed from
|
||||
* the current underlying transport's datagram.
|
||||
*
|
||||
* \note If this function returns 1 (data pending), this
|
||||
* does not imply that a subsequent call to
|
||||
* \c mbedtls_ssl_read will provide any data;
|
||||
* e.g., the unprocessed data might turn out
|
||||
* to be an alert or a handshake message.
|
||||
*
|
||||
* \note This function is useful in the following situation:
|
||||
* If the SSL/TLS module successfully returns from an
|
||||
* operation - e.g. a handshake or an application record
|
||||
* read - and you're awaiting incoming data next, you
|
||||
* must not immediately idle on the underlying transport
|
||||
* to have data ready, but you need to check the value
|
||||
* of this function first. The reason is that the desired
|
||||
* data might already be read but not yet processed.
|
||||
* If, in contrast, a previous call to the SSL/TLS module
|
||||
* returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
|
||||
* to call this function, as the latter error code entails
|
||||
* that all internal data has been processed.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the number of application data bytes
|
||||
* remaining to be read from the current record.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return How many bytes are available in the application
|
||||
* data record read buffer.
|
||||
*
|
||||
* \note When working over a datagram transport, this is
|
||||
* useful to detect the current datagram's boundary
|
||||
* in case \c mbedtls_ssl_read has written the maximal
|
||||
* amount of data fitting into the input buffer.
|
||||
*
|
||||
*/
|
||||
size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
|
||||
|
||||
|
@ -2408,11 +2461,25 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
|
|||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
|
||||
* a specific SSL error code.
|
||||
*
|
||||
* If this function returns MBEDTLS_ERR_SSL_WANT_READ, the
|
||||
* handshake is unfinished and no further data is available
|
||||
* from the underlying transport. In this case, you must call
|
||||
* the function again at some later stage.
|
||||
*
|
||||
* \note Remarks regarding event-driven DTLS:
|
||||
* If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
|
||||
* from the underlying transport layer is currently being processed,
|
||||
* and it is safe to idle until the timer or the underlying transport
|
||||
* signal a new event. This is not true for a successful handshake,
|
||||
* in which case the datagram of the underlying transport that is
|
||||
* currently being processed might or might not contain further
|
||||
* DTLS records.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note If DTLS is in use, then you may choose to handle
|
||||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
|
||||
|
@ -2429,10 +2496,10 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
|
|||
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
|
@ -2456,10 +2523,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
|
|||
* value.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
@ -2471,20 +2538,20 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
|||
* \param buf buffer that will hold the data
|
||||
* \param len maximum number of bytes to read
|
||||
*
|
||||
* \return the number of bytes read, or
|
||||
* 0 for EOF, or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
|
||||
* another negative error code.
|
||||
* \return One of the following:
|
||||
* - 0 if the read end of the underlying transport was closed,
|
||||
* - the (positive) number of bytes read, or
|
||||
* - a negative error code on failure.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data
|
||||
* is available from the underlying transport. In this case,
|
||||
* the function needs to be called again at some later stage.
|
||||
*
|
||||
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending
|
||||
* but the underlying transport isn't available for writing. In this
|
||||
* case, the function needs to be called again at some later stage.
|
||||
*
|
||||
* When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* (which can only happen server-side), it means that a client
|
||||
* is initiating a new connection using the same source port.
|
||||
* You can either treat that as a connection close and wait
|
||||
|
@ -2497,6 +2564,28 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
|||
* again. WARNING: not validating the identity of the client
|
||||
* again, or not transmitting the new identity to the
|
||||
* application layer, would allow authentication bypass!
|
||||
*
|
||||
* \note If this function returns something other than a positive value
|
||||
* or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
|
||||
* you must stop using the SSL context for reading or writing,
|
||||
* and either free it or call \c mbedtls_ssl_session_reset() on it
|
||||
* before re-using it for a new connection; the current connection
|
||||
* must be closed.
|
||||
*
|
||||
* \note Remarks regarding event-driven DTLS:
|
||||
* - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
|
||||
* from the underlying transport layer is currently being processed,
|
||||
* and it is safe to idle until the timer or the underlying transport
|
||||
* signal a new event.
|
||||
* - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
|
||||
* initially available on the underlying transport, as this data may have
|
||||
* been only e.g. duplicated messages or a renegotiation request.
|
||||
* Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
|
||||
* when reacting to an incoming-data event from the underlying transport.
|
||||
* - On success, the datagram of the underlying transport that is currently
|
||||
* being processed may contain further DTLS records. You should call
|
||||
* \c mbedtls_ssl_check_pending to check for remaining records.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
|
||||
|
||||
|
@ -2517,15 +2606,17 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
|
||||
* or another negative error code.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* \note If this function returns something other than a positive value
|
||||
* or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||
* it must be called later with the *same* arguments,
|
||||
* until it returns a positive value.
|
||||
* until it returns a positive value. When the function returns
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
|
||||
* data in the output buffer, however this is not yet sent.
|
||||
*
|
||||
* \note If the requested length is greater than the maximum
|
||||
* fragment length (either the built-in limit or the one set
|
||||
|
@ -2548,10 +2639,10 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
|||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||
unsigned char level,
|
||||
|
@ -2564,10 +2655,10 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
|||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
|
|
@ -169,6 +169,45 @@ extern "C" {
|
|||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
||||
|
@ -267,7 +306,7 @@ typedef enum {
|
|||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
|
||||
#endif
|
||||
|
||||
|
|
|
@ -96,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
|
|||
/*
|
||||
* Global mutexes
|
||||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
|
||||
#endif
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -30,16 +30,16 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief timer structure
|
||||
*/
|
||||
|
@ -58,6 +58,10 @@ typedef struct
|
|||
uint32_t fin_ms;
|
||||
} mbedtls_timing_delay_context;
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
extern volatile int mbedtls_timing_alarmed;
|
||||
|
||||
/**
|
||||
|
@ -133,18 +137,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
|||
*/
|
||||
int mbedtls_timing_get_delay( void *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 8
|
||||
#define MBEDTLS_VERSION_MINOR 10
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
|
@ -47,9 +47,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02080000
|
||||
#define MBEDTLS_VERSION_STRING "2.8.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x020A0000
|
||||
#define MBEDTLS_VERSION_STRING "2.10.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.10.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -287,8 +287,15 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
|||
* used to sign the certificate, CRL verification is skipped
|
||||
* silently, that is *without* setting any flag.
|
||||
*
|
||||
* \note The \c trust_ca list can contain two types of certificates:
|
||||
* (1) those of trusted root CAs, so that certificates
|
||||
* chaining up to those CAs will be trusted, and (2)
|
||||
* self-signed end-entity certificates to be trusted (for
|
||||
* specific peers you know) - in that case, the self-signed
|
||||
* certificate doesn't need to have the CA bit set.
|
||||
*
|
||||
* \param crt a certificate (chain) to be verified
|
||||
* \param trust_ca the list of trusted CAs
|
||||
* \param trust_ca the list of trusted CAs (see note above)
|
||||
* \param ca_crl the list of CRLs for trusted CAs (see note above)
|
||||
* \param cn expected Common Name (can be set to
|
||||
* NULL if the CN must not be verified)
|
||||
|
|
|
@ -39,14 +39,14 @@
|
|||
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
|
||||
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief XTEA context structure
|
||||
*/
|
||||
|
@ -56,6 +56,10 @@ typedef struct
|
|||
}
|
||||
mbedtls_xtea_context;
|
||||
|
||||
#else /* MBEDTLS_XTEA_ALT */
|
||||
#include "xtea_alt.h"
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize XTEA context
|
||||
*
|
||||
|
@ -115,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
|
|||
unsigned char *output);
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_XTEA_ALT */
|
||||
#include "xtea_alt.h"
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
#include "mbedtls/padlock.h"
|
||||
#endif
|
||||
|
@ -54,11 +55,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -201,6 +197,8 @@ static const unsigned char FSb[256] =
|
|||
static const uint32_t FT0[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a,b,c,d) 0x##b##c##d##a
|
||||
static const uint32_t FT1[256] = { FT };
|
||||
#undef V
|
||||
|
@ -213,6 +211,8 @@ static const uint32_t FT2[256] = { FT };
|
|||
static const uint32_t FT3[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#undef FT
|
||||
|
||||
/*
|
||||
|
@ -328,6 +328,8 @@ static const unsigned char RSb[256] =
|
|||
static const uint32_t RT0[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a,b,c,d) 0x##b##c##d##a
|
||||
static const uint32_t RT1[256] = { RT };
|
||||
#undef V
|
||||
|
@ -340,6 +342,8 @@ static const uint32_t RT2[256] = { RT };
|
|||
static const uint32_t RT3[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#undef RT
|
||||
|
||||
/*
|
||||
|
@ -359,18 +363,22 @@ static const uint32_t RCON[10] =
|
|||
*/
|
||||
static unsigned char FSb[256];
|
||||
static uint32_t FT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t FT1[256];
|
||||
static uint32_t FT2[256];
|
||||
static uint32_t FT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
/*
|
||||
* Reverse S-box & tables
|
||||
*/
|
||||
static unsigned char RSb[256];
|
||||
static uint32_t RT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t RT1[256];
|
||||
static uint32_t RT2[256];
|
||||
static uint32_t RT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
/*
|
||||
* Round constants
|
||||
|
@ -445,9 +453,11 @@ static void aes_gen_tables( void )
|
|||
( (uint32_t) x << 16 ) ^
|
||||
( (uint32_t) z << 24 );
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
FT1[i] = ROTL8( FT0[i] );
|
||||
FT2[i] = ROTL8( FT1[i] );
|
||||
FT3[i] = ROTL8( FT2[i] );
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
x = RSb[i];
|
||||
|
||||
|
@ -456,14 +466,48 @@ static void aes_gen_tables( void )
|
|||
( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
|
||||
( (uint32_t) MUL( 0x0B, x ) << 24 );
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
RT1[i] = ROTL8( RT0[i] );
|
||||
RT2[i] = ROTL8( RT1[i] );
|
||||
RT3[i] = ROTL8( RT2[i] );
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
}
|
||||
}
|
||||
|
||||
#undef ROTL8
|
||||
|
||||
#endif /* MBEDTLS_AES_ROM_TABLES */
|
||||
|
||||
#if defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
|
||||
#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
|
||||
#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
|
||||
|
||||
#define AES_RT0(idx) RT0[idx]
|
||||
#define AES_RT1(idx) ROTL8( RT0[idx] )
|
||||
#define AES_RT2(idx) ROTL16( RT0[idx] )
|
||||
#define AES_RT3(idx) ROTL24( RT0[idx] )
|
||||
|
||||
#define AES_FT0(idx) FT0[idx]
|
||||
#define AES_FT1(idx) ROTL8( FT0[idx] )
|
||||
#define AES_FT2(idx) ROTL16( FT0[idx] )
|
||||
#define AES_FT3(idx) ROTL24( FT0[idx] )
|
||||
|
||||
#else /* MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#define AES_RT0(idx) RT0[idx]
|
||||
#define AES_RT1(idx) RT1[idx]
|
||||
#define AES_RT2(idx) RT2[idx]
|
||||
#define AES_RT3(idx) RT3[idx]
|
||||
|
||||
#define AES_FT0(idx) FT0[idx]
|
||||
#define AES_FT1(idx) FT1[idx]
|
||||
#define AES_FT2(idx) FT2[idx]
|
||||
#define AES_FT3(idx) FT3[idx]
|
||||
|
||||
#endif /* MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
||||
|
@ -474,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -641,10 +685,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
{
|
||||
for( j = 0; j < 4; j++, SK++ )
|
||||
{
|
||||
*RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
|
||||
RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
|
||||
RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
|
||||
RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
|
||||
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
|
||||
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
|
||||
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
|
||||
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -660,50 +704,50 @@ exit:
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
|
||||
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y3 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y0 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y1 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y2 >> 24 ) & 0xFF ]; \
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y1 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y2 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y3 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y0 >> 24 ) & 0xFF ]; \
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1034,6 +1078,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
|||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
|
||||
if ( n > 0x0F )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
|
|
|
@ -32,6 +32,12 @@
|
|||
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include "mbedtls/aesni.h"
|
||||
|
||||
#include <string.h>
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_ARC4_C)
|
||||
|
||||
#include "mbedtls/arc4.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -47,11 +48,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
|
||||
|
@ -62,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -28,6 +28,7 @@
|
|||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -43,11 +44,6 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* ASN.1 DER decoding routines
|
||||
*/
|
||||
|
@ -313,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,
|
|||
|
||||
if( *p == end )
|
||||
{
|
||||
mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
|
||||
mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -358,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
|
|||
mbedtls_free( cur->oid.p );
|
||||
mbedtls_free( cur->val.p );
|
||||
|
||||
mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
|
||||
mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
|
||||
}
|
||||
|
||||
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
|
||||
|
|
|
@ -232,10 +232,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
|
|||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
// TODO negative values and values larger than 128
|
||||
// DER format assumes 2s complement for numbers, so the leftmost bit
|
||||
// should be 0 for positive numbers and 1 for negative numbers.
|
||||
//
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/bn_mul.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -58,16 +59,6 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
|
||||
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
|
||||
#define biL (ciL << 3) /* bits in limb */
|
||||
#define biH (ciL << 2) /* half limb size */
|
||||
|
@ -81,6 +72,12 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
|
||||
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
|
||||
{
|
||||
mbedtls_platform_zeroize( v, ciL * n );
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize one MPI
|
||||
*/
|
||||
|
@ -184,7 +181,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
|||
*/
|
||||
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
|
||||
{
|
||||
int ret;
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
|
||||
if( X == Y )
|
||||
|
@ -203,9 +200,15 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
|
|||
|
||||
X->s = Y->s;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
|
||||
if( X->n < i )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
memset( X->p + i, 0, ( X->n - i ) * ciL );
|
||||
}
|
||||
|
||||
memset( X->p, 0, X->n * ciL );
|
||||
memcpy( X->p, Y->p, i * ciL );
|
||||
|
||||
cleanup:
|
||||
|
@ -963,7 +966,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
|
|||
while( c != 0 )
|
||||
{
|
||||
z = ( *d < c ); *d -= c;
|
||||
c = z; i++; d++;
|
||||
c = z; d++;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1201,8 +1204,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
||||
|
||||
for( i++; j > 0; j-- )
|
||||
mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
|
||||
for( ; j > 0; j-- )
|
||||
mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
|
||||
|
||||
X->s = A->s * B->s;
|
||||
|
||||
|
@ -1891,7 +1894,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -2188,12 +2191,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
|
|||
|
||||
/*
|
||||
* Prime number generation
|
||||
*
|
||||
* If dh_flag is 0 and nbits is at least 1024, then the procedure
|
||||
* follows the RSA probably-prime generation method of FIPS 186-4.
|
||||
* NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536.
|
||||
*/
|
||||
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
#ifdef MBEDTLS_HAVE_INT64
|
||||
// ceil(2^63.5)
|
||||
#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL
|
||||
#else
|
||||
// ceil(2^31.5)
|
||||
#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U
|
||||
#endif
|
||||
int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
|
||||
size_t k, n;
|
||||
mbedtls_mpi_uint r;
|
||||
mbedtls_mpi Y;
|
||||
|
@ -2205,69 +2219,66 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
|
|||
|
||||
n = BITS_TO_LIMBS( nbits );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
|
||||
|
||||
k = mbedtls_mpi_bitlen( X );
|
||||
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
|
||||
|
||||
mbedtls_mpi_set_bit( X, nbits-1, 1 );
|
||||
|
||||
X->p[0] |= 1;
|
||||
|
||||
if( dh_flag == 0 )
|
||||
while( 1 )
|
||||
{
|
||||
while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
|
||||
/* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
|
||||
if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
|
||||
|
||||
k = n * biL;
|
||||
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
|
||||
X->p[0] |= 1;
|
||||
|
||||
if( dh_flag == 0 )
|
||||
{
|
||||
ret = mbedtls_mpi_is_prime( X, f_rng, p_rng );
|
||||
|
||||
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
|
||||
goto cleanup;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
* An necessary condition for Y and X = 2Y + 1 to be prime
|
||||
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
|
||||
* Make sure it is satisfied, while keeping X = 3 mod 4
|
||||
*/
|
||||
|
||||
X->p[0] |= 2;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
|
||||
if( r == 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
|
||||
else if( r == 1 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
|
||||
|
||||
/* Set Y = (X-1) / 2, which is X / 2 because X is odd */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
|
||||
|
||||
while( 1 )
|
||||
else
|
||||
{
|
||||
/*
|
||||
* First, check small factors for X and Y
|
||||
* before doing Miller-Rabin on any of them
|
||||
* An necessary condition for Y and X = 2Y + 1 to be prime
|
||||
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
|
||||
* Make sure it is satisfied, while keeping X = 3 mod 4
|
||||
*/
|
||||
if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
|
||||
( ret = mpi_check_small_factors( &Y ) ) == 0 &&
|
||||
( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
|
||||
( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
|
||||
|
||||
X->p[0] |= 2;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
|
||||
if( r == 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
|
||||
else if( r == 1 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
|
||||
|
||||
/* Set Y = (X-1) / 2, which is X / 2 because X is odd */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
|
||||
|
||||
while( 1 )
|
||||
{
|
||||
break;
|
||||
/*
|
||||
* First, check small factors for X and Y
|
||||
* before doing Miller-Rabin on any of them
|
||||
*/
|
||||
if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
|
||||
( ret = mpi_check_small_factors( &Y ) ) == 0 &&
|
||||
( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
|
||||
( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
|
||||
goto cleanup;
|
||||
|
||||
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
|
||||
goto cleanup;
|
||||
|
||||
/*
|
||||
* Next candidates. We want to preserve Y = (X-1) / 2 and
|
||||
* Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
|
||||
* so up Y by 6 and X by 12.
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
|
||||
goto cleanup;
|
||||
|
||||
/*
|
||||
* Next candidates. We want to preserve Y = (X-1) / 2 and
|
||||
* Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
|
||||
* so up Y by 6 and X by 12.
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -34,16 +34,12 @@
|
|||
#if defined(MBEDTLS_BLOWFISH_C)
|
||||
|
||||
#include "mbedtls/blowfish.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -165,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
||||
#include "mbedtls/camellia.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -48,11 +49,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -333,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
#if defined(MBEDTLS_CCM_C)
|
||||
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -51,11 +52,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
#define CCM_DECRYPT 1
|
||||
|
||||
|
@ -102,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
|
||||
{
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -343,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
|
||||
if( diff != 0 )
|
||||
{
|
||||
mbedtls_zeroize( output, length );
|
||||
mbedtls_platform_zeroize( output, length );
|
||||
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/cipher_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -60,11 +61,6 @@
|
|||
#define MBEDTLS_CIPHER_MODE_STREAM
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static int supported_init = 0;
|
||||
|
||||
const int *mbedtls_cipher_list( void )
|
||||
|
@ -141,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
|
|||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( ctx->cmac_ctx )
|
||||
{
|
||||
mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
|
||||
mbedtls_platform_zeroize( ctx->cmac_ctx,
|
||||
sizeof( mbedtls_cmac_context_t ) );
|
||||
mbedtls_free( ctx->cmac_ctx );
|
||||
}
|
||||
#endif
|
||||
|
@ -149,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
|
|||
if( ctx->cipher_ctx )
|
||||
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
|
||||
}
|
||||
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
|
||||
|
@ -325,8 +322,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
/*
|
||||
* If there is not enough data for a full block, cache it.
|
||||
*/
|
||||
if( ( ctx->operation == MBEDTLS_DECRYPT &&
|
||||
if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
|
||||
ilen <= block_size - ctx->unprocessed_len ) ||
|
||||
( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
|
||||
ilen < block_size - ctx->unprocessed_len ) ||
|
||||
( ctx->operation == MBEDTLS_ENCRYPT &&
|
||||
ilen < block_size - ctx->unprocessed_len ) )
|
||||
{
|
||||
|
@ -372,9 +371,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
}
|
||||
|
||||
/* Encryption: only cache partial blocks
|
||||
* Decryption w/ padding: always keep at least one whole block
|
||||
* Decryption w/o padding: only cache partial blocks
|
||||
*/
|
||||
copy_len = ilen % block_size;
|
||||
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
|
||||
if( copy_len == 0 &&
|
||||
ctx->operation == MBEDTLS_DECRYPT &&
|
||||
NULL != ctx->add_padding)
|
||||
{
|
||||
copy_len = block_size;
|
||||
}
|
||||
|
||||
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
|
||||
copy_len );
|
||||
|
|
|
@ -45,6 +45,10 @@
|
|||
#include "mbedtls/camellia.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
#include "mbedtls/aria.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
#include "mbedtls/des.h"
|
||||
#endif
|
||||
|
@ -822,6 +826,364 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
|
|||
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
|
||||
static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
|
||||
const unsigned char *input, unsigned char *output )
|
||||
{
|
||||
(void) operation;
|
||||
return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
|
||||
output );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
|
||||
size_t length, unsigned char *iv,
|
||||
const unsigned char *input, unsigned char *output )
|
||||
{
|
||||
return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
|
||||
input, output );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
|
||||
size_t length, size_t *iv_off, unsigned char *iv,
|
||||
const unsigned char *input, unsigned char *output )
|
||||
{
|
||||
return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
|
||||
iv_off, iv, input, output );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
|
||||
unsigned char *nonce_counter, unsigned char *stream_block,
|
||||
const unsigned char *input, unsigned char *output )
|
||||
{
|
||||
return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
|
||||
nonce_counter, stream_block, input, output );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen )
|
||||
{
|
||||
return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
|
||||
}
|
||||
|
||||
static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen )
|
||||
{
|
||||
return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
|
||||
}
|
||||
|
||||
static void * aria_ctx_alloc( void )
|
||||
{
|
||||
mbedtls_aria_context *ctx;
|
||||
ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
|
||||
|
||||
if( ctx == NULL )
|
||||
return( NULL );
|
||||
|
||||
mbedtls_aria_init( ctx );
|
||||
|
||||
return( ctx );
|
||||
}
|
||||
|
||||
static void aria_ctx_free( void *ctx )
|
||||
{
|
||||
mbedtls_aria_free( (mbedtls_aria_context *) ctx );
|
||||
mbedtls_free( ctx );
|
||||
}
|
||||
|
||||
static const mbedtls_cipher_base_t aria_info = {
|
||||
MBEDTLS_CIPHER_ID_ARIA,
|
||||
aria_crypt_ecb_wrap,
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
aria_crypt_cbc_wrap,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
aria_crypt_cfb128_wrap,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
aria_crypt_ctr_wrap,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
NULL,
|
||||
#endif
|
||||
aria_setkey_enc_wrap,
|
||||
aria_setkey_dec_wrap,
|
||||
aria_ctx_alloc,
|
||||
aria_ctx_free
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_128_ecb_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_ECB,
|
||||
MBEDTLS_MODE_ECB,
|
||||
128,
|
||||
"ARIA-128-ECB",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_ecb_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_ECB,
|
||||
MBEDTLS_MODE_ECB,
|
||||
192,
|
||||
"ARIA-192-ECB",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_ecb_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_ECB,
|
||||
MBEDTLS_MODE_ECB,
|
||||
256,
|
||||
"ARIA-256-ECB",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
static const mbedtls_cipher_info_t aria_128_cbc_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC,
|
||||
MBEDTLS_MODE_CBC,
|
||||
128,
|
||||
"ARIA-128-CBC",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_cbc_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_CBC,
|
||||
MBEDTLS_MODE_CBC,
|
||||
192,
|
||||
"ARIA-192-CBC",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_cbc_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC,
|
||||
MBEDTLS_MODE_CBC,
|
||||
256,
|
||||
"ARIA-256-CBC",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
static const mbedtls_cipher_info_t aria_128_cfb128_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_CFB128,
|
||||
MBEDTLS_MODE_CFB,
|
||||
128,
|
||||
"ARIA-128-CFB128",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_cfb128_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_CFB128,
|
||||
MBEDTLS_MODE_CFB,
|
||||
192,
|
||||
"ARIA-192-CFB128",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_cfb128_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_CFB128,
|
||||
MBEDTLS_MODE_CFB,
|
||||
256,
|
||||
"ARIA-256-CFB128",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
static const mbedtls_cipher_info_t aria_128_ctr_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_CTR,
|
||||
MBEDTLS_MODE_CTR,
|
||||
128,
|
||||
"ARIA-128-CTR",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_ctr_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_CTR,
|
||||
MBEDTLS_MODE_CTR,
|
||||
192,
|
||||
"ARIA-192-CTR",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_ctr_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_CTR,
|
||||
MBEDTLS_MODE_CTR,
|
||||
256,
|
||||
"ARIA-256-CTR",
|
||||
16,
|
||||
0,
|
||||
16,
|
||||
&aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen )
|
||||
{
|
||||
return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
|
||||
key, key_bitlen );
|
||||
}
|
||||
|
||||
static const mbedtls_cipher_base_t gcm_aria_info = {
|
||||
MBEDTLS_CIPHER_ID_ARIA,
|
||||
NULL,
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
NULL,
|
||||
#endif
|
||||
gcm_aria_setkey_wrap,
|
||||
gcm_aria_setkey_wrap,
|
||||
gcm_ctx_alloc,
|
||||
gcm_ctx_free,
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_128_gcm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM,
|
||||
MBEDTLS_MODE_GCM,
|
||||
128,
|
||||
"ARIA-128-GCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&gcm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_gcm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_GCM,
|
||||
MBEDTLS_MODE_GCM,
|
||||
192,
|
||||
"ARIA-192-GCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&gcm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_gcm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM,
|
||||
MBEDTLS_MODE_GCM,
|
||||
256,
|
||||
"ARIA-256-GCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&gcm_aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_bitlen )
|
||||
{
|
||||
return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
|
||||
key, key_bitlen );
|
||||
}
|
||||
|
||||
static const mbedtls_cipher_base_t ccm_aria_info = {
|
||||
MBEDTLS_CIPHER_ID_ARIA,
|
||||
NULL,
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
NULL,
|
||||
#endif
|
||||
ccm_aria_setkey_wrap,
|
||||
ccm_aria_setkey_wrap,
|
||||
ccm_ctx_alloc,
|
||||
ccm_ctx_free,
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_128_ccm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_128_CCM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
128,
|
||||
"ARIA-128-CCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_192_ccm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_192_CCM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
192,
|
||||
"ARIA-192-CCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
|
||||
static const mbedtls_cipher_info_t aria_256_ccm_info = {
|
||||
MBEDTLS_CIPHER_ARIA_256_CCM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
256,
|
||||
"ARIA-256-CCM",
|
||||
12,
|
||||
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
|
||||
16,
|
||||
&ccm_aria_info
|
||||
};
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
|
||||
static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
|
||||
|
@ -1427,6 +1789,37 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
|
|||
#endif
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_ECB, &aria_128_ecb_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_ECB, &aria_192_ecb_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_ECB, &aria_256_ecb_info },
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_CBC, &aria_128_cbc_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CBC, &aria_192_cbc_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CBC, &aria_256_cbc_info },
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_CFB128, &aria_128_cfb128_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CFB128, &aria_192_cfb128_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CFB128, &aria_256_cfb128_info },
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_CTR, &aria_128_ctr_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CTR, &aria_192_ctr_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CTR, &aria_256_ctr_info },
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_GCM, &aria_128_gcm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_GCM, &aria_192_gcm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_GCM, &aria_256_gcm_info },
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
{ MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info },
|
||||
{ MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info },
|
||||
#endif
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
{ MBEDTLS_CIPHER_DES_ECB, &des_ecb_info },
|
||||
{ MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info },
|
||||
|
|
|
@ -49,6 +49,7 @@
|
|||
#if defined(MBEDTLS_CMAC_C)
|
||||
|
||||
#include "mbedtls/cmac.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -67,11 +68,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Multiplication by u in the Galois field of GF(2^n)
|
||||
*
|
||||
|
@ -144,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
|
|||
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
size_t olen, block_size;
|
||||
|
||||
mbedtls_zeroize( L, sizeof( L ) );
|
||||
mbedtls_platform_zeroize( L, sizeof( L ) );
|
||||
|
||||
block_size = ctx->cipher_info->block_size;
|
||||
|
||||
|
@ -162,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
|
|||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( L, sizeof( L ) );
|
||||
mbedtls_platform_zeroize( L, sizeof( L ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -238,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
|||
|
||||
ctx->cmac_ctx = cmac_ctx;
|
||||
|
||||
mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
|
||||
mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -330,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
|||
block_size = ctx->cipher_info->block_size;
|
||||
state = cmac_ctx->state;
|
||||
|
||||
mbedtls_zeroize( K1, sizeof( K1 ) );
|
||||
mbedtls_zeroize( K2, sizeof( K2 ) );
|
||||
mbedtls_platform_zeroize( K1, sizeof( K1 ) );
|
||||
mbedtls_platform_zeroize( K2, sizeof( K2 ) );
|
||||
cmac_generate_subkeys( ctx, K1, K2 );
|
||||
|
||||
last_block = cmac_ctx->unprocessed_block;
|
||||
|
@ -361,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
|||
exit:
|
||||
/* Wipe the generated keys on the stack, and any other transients to avoid
|
||||
* side channel leakage */
|
||||
mbedtls_zeroize( K1, sizeof( K1 ) );
|
||||
mbedtls_zeroize( K2, sizeof( K2 ) );
|
||||
mbedtls_platform_zeroize( K1, sizeof( K1 ) );
|
||||
mbedtls_platform_zeroize( K2, sizeof( K2 ) );
|
||||
|
||||
cmac_ctx->unprocessed_len = 0;
|
||||
mbedtls_zeroize( cmac_ctx->unprocessed_block,
|
||||
sizeof( cmac_ctx->unprocessed_block ) );
|
||||
mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
|
||||
sizeof( cmac_ctx->unprocessed_block ) );
|
||||
|
||||
mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
|
||||
mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -383,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
|
|||
|
||||
/* Reset the internal state */
|
||||
cmac_ctx->unprocessed_len = 0;
|
||||
mbedtls_zeroize( cmac_ctx->unprocessed_block,
|
||||
sizeof( cmac_ctx->unprocessed_block ) );
|
||||
mbedtls_zeroize( cmac_ctx->state,
|
||||
sizeof( cmac_ctx->state ) );
|
||||
mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
|
||||
sizeof( cmac_ctx->unprocessed_block ) );
|
||||
mbedtls_platform_zeroize( cmac_ctx->state,
|
||||
sizeof( cmac_ctx->state ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -466,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
|
|||
output );
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( int_key, sizeof( int_key ) );
|
||||
mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -771,7 +767,7 @@ static int cmac_test_subkeys( int verbose,
|
|||
int block_size,
|
||||
int num_tests )
|
||||
{
|
||||
int i, ret;
|
||||
int i, ret = 0;
|
||||
mbedtls_cipher_context_t ctx;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
@ -853,7 +849,7 @@ static int cmac_test_wth_cipher( int verbose,
|
|||
int num_tests )
|
||||
{
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
int i, ret;
|
||||
int i, ret = 0;
|
||||
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_type( cipher_type );
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -49,11 +50,6 @@
|
|||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* CTR_DRBG context initialization
|
||||
*/
|
||||
|
@ -125,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
|
|||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_aes_free( &ctx->aes_ctx );
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
|
||||
|
@ -245,16 +241,16 @@ exit:
|
|||
/*
|
||||
* tidy up the stack
|
||||
*/
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_zeroize( key, sizeof( key ) );
|
||||
mbedtls_zeroize( chain, sizeof( chain ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( key, sizeof( key ) );
|
||||
mbedtls_platform_zeroize( chain, sizeof( chain ) );
|
||||
if( 0 != ret )
|
||||
{
|
||||
/*
|
||||
* wipe partial seed from memory
|
||||
*/
|
||||
mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
|
@ -493,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
|
@ -526,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
|
|||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_DES_C)
|
||||
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -48,11 +49,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -316,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_des3_init( mbedtls_des3_context *ctx )
|
||||
|
@ -329,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
|
||||
}
|
||||
|
||||
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
|
||||
|
@ -553,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set2key( ctx->sk, sk, key );
|
||||
mbedtls_zeroize( sk, sizeof( sk ) );
|
||||
mbedtls_platform_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -567,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set2key( sk, ctx->sk, key );
|
||||
mbedtls_zeroize( sk, sizeof( sk ) );
|
||||
mbedtls_platform_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -604,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set3key( ctx->sk, sk, key );
|
||||
mbedtls_zeroize( sk, sizeof( sk ) );
|
||||
mbedtls_platform_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -618,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set3key( sk, ctx->sk, key );
|
||||
mbedtls_zeroize( sk, sizeof( sk ) );
|
||||
mbedtls_platform_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#if defined(MBEDTLS_DHM_C)
|
||||
|
||||
#include "mbedtls/dhm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -58,10 +59,6 @@
|
|||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* helper to validate the mbedtls_mpi size and import it
|
||||
|
@ -437,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
|
|||
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
|
||||
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
@ -575,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
|
|||
{
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( *buf, *n + 1 );
|
||||
mbedtls_platform_zeroize( *buf, *n + 1 );
|
||||
mbedtls_free( *buf );
|
||||
|
||||
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
|
||||
|
@ -605,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
|||
|
||||
ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
|
||||
|
||||
mbedtls_zeroize( buf, n );
|
||||
mbedtls_platform_zeroize( buf, n );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
|
|
|
@ -400,6 +400,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
|||
&ctx->Q, &r, &s ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* At this point we know that the buffer starts with a valid signature.
|
||||
* Return 0 if the buffer just contains the signature, and a specific
|
||||
* error code if the valid signature is followed by more data. */
|
||||
if( p != end )
|
||||
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
|
||||
|
||||
|
|
|
@ -301,7 +301,7 @@ cleanup:
|
|||
*/
|
||||
static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
|
||||
const mbedtls_ecp_group *grp,
|
||||
const int pf,
|
||||
const int pf,
|
||||
const mbedtls_ecp_point *G,
|
||||
const mbedtls_mpi *x,
|
||||
const mbedtls_ecp_point *X,
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
* GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
|
||||
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
|
||||
* RFC 4492 for the related TLS structures and constants
|
||||
* RFC 7748 for the Curve448 and Curve25519 curve definitions
|
||||
*
|
||||
* [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
|
||||
*
|
||||
|
@ -50,6 +51,7 @@
|
|||
|
||||
#include "mbedtls/ecp.h"
|
||||
#include "mbedtls/threading.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -72,11 +74,6 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* Counts of point addition and doubling, and field multiplications.
|
||||
|
@ -99,7 +96,8 @@ static unsigned long add_count, dbl_count, mul_count;
|
|||
#define ECP_SHORTWEIERSTRASS
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#define ECP_MONTGOMERY
|
||||
#endif
|
||||
|
||||
|
@ -346,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
|
|||
mbedtls_free( grp->T );
|
||||
}
|
||||
|
||||
mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
|
||||
mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1852,6 +1850,8 @@ cleanup:
|
|||
static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
|
||||
{
|
||||
/* [Curve25519 p. 5] Just check X is the correct number of bytes */
|
||||
/* Allow any public value, if it's too big then we'll just reduce it mod p
|
||||
* (RFC 7748 sec. 5 para. 3). */
|
||||
if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
|
||||
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||
|
||||
|
@ -1887,14 +1887,18 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *
|
|||
#if defined(ECP_MONTGOMERY)
|
||||
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
|
||||
{
|
||||
/* see [Curve25519] page 5 */
|
||||
/* see RFC 7748 sec. 5 para. 5 */
|
||||
if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
|
||||
mbedtls_mpi_get_bit( d, 1 ) != 0 ||
|
||||
mbedtls_mpi_get_bit( d, 2 ) != 0 ||
|
||||
mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
|
||||
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||
else
|
||||
return( 0 );
|
||||
|
||||
/* see [Curve25519] page 5 */
|
||||
if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
|
||||
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* ECP_MONTGOMERY */
|
||||
#if defined(ECP_SHORTWEIERSTRASS)
|
||||
|
@ -1941,10 +1945,14 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
else
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
|
||||
|
||||
/* Make sure the last three bits are unset */
|
||||
/* Make sure the last two bits are unset for Curve448, three bits for
|
||||
Curve25519 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
|
||||
if( grp->nbits == 254 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* ECP_MONTGOMERY */
|
||||
|
|
|
@ -627,6 +627,9 @@ static int ecp_mod_p521( mbedtls_mpi * );
|
|||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
static int ecp_mod_p255( mbedtls_mpi * );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
static int ecp_mod_p448( mbedtls_mpi * );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
static int ecp_mod_p192k1( mbedtls_mpi * );
|
||||
#endif
|
||||
|
@ -670,7 +673,12 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
|
||||
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
|
||||
|
||||
/* Y intentionaly not set, since we use x/z coordinates.
|
||||
/* N = 2^252 + 27742317777372353535851937790883648493 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16,
|
||||
"14DEF9DEA2F79CD65812631A5CF5D3ED" ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
|
||||
|
||||
/* Y intentionally not set, since we use x/z coordinates.
|
||||
* This is used as a marker to identify Montgomery curves! */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
|
||||
|
@ -687,6 +695,52 @@ cleanup:
|
|||
}
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
/*
|
||||
* Specialized function for creating the Curve448 group
|
||||
*/
|
||||
static int ecp_use_curve448( mbedtls_ecp_group *grp )
|
||||
{
|
||||
mbedtls_mpi Ns;
|
||||
int ret;
|
||||
|
||||
mbedtls_mpi_init( &Ns );
|
||||
|
||||
/* Actually ( A + 2 ) / 4 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) );
|
||||
|
||||
/* P = 2^448 - 2^224 - 1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
|
||||
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
|
||||
|
||||
/* Y intentionally not set, since we use x/z coordinates.
|
||||
* This is used as a marker to identify Montgomery curves! */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
|
||||
mbedtls_mpi_free( &grp->G.Y );
|
||||
|
||||
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
|
||||
"8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
|
||||
|
||||
/* Actually, the required msb for private keys */
|
||||
grp->nbits = 447;
|
||||
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &Ns );
|
||||
if( ret != 0 )
|
||||
mbedtls_ecp_group_free( grp );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
|
||||
/*
|
||||
* Set a group using well-known domain parameters
|
||||
*/
|
||||
|
@ -767,6 +821,12 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
|
|||
return( ecp_use_curve25519( grp ) );
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
case MBEDTLS_ECP_DP_CURVE448:
|
||||
grp->modp = ecp_mod_p448;
|
||||
return( ecp_use_curve448( grp ) );
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
|
||||
default:
|
||||
mbedtls_ecp_group_free( grp );
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
|
@ -1176,7 +1236,7 @@ static int ecp_mod_p255( mbedtls_mpi *N )
|
|||
M.s = 1;
|
||||
M.n = N->n - ( P255_WIDTH - 1 );
|
||||
if( M.n > P255_WIDTH + 1 )
|
||||
M.n = P255_WIDTH + 1;
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
M.p = Mp;
|
||||
memset( Mp, 0, sizeof Mp );
|
||||
memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
|
||||
|
@ -1197,6 +1257,77 @@ cleanup:
|
|||
}
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
|
||||
/* Size of p448 in terms of mbedtls_mpi_uint */
|
||||
#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
|
||||
|
||||
/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
|
||||
#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
|
||||
#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) )
|
||||
#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
|
||||
#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
|
||||
|
||||
/*
|
||||
* Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
|
||||
* Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
|
||||
* A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
|
||||
* implementation of Curve448, which uses its own special 56-bit limbs rather
|
||||
* than a generic bignum library. We could squeeze some extra speed out on
|
||||
* 32-bit machines by splitting N up into 32-bit limbs and doing the
|
||||
* arithmetic using the limbs directly as we do for the NIST primes above,
|
||||
* but for 64-bit targets it should use half the number of operations if we do
|
||||
* the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
|
||||
*/
|
||||
static int ecp_mod_p448( mbedtls_mpi *N )
|
||||
{
|
||||
int ret;
|
||||
size_t i;
|
||||
mbedtls_mpi M, Q;
|
||||
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
|
||||
|
||||
if( N->n <= P448_WIDTH )
|
||||
return( 0 );
|
||||
|
||||
/* M = A1 */
|
||||
M.s = 1;
|
||||
M.n = N->n - ( P448_WIDTH );
|
||||
if( M.n > P448_WIDTH )
|
||||
/* Shouldn't be called with N larger than 2^896! */
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
M.p = Mp;
|
||||
memset( Mp, 0, sizeof( Mp ) );
|
||||
memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
|
||||
|
||||
/* N = A0 */
|
||||
for( i = P448_WIDTH; i < N->n; i++ )
|
||||
N->p[i] = 0;
|
||||
|
||||
/* N += A1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
|
||||
|
||||
/* Q = B1, N += B1 */
|
||||
Q = M;
|
||||
Q.p = Qp;
|
||||
memcpy( Qp, Mp, sizeof( Qp ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
|
||||
|
||||
/* M = (B0 + B1) * 2^224, N += M */
|
||||
if( sizeof( mbedtls_mpi_uint ) > 4 )
|
||||
Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
|
||||
for( i = P224_WIDTH_MAX; i < M.n; ++i )
|
||||
Mp[i] = 0;
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
|
||||
M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -59,11 +60,6 @@
|
|||
#include "mbedtls/havege.h"
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
|
||||
|
||||
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
||||
|
@ -140,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
|
|||
ctx->initial_entropy_run = 0;
|
||||
#endif
|
||||
ctx->source_count = 0;
|
||||
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
|
||||
mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
|
||||
ctx->accumulator_started = 0;
|
||||
}
|
||||
|
||||
|
@ -232,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
|
|||
#endif
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -300,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
|
|||
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -433,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
|
@ -486,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
|
@ -516,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
|
|||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
||||
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
|
||||
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -49,6 +49,10 @@
|
|||
#include "mbedtls/arc4.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
#include "mbedtls/aria.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BASE64_C)
|
||||
#include "mbedtls/base64.h"
|
||||
#endif
|
||||
|
@ -256,19 +260,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
|
@ -333,7 +337,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
|
||||
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
|
||||
mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
@ -478,7 +482,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" );
|
||||
mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
|
||||
|
@ -491,6 +495,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
|
@ -570,6 +576,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - Invalid input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" );
|
||||
if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) )
|
||||
|
@ -581,6 +589,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ARC4_C */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - ARIA hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
|
||||
|
@ -745,6 +764,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Input invalid" );
|
||||
#endif /* MBEDTLS_NET_C */
|
||||
|
||||
#if defined(MBEDTLS_OID_C)
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#if defined(MBEDTLS_GCM_C)
|
||||
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -80,11 +81,6 @@
|
|||
}
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize a context
|
||||
*/
|
||||
|
@ -498,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
|
||||
if( diff != 0 )
|
||||
{
|
||||
mbedtls_zeroize( output, length );
|
||||
mbedtls_platform_zeroize( output, length );
|
||||
return( MBEDTLS_ERR_GCM_AUTH_FAILED );
|
||||
}
|
||||
|
||||
|
@ -508,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
|
||||
{
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
|
|
@ -36,14 +36,10 @@
|
|||
|
||||
#include "mbedtls/havege.h"
|
||||
#include "mbedtls/timing.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------------------
|
||||
* On average, one iteration accesses two 8-word blocks in the havege WALK
|
||||
* table, and generates 16 words in the RES array.
|
||||
|
@ -208,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
|
|||
if( hs == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
|
||||
mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_HMAC_DRBG_C)
|
||||
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -50,11 +51,6 @@
|
|||
#endif /* MBEDTLS_SELF_TEST */
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* HMAC_DRBG context initialization
|
||||
*/
|
||||
|
@ -338,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
|
|||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_md_free( &ctx->md_ctx );
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
|
@ -364,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
|
|||
|
||||
exit:
|
||||
fclose( f );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -396,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
|
|||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/md_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
|
@ -48,11 +49,6 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reminder: update profiles in x509_crt.c when adding a new hash!
|
||||
*/
|
||||
|
@ -193,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
|
|||
|
||||
if( ctx->hmac_ctx != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
|
||||
mbedtls_platform_zeroize( ctx->hmac_ctx,
|
||||
2 * ctx->md_info->block_size );
|
||||
mbedtls_free( ctx->hmac_ctx );
|
||||
}
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
|
||||
}
|
||||
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
|
@ -311,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
|
|||
ret = md_info->finish_func( ctx.md_ctx, output );
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
mbedtls_md_free( &ctx );
|
||||
|
||||
|
@ -361,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( sum, sizeof( sum ) );
|
||||
mbedtls_platform_zeroize( sum, sizeof( sum ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_MD2_C)
|
||||
|
||||
#include "mbedtls/md2.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -48,11 +49,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static const unsigned char PI_SUBST[256] =
|
||||
{
|
||||
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
|
||||
|
@ -93,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_MD4_C)
|
||||
|
||||
#include "mbedtls/md4.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -48,11 +49,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -86,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_MD5_C)
|
||||
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -47,11 +48,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
@ -85,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
is dependent upon MBEDTLS_PLATFORM_C */
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -42,11 +43,6 @@
|
|||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define MAGIC1 0xFF00AA55
|
||||
#define MAGIC2 0xEE119966
|
||||
#define MAX_BT 20
|
||||
|
@ -612,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void )
|
|||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &heap.mutex );
|
||||
#endif
|
||||
mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) );
|
||||
mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
#if defined(MBEDTLS_NET_C)
|
||||
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
|
||||
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
|
||||
#endif
|
||||
|
||||
|
@ -45,6 +45,8 @@
|
|||
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
|
||||
#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
|
||||
|
||||
/* GODOT ADDITION */
|
||||
#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501)
|
||||
#undef _WIN32_WINNT
|
||||
|
@ -85,6 +87,8 @@ static int wsa_init_done = 0;
|
|||
#include <netdb.h>
|
||||
#include <errno.h>
|
||||
|
||||
#define IS_EINTR( ret ) ( ( ret ) == EINTR )
|
||||
|
||||
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
|
||||
|
||||
/* Some MS functions want int and MSVC warns if we pass size_t,
|
||||
|
@ -274,7 +278,7 @@ static int net_would_block( const mbedtls_net_context *ctx )
|
|||
static int net_would_block( const mbedtls_net_context *ctx )
|
||||
{
|
||||
int err = errno;
|
||||
|
||||
|
||||
/*
|
||||
* Never return 'WOULD BLOCK' on a non-blocking socket
|
||||
*/
|
||||
|
@ -441,6 +445,72 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
|
|||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if data is available on the socket
|
||||
*/
|
||||
|
||||
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
|
||||
{
|
||||
int ret;
|
||||
struct timeval tv;
|
||||
|
||||
fd_set read_fds;
|
||||
fd_set write_fds;
|
||||
|
||||
int fd = ctx->fd;
|
||||
|
||||
if( fd < 0 )
|
||||
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
/* Ensure that memory sanitizers consider read_fds and write_fds as
|
||||
* initialized even on platforms such as Glibc/x86_64 where FD_ZERO
|
||||
* is implemented in assembly. */
|
||||
memset( &read_fds, 0, sizeof( read_fds ) );
|
||||
memset( &write_fds, 0, sizeof( write_fds ) );
|
||||
#endif
|
||||
#endif
|
||||
|
||||
FD_ZERO( &read_fds );
|
||||
if( rw & MBEDTLS_NET_POLL_READ )
|
||||
{
|
||||
rw &= ~MBEDTLS_NET_POLL_READ;
|
||||
FD_SET( fd, &read_fds );
|
||||
}
|
||||
|
||||
FD_ZERO( &write_fds );
|
||||
if( rw & MBEDTLS_NET_POLL_WRITE )
|
||||
{
|
||||
rw &= ~MBEDTLS_NET_POLL_WRITE;
|
||||
FD_SET( fd, &write_fds );
|
||||
}
|
||||
|
||||
if( rw != 0 )
|
||||
return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
|
||||
|
||||
tv.tv_sec = timeout / 1000;
|
||||
tv.tv_usec = ( timeout % 1000 ) * 1000;
|
||||
|
||||
do
|
||||
{
|
||||
ret = select( fd + 1, &read_fds, &write_fds, NULL,
|
||||
timeout == (uint32_t) -1 ? NULL : &tv );
|
||||
}
|
||||
while( IS_EINTR( ret ) );
|
||||
|
||||
if( ret < 0 )
|
||||
return( MBEDTLS_ERR_NET_POLL_FAILED );
|
||||
|
||||
ret = 0;
|
||||
if( FD_ISSET( fd, &read_fds ) )
|
||||
ret |= MBEDTLS_NET_POLL_READ;
|
||||
if( FD_ISSET( fd, &write_fds ) )
|
||||
ret |= MBEDTLS_NET_POLL_WRITE;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Portable usleep helper
|
||||
*/
|
||||
|
@ -500,8 +570,8 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
|
|||
/*
|
||||
* Read at most 'len' characters, blocking for at most 'timeout' ms
|
||||
*/
|
||||
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout )
|
||||
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
|
||||
size_t len, uint32_t timeout )
|
||||
{
|
||||
int ret;
|
||||
struct timeval tv;
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -45,11 +46,6 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void mbedtls_pem_init( mbedtls_pem_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_pem_context ) );
|
||||
|
@ -135,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
|
||||
exit:
|
||||
mbedtls_md5_free( &md5_ctx );
|
||||
mbedtls_zeroize( md5sum, 16 );
|
||||
mbedtls_platform_zeroize( md5sum, 16 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -164,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8],
|
|||
|
||||
exit:
|
||||
mbedtls_des_free( &des_ctx );
|
||||
mbedtls_zeroize( des_key, 8 );
|
||||
mbedtls_platform_zeroize( des_key, 8 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -192,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8],
|
|||
|
||||
exit:
|
||||
mbedtls_des3_free( &des3_ctx );
|
||||
mbedtls_zeroize( des3_key, 24 );
|
||||
mbedtls_platform_zeroize( des3_key, 24 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -222,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
|||
|
||||
exit:
|
||||
mbedtls_aes_free( &aes_ctx );
|
||||
mbedtls_zeroize( aes_key, keylen );
|
||||
mbedtls_platform_zeroize( aes_key, keylen );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -359,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_platform_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
|
||||
}
|
||||
|
@ -370,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
|
||||
if( pwd == NULL )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_platform_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
@ -403,16 +399,16 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
||||
* length bytes (allow 4 to be sure) in all known use cases.
|
||||
*
|
||||
* Use that as heurisitic to try detecting password mismatchs.
|
||||
* Use that as a heuristic to try to detect password mismatches.
|
||||
*/
|
||||
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_platform_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
|
||||
}
|
||||
#else
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_platform_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
|
||||
|
@ -428,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
||||
{
|
||||
if( ctx->buf != NULL )
|
||||
mbedtls_zeroize( ctx->buf, ctx->buflen );
|
||||
mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
|
||||
mbedtls_free( ctx->buf );
|
||||
mbedtls_free( ctx->info );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
|
|
|
@ -29,6 +29,8 @@
|
|||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/pk_internal.h"
|
||||
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "mbedtls/rsa.h"
|
||||
#endif
|
||||
|
@ -42,11 +44,6 @@
|
|||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialise a mbedtls_pk_context
|
||||
*/
|
||||
|
@ -69,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
|
|||
|
||||
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -41,6 +41,10 @@
|
|||
#include "mbedtls/ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
#include "mbedtls/platform_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
|
@ -52,13 +56,6 @@
|
|||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
static int rsa_can_do( mbedtls_pk_type_t type )
|
||||
{
|
||||
|
@ -93,6 +90,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
(unsigned int) hash_len, hash, sig ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* The buffer contains a valid signature followed by extra data.
|
||||
* We have a special error code for that so that so that callers can
|
||||
* use mbedtls_pk_verify() to check "Does the buffer start with a
|
||||
* valid signature?" and not just "Does the buffer contain a valid
|
||||
* signature?". */
|
||||
if( sig_len > rsa_len )
|
||||
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
||||
|
||||
|
@ -493,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void )
|
|||
|
||||
static void rsa_alt_free_wrap( void *ctx )
|
||||
{
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
|
||||
mbedtls_free( ctx );
|
||||
}
|
||||
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#include "mbedtls/pkcs12.h"
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -47,11 +48,6 @@
|
|||
#include "mbedtls/des.h"
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
|
||||
mbedtls_asn1_buf *salt, int *iterations )
|
||||
{
|
||||
|
@ -166,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
|||
goto exit;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( key, sizeof( key ) );
|
||||
mbedtls_platform_zeroize( key, sizeof( key ) );
|
||||
mbedtls_arc4_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
|
@ -223,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
|||
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( key, sizeof( key ) );
|
||||
mbedtls_zeroize( iv, sizeof( iv ) );
|
||||
mbedtls_platform_zeroize( key, sizeof( key ) );
|
||||
mbedtls_platform_zeroize( iv, sizeof( iv ) );
|
||||
mbedtls_cipher_free( &cipher_ctx );
|
||||
|
||||
return( ret );
|
||||
|
@ -352,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( salt_block, sizeof( salt_block ) );
|
||||
mbedtls_zeroize( pwd_block, sizeof( pwd_block ) );
|
||||
mbedtls_zeroize( hash_block, sizeof( hash_block ) );
|
||||
mbedtls_zeroize( hash_output, sizeof( hash_output ) );
|
||||
mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
|
||||
mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
|
||||
mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
|
||||
mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
|
||||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
|
|
|
@ -38,9 +38,12 @@
|
|||
#if defined(MBEDTLS_PKCS5_C)
|
||||
|
||||
#include "mbedtls/pkcs5.h"
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -51,6 +54,22 @@
|
|||
#define mbedtls_printf printf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output )
|
||||
{
|
||||
((void) pbe_params);
|
||||
((void) mode);
|
||||
((void) pwd);
|
||||
((void) pwdlen);
|
||||
((void) data);
|
||||
((void) datalen);
|
||||
((void) output);
|
||||
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#else
|
||||
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
|
||||
mbedtls_asn1_buf *salt, int *iterations,
|
||||
int *keylen, mbedtls_md_type_t *md_type )
|
||||
|
@ -211,6 +230,7 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
|
||||
size_t plen, const unsigned char *salt, size_t slen,
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -60,14 +61,6 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO) || \
|
||||
defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
|
@ -105,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
|||
{
|
||||
fclose( f );
|
||||
|
||||
mbedtls_zeroize( *buf, *n );
|
||||
mbedtls_platform_zeroize( *buf, *n );
|
||||
mbedtls_free( *buf );
|
||||
|
||||
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
||||
|
@ -140,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
|||
ret = mbedtls_pk_parse_key( ctx, buf, n,
|
||||
(const unsigned char *) pwd, strlen( pwd ) );
|
||||
|
||||
mbedtls_zeroize( buf, n );
|
||||
mbedtls_platform_zeroize( buf, n );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
|
@ -160,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
|||
|
||||
ret = mbedtls_pk_parse_public_key( ctx, buf, n );
|
||||
|
||||
mbedtls_zeroize( buf, n );
|
||||
mbedtls_platform_zeroize( buf, n );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
|
@ -861,7 +854,10 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
|||
mbedtls_ecp_keypair_free( eck );
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
}
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
/*
|
||||
* Is 'publickey' present? If not, or if we can't read it (eg because it
|
||||
* is compressed), create it from the private key.
|
||||
|
@ -1292,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
|
||||
pwd, pwdlen );
|
||||
|
||||
mbedtls_zeroize( key_copy, keylen );
|
||||
mbedtls_platform_zeroize( key_copy, keylen );
|
||||
mbedtls_free( key_copy );
|
||||
}
|
||||
|
||||
|
|
|
@ -28,14 +28,7 @@
|
|||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
|
||||
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
|
@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
|
|||
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
|
||||
{
|
||||
fclose( file );
|
||||
mbedtls_zeroize( buf, buf_len );
|
||||
mbedtls_platform_zeroize( buf, buf_len );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* Common and shared functions used by multiple modules in the Mbed TLS
|
||||
* library.
|
||||
*
|
||||
* Copyright (C) 2018, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
|
||||
/*
|
||||
* This implementation should never be optimized out by the compiler
|
||||
*
|
||||
* This implementation for mbedtls_platform_zeroize() was inspired from Colin
|
||||
* Percival's blog article at:
|
||||
*
|
||||
* http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
|
||||
*
|
||||
* It uses a volatile function pointer to the standard memset(). Because the
|
||||
* pointer is volatile the compiler expects it to change at
|
||||
* any time and will not optimize out the call that could potentially perform
|
||||
* other operations on the input buffer instead of just setting it to 0.
|
||||
* Nevertheless, as pointed out by davidtgoldblatt on Hacker News
|
||||
* (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
|
||||
* details), optimizations of the following form are still possible:
|
||||
*
|
||||
* if( memset_func != memset )
|
||||
* memset_func( buf, 0, len );
|
||||
*
|
||||
* Note that it is extremely difficult to guarantee that
|
||||
* mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
|
||||
* in a portable way. For this reason, Mbed TLS also provides the configuration
|
||||
* option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
|
||||
* mbedtls_platform_zeroize() to use a suitable implementation for their
|
||||
* platform and needs.
|
||||
*/
|
||||
static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
|
||||
|
||||
void mbedtls_platform_zeroize( void *buf, size_t len )
|
||||
{
|
||||
memset_func( buf, 0, len );
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
|
|
@ -34,6 +34,7 @@
|
|||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -71,11 +72,6 @@
|
|||
}
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
|
||||
|
@ -86,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/rsa_internal.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -70,11 +71,7 @@
|
|||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
/* constant-time buffer comparison */
|
||||
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
|
@ -88,6 +85,7 @@ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
|||
|
||||
return( diff );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
|
||||
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||
const mbedtls_mpi *N,
|
||||
|
@ -493,6 +491,9 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
|
|||
|
||||
/*
|
||||
* Generate an RSA keypair
|
||||
*
|
||||
* This generation method follows the RSA key pair generation procedure of
|
||||
* FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
|
||||
*/
|
||||
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -500,7 +501,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
unsigned int nbits, int exponent )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_mpi H, G;
|
||||
mbedtls_mpi H, G, L;
|
||||
|
||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -510,10 +511,13 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
|
||||
mbedtls_mpi_init( &H );
|
||||
mbedtls_mpi_init( &G );
|
||||
mbedtls_mpi_init( &L );
|
||||
|
||||
/*
|
||||
* find primes P and Q with Q < P so that:
|
||||
* GCD( E, (P-1)*(Q-1) ) == 1
|
||||
* 1. |P-Q| > 2^( nbits / 2 - 100 )
|
||||
* 2. GCD( E, (P-1)*(Q-1) ) == 1
|
||||
* 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
|
||||
|
||||
|
@ -525,40 +529,51 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
|
||||
/* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
|
||||
if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
|
||||
continue;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
|
||||
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
|
||||
continue;
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
|
||||
/* not required by any standards, but some users rely on the fact that P > Q */
|
||||
if( H.s < 0 )
|
||||
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
|
||||
|
||||
/* Temporarily replace P,Q by P-1, Q-1 */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
|
||||
|
||||
/* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
|
||||
if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
|
||||
continue;
|
||||
|
||||
/* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
|
||||
|
||||
if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
|
||||
continue;
|
||||
|
||||
break;
|
||||
}
|
||||
while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
|
||||
while( 1 );
|
||||
|
||||
/* Restore P,Q */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
|
||||
|
||||
ctx->len = mbedtls_mpi_size( &ctx->N );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
/*
|
||||
* D = E^-1 mod ((P-1)*(Q-1))
|
||||
* DP = D mod (P - 1)
|
||||
* DQ = D mod (Q - 1)
|
||||
* QP = Q^-1 mod P
|
||||
*/
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
|
||||
&ctx->DP, &ctx->DQ, &ctx->QP ) );
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
@ -570,6 +585,7 @@ cleanup:
|
|||
|
||||
mbedtls_mpi_free( &H );
|
||||
mbedtls_mpi_free( &G );
|
||||
mbedtls_mpi_free( &L );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -1040,7 +1056,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
|
|||
}
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( mask, sizeof( mask ) );
|
||||
mbedtls_platform_zeroize( mask, sizeof( mask ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -1354,8 +1370,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_zeroize( lhash, sizeof( lhash ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -1452,7 +1468,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -1583,7 +1599,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
p += hlen;
|
||||
*p++ = 0xBC;
|
||||
|
||||
mbedtls_zeroize( salt, sizeof( salt ) );
|
||||
mbedtls_platform_zeroize( salt, sizeof( salt ) );
|
||||
|
||||
exit:
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
@ -1725,7 +1741,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
|
|||
* after the initial bounds check. */
|
||||
if( p != dst + dst_len )
|
||||
{
|
||||
mbedtls_zeroize( dst, dst_len );
|
||||
mbedtls_platform_zeroize( dst, dst_len );
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
|
@ -2062,13 +2078,13 @@ cleanup:
|
|||
|
||||
if( encoded != NULL )
|
||||
{
|
||||
mbedtls_zeroize( encoded, sig_len );
|
||||
mbedtls_platform_zeroize( encoded, sig_len );
|
||||
mbedtls_free( encoded );
|
||||
}
|
||||
|
||||
if( encoded_expected != NULL )
|
||||
{
|
||||
mbedtls_zeroize( encoded_expected, sig_len );
|
||||
mbedtls_platform_zeroize( encoded_expected, sig_len );
|
||||
mbedtls_free( encoded_expected );
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -47,11 +48,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -85,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -50,11 +51,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -88,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#if defined(MBEDTLS_SHA512_C)
|
||||
|
||||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(_MSC_VER) || defined(__WATCOMC__)
|
||||
#define UL64(x) x##ui64
|
||||
|
@ -56,11 +57,6 @@
|
|||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 64-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
@ -102,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
* 1. By key exchange:
|
||||
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
|
||||
* 2. By key length and cipher:
|
||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
|
||||
* AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
|
||||
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
|
||||
* 4. By hash function used when relevant
|
||||
* 5. By key exchange/auth again: EC > non-EC
|
||||
|
@ -81,6 +81,14 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
|
||||
/* All ARIA-256 ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
/* All AES-128 ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
|
@ -105,6 +113,14 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
|
||||
/* All ARIA-128 ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
/* All remaining >= 128-bit ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
@ -121,6 +137,9 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
|
||||
|
@ -132,6 +151,9 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
@ -161,6 +183,14 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
|
||||
/* All ARIA-256 suites */
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
/* All AES-128 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
|
||||
|
@ -183,6 +213,14 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
|
||||
/* All ARIA-128 suites */
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
/* All remaining >= 128-bit suites */
|
||||
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
@ -194,12 +232,16 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
|
@ -211,6 +253,8 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
|
||||
MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
|
||||
|
@ -219,6 +263,8 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
|
||||
MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
|
@ -1688,6 +1734,365 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_DES_C */
|
||||
#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-PSK-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
|
||||
|
||||
{ 0, "",
|
||||
MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
|
||||
0, 0, 0, 0, 0 }
|
||||
|
|
|
@ -48,10 +48,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#include "mbedtls/platform_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
|
@ -355,7 +352,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
@ -717,6 +714,49 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Validate cipher suite against config in SSL context.
|
||||
*
|
||||
* \param suite_info cipher suite to validate
|
||||
* \param ssl SSL context
|
||||
* \param min_minor_ver Minimal minor version to accept a cipher suite
|
||||
* \param max_minor_ver Maximal minor version to accept a cipher suite
|
||||
*
|
||||
* \return 0 if valid, else 1
|
||||
*/
|
||||
static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info,
|
||||
const mbedtls_ssl_context * ssl,
|
||||
int min_minor_ver, int max_minor_ver )
|
||||
{
|
||||
(void) ssl;
|
||||
if( suite_info == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( suite_info->min_minor_ver > max_minor_ver ||
|
||||
suite_info->max_minor_ver < min_minor_ver )
|
||||
return( 1 );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||
return( 1 );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
return( 1 );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
return( 1 );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
@ -869,31 +909,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
|
||||
|
||||
if( ciphersuite_info == NULL )
|
||||
if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
|
||||
ssl->conf->min_minor_ver,
|
||||
ssl->conf->max_minor_ver ) != 0 )
|
||||
continue;
|
||||
|
||||
if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
|
||||
ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
|
||||
continue;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
|
@ -938,7 +958,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
/*
|
||||
* We don't support compression with DTLS right now: is many records come
|
||||
* We don't support compression with DTLS right now: if many records come
|
||||
* in the same datagram, uncompressing one could overwrite the next one.
|
||||
* We don't want to add complexity for handling that case unless there is
|
||||
* an actual need for it.
|
||||
|
@ -1261,7 +1281,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
@ -1690,22 +1710,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
|
||||
|
||||
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||
if( suite_info == NULL
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
|| ( ssl->conf->arc4_disabled &&
|
||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
|
||||
|
||||
/*
|
||||
* Perform cipher suite validation in same way as in ssl_write_client_hello.
|
||||
*/
|
||||
i = 0;
|
||||
while( 1 )
|
||||
{
|
||||
|
@ -1724,6 +1731,17 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||
if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
|
||||
|
||||
if( comp != MBEDTLS_SSL_COMPRESS_NULL
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
|
||||
|
@ -2673,10 +2691,27 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
buf = ssl->in_msg;
|
||||
|
||||
/* certificate_types */
|
||||
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||
}
|
||||
cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
|
||||
n = cert_type_len;
|
||||
|
||||
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||
/*
|
||||
* In the subsequent code there are two paths that read from buf:
|
||||
* * the length of the signature algorithms field (if minor version of
|
||||
* SSL is 3),
|
||||
* * distinguished name length otherwise.
|
||||
* Both reach at most the index:
|
||||
* ...hdr_len + 2 + n,
|
||||
* therefore the buffer length at this point must be greater than that
|
||||
* regardless of the actual code path.
|
||||
*/
|
||||
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
|
@ -2691,9 +2726,32 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
|
||||
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
|
||||
unsigned char* sig_alg;
|
||||
size_t i;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The furthest access in buf is in the loop few lines below:
|
||||
* sig_alg[i + 1],
|
||||
* where:
|
||||
* sig_alg = buf + ...hdr_len + 3 + n,
|
||||
* max(i) = sig_alg_len - 1.
|
||||
* Therefore the furthest access is:
|
||||
* buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
|
||||
* which reduces to:
|
||||
* buf[...hdr_len + 3 + n + sig_alg_len],
|
||||
* which is one less than we need the buf to be.
|
||||
*/
|
||||
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
|
||||
for( i = 0; i < sig_alg_len; i += 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
|
||||
|
@ -2702,14 +2760,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
n += 2 + sig_alg_len;
|
||||
|
||||
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
|
@ -3289,8 +3339,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
|||
if( ticket_len == 0 )
|
||||
return( 0 );
|
||||
|
||||
mbedtls_zeroize( ssl->session_negotiate->ticket,
|
||||
ssl->session_negotiate->ticket_len );
|
||||
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
|
||||
ssl->session_negotiate->ticket_len );
|
||||
mbedtls_free( ssl->session_negotiate->ticket );
|
||||
ssl->session_negotiate->ticket = NULL;
|
||||
ssl->session_negotiate->ticket_len = 0;
|
||||
|
|
|
@ -40,14 +40,10 @@
|
|||
|
||||
#include "mbedtls/ssl_cookie.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
||||
* available. Try SHA-256 first, 512 wastes resources since we need to stay
|
||||
|
@ -101,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
|
|||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
||||
|
@ -122,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
mbedtls_zeroize( key, sizeof( key ) );
|
||||
mbedtls_platform_zeroize( key, sizeof( key ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -49,13 +50,6 @@
|
|||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *info,
|
||||
|
@ -553,7 +547,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
|
||||
|
||||
/* Zeroize instead of free as we copied the content */
|
||||
mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) );
|
||||
mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
|
||||
|
||||
|
@ -793,7 +787,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
const mbedtls_ssl_ciphersuite_t *suite_info;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
mbedtls_pk_type_t sig_type;
|
||||
#endif
|
||||
|
||||
|
@ -2961,7 +2955,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
dig_signed = p;
|
||||
dig_signed_len = len;
|
||||
#endif
|
||||
|
@ -3050,7 +3044,7 @@ curve_matching_done:
|
|||
|
||||
/*
|
||||
* 3.1: Choose hash algorithm:
|
||||
* A: For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* A: For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* to choose appropriate hash.
|
||||
* B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
|
||||
* (RFC 4492, Sec. 5.4)
|
||||
|
@ -3071,7 +3065,7 @@ curve_matching_done:
|
|||
sig_alg ) ) == MBEDTLS_MD_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
/* (... because we choose a cipher suite
|
||||
/* (... because we choose a cipher suite
|
||||
* only if there is a matching hash.) */
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
@ -3750,7 +3744,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
/* Read the message without adding it to the checksum */
|
||||
do {
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
|
||||
do ret = mbedtls_ssl_read_record_layer( ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
return( ret );
|
||||
|
@ -3758,7 +3755,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
|
||||
ret = mbedtls_ssl_handle_message_type( ssl );
|
||||
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
|
||||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
|
||||
|
||||
if( 0 != ret )
|
||||
{
|
||||
|
|
|
@ -36,14 +36,10 @@
|
|||
#endif
|
||||
|
||||
#include "mbedtls/ssl_ticket.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialze context
|
||||
*/
|
||||
|
@ -83,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
|||
mbedtls_cipher_get_key_bitlen( &key->ctx ),
|
||||
MBEDTLS_ENCRYPT );
|
||||
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -483,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
|
|||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_TICKET_C */
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -53,11 +54,6 @@
|
|||
#include "mbedtls/oid.h"
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/* Length of the "epoch" field in the record header */
|
||||
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -269,8 +265,8 @@ exit:
|
|||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
mbedtls_zeroize( padding, sizeof( padding ) );
|
||||
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
mbedtls_platform_zeroize( padding, sizeof( padding ) );
|
||||
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -367,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen,
|
|||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_zeroize( h_i, sizeof( h_i ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -432,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
|
|||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_zeroize( h_i, sizeof( h_i ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -642,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
|
||||
mbedtls_platform_zeroize( handshake->premaster,
|
||||
sizeof(handshake->premaster) );
|
||||
}
|
||||
else
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
|
||||
|
@ -653,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
memcpy( tmp, handshake->randbytes, 64 );
|
||||
memcpy( handshake->randbytes, tmp + 32, 32 );
|
||||
memcpy( handshake->randbytes + 32, tmp, 32 );
|
||||
mbedtls_zeroize( tmp, sizeof( tmp ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
|
||||
/*
|
||||
* SSLv3:
|
||||
|
@ -681,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
|
||||
|
||||
mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
|
||||
mbedtls_platform_zeroize( handshake->randbytes,
|
||||
sizeof( handshake->randbytes ) );
|
||||
|
||||
/*
|
||||
* Determine the appropriate key, IV and MAC length.
|
||||
|
@ -855,8 +853,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
For AEAD-based ciphersuites, there is nothing to do here. */
|
||||
if( mac_key_len != 0 )
|
||||
{
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -943,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
mbedtls_zeroize( keyblk, sizeof( keyblk ) );
|
||||
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
// Initialize compression
|
||||
|
@ -1269,7 +1272,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
|
|||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
|
||||
( defined(MBEDTLS_CIPHER_MODE_CBC) && \
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
|
||||
#define SSL_SOME_MODES_USE_MAC
|
||||
#endif
|
||||
|
||||
|
@ -1470,7 +1473,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
|||
else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
|
||||
if( mode == MBEDTLS_MODE_CBC )
|
||||
{
|
||||
int ret;
|
||||
|
@ -1586,7 +1589,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
|
||||
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
|
||||
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -1730,7 +1733,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
|||
else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
|
||||
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
|
||||
if( mode == MBEDTLS_MODE_CBC )
|
||||
{
|
||||
/*
|
||||
|
@ -1942,7 +1945,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
|
||||
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
|
||||
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -2103,6 +2106,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret;
|
||||
unsigned char *msg_post = ssl->out_msg;
|
||||
ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf;
|
||||
size_t len_pre = ssl->out_msglen;
|
||||
unsigned char *msg_pre = ssl->compress_buf;
|
||||
|
||||
|
@ -2122,7 +2126,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||
ssl->transform_out->ctx_deflate.next_in = msg_pre;
|
||||
ssl->transform_out->ctx_deflate.avail_in = len_pre;
|
||||
ssl->transform_out->ctx_deflate.next_out = msg_post;
|
||||
ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN;
|
||||
ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written;
|
||||
|
||||
ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
|
||||
if( ret != Z_OK )
|
||||
|
@ -2132,7 +2136,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
|
||||
ssl->transform_out->ctx_deflate.avail_out;
|
||||
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
|
||||
ssl->out_msglen ) );
|
||||
|
@ -2149,6 +2153,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret;
|
||||
unsigned char *msg_post = ssl->in_msg;
|
||||
ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf;
|
||||
size_t len_pre = ssl->in_msglen;
|
||||
unsigned char *msg_pre = ssl->compress_buf;
|
||||
|
||||
|
@ -2168,7 +2173,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
|||
ssl->transform_in->ctx_inflate.next_in = msg_pre;
|
||||
ssl->transform_in->ctx_inflate.avail_in = len_pre;
|
||||
ssl->transform_in->ctx_inflate.next_out = msg_post;
|
||||
ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN -
|
||||
header_bytes;
|
||||
|
||||
ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
|
||||
if( ret != Z_OK )
|
||||
|
@ -2177,8 +2183,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
|
||||
}
|
||||
|
||||
ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN -
|
||||
ssl->transform_in->ctx_inflate.avail_out;
|
||||
ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN -
|
||||
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
|
||||
ssl->in_msglen ) );
|
||||
|
@ -2332,7 +2338,10 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||
* that will end up being dropped.
|
||||
*/
|
||||
if( ssl_check_timer( ssl ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
|
||||
ret = MBEDTLS_ERR_SSL_TIMEOUT;
|
||||
}
|
||||
else
|
||||
{
|
||||
len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
|
||||
|
@ -2434,6 +2443,14 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||
if( ret < 0 )
|
||||
return( ret );
|
||||
|
||||
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "f_recv returned %d bytes but only %lu were requested",
|
||||
ret, (unsigned long)len ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
ssl->in_left += ret;
|
||||
}
|
||||
}
|
||||
|
@ -2481,6 +2498,14 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||
if( ret <= 0 )
|
||||
return( ret );
|
||||
|
||||
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "f_send returned %d bytes but only %lu bytes were sent",
|
||||
ret, (unsigned long)ssl->out_left ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
ssl->out_left -= ret;
|
||||
}
|
||||
|
||||
|
@ -3064,7 +3089,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
|
|||
if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
|
||||
|
@ -3141,9 +3166,11 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||
int ret;
|
||||
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
|
||||
|
||||
/* ssl->handshake is NULL when receiving ClientHello for renego */
|
||||
if( ssl->handshake != NULL &&
|
||||
recv_msg_seq != ssl->handshake->in_msg_seq )
|
||||
( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
|
||||
( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
|
||||
{
|
||||
/* Retransmit only on last message from previous flight, to avoid
|
||||
* too many retransmissions.
|
||||
|
@ -3170,7 +3197,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->in_msg_seq ) );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
}
|
||||
/* Wait until message completion to increment in_msg_seq */
|
||||
|
||||
|
@ -3573,81 +3600,23 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/* Check length against bounds of the current transform and version */
|
||||
if( ssl->transform_in == NULL )
|
||||
{
|
||||
if( ssl->in_msglen < 1 ||
|
||||
ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if( ssl->in_msglen < ssl->transform_in->minlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||
ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* TLS encrypted messages can have up to 256 bytes of padding
|
||||
*/
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
|
||||
ssl->in_msglen > ssl->transform_in->minlen +
|
||||
MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* DTLS-related tests done last, because most of them may result in
|
||||
* silently dropping the record (but not the whole datagram), and we only
|
||||
* want to consider that after ensuring that the "basic" fields (type,
|
||||
* version, length) are sane.
|
||||
* DTLS-related tests.
|
||||
* Check epoch before checking length constraint because
|
||||
* the latter varies with the epoch. E.g., if a ChangeCipherSpec
|
||||
* message gets duplicated before the corresponding Finished message,
|
||||
* the second ChangeCipherSpec should be discarded because it belongs
|
||||
* to an old epoch, but not because its length is shorter than
|
||||
* the minimum record length for packets using the new record transform.
|
||||
* Note that these two kinds of failures are handled differently,
|
||||
* as an unexpected record is silently skipped but an invalid
|
||||
* record leads to the entire datagram being dropped.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||
|
||||
/* Drop unexpected ChangeCipherSpec messages */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
/* Drop unexpected ApplicationData records,
|
||||
* except at the beginning of renegotiations */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
|
||||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
/* Check epoch (and sequence number) with DTLS */
|
||||
if( rec_epoch != ssl->in_epoch )
|
||||
{
|
||||
|
@ -3687,9 +3656,74 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Drop unexpected ChangeCipherSpec messages */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
/* Drop unexpected ApplicationData records,
|
||||
* except at the beginning of renegotiations */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
|
||||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
|
||||
/* Check length against bounds of the current transform and version */
|
||||
if( ssl->transform_in == NULL )
|
||||
{
|
||||
if( ssl->in_msglen < 1 ||
|
||||
ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if( ssl->in_msglen < ssl->transform_in->minlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||
ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* TLS encrypted messages can have up to 256 bytes of padding
|
||||
*/
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
|
||||
ssl->in_msglen > ssl->transform_in->minlen +
|
||||
MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -3778,7 +3812,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
do {
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
|
||||
do ret = mbedtls_ssl_read_record_layer( ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
return( ret );
|
||||
|
@ -3786,11 +3823,12 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
|
||||
ret = mbedtls_ssl_handle_message_type( ssl );
|
||||
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
|
||||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
|
||||
|
||||
if( 0 != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -3828,11 +3866,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
|
|||
* (2) Alert messages:
|
||||
* Consume whole record content, in_msglen = 0.
|
||||
*
|
||||
* NOTE: This needs to be fixed, since like for
|
||||
* handshake messages it is allowed to have
|
||||
* multiple alerts witin a single record.
|
||||
* Internal reference IOTSSL-1321.
|
||||
*
|
||||
* (3) Change cipher spec:
|
||||
* Consume whole record content, in_msglen = 0.
|
||||
*
|
||||
|
@ -3860,12 +3893,12 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
|
||||
/* Notes:
|
||||
* (1) in_hslen is *NOT* necessarily the size of the
|
||||
* (1) in_hslen is not necessarily the size of the
|
||||
* current handshake content: If DTLS handshake
|
||||
* fragmentation is used, that's the fragment
|
||||
* size instead. Using the total handshake message
|
||||
* size here is FAULTY and should be changed at
|
||||
* some point. Internal reference IOTSSL-1414.
|
||||
* size here is faulty and should be changed at
|
||||
* some point.
|
||||
* (2) While it doesn't seem to cause problems, one
|
||||
* has to be very careful not to assume that in_hslen
|
||||
* is always <= in_msglen in a sensible communication.
|
||||
|
@ -3916,12 +3949,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/* Need to fetch a new record */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
read_record_header:
|
||||
#endif
|
||||
|
||||
/* Current record either fully processed or to be discarded. */
|
||||
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
|
||||
|
@ -3956,7 +3983,7 @@ read_record_header:
|
|||
}
|
||||
|
||||
/* Get next record */
|
||||
goto read_record_header;
|
||||
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
}
|
||||
#endif
|
||||
return( ret );
|
||||
|
@ -3975,7 +4002,13 @@ read_record_header:
|
|||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
|
||||
if( ssl->next_record_offset < ssl->in_left )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
|
@ -4022,7 +4055,7 @@ read_record_header:
|
|||
ssl->in_left = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
|
||||
goto read_record_header;
|
||||
return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
|
@ -4043,46 +4076,6 @@ read_record_header:
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* When we sent the last flight of the handshake, we MUST respond to a
|
||||
* retransmit of the peer's previous flight with a retransmit. (In
|
||||
* practice, only the Finished message will make it, other messages
|
||||
* including CCS use the old transform so they're dropped as invalid.)
|
||||
*
|
||||
* If the record we received is not a handshake message, however, it
|
||||
* means the peer received our last flight so we can clean up
|
||||
* handshake info.
|
||||
*
|
||||
* This check needs to be done before prepare_handshake() due to an edge
|
||||
* case: if the client immediately requests renegotiation, this
|
||||
* finishes the current handshake first, avoiding the new ClientHello
|
||||
* being mistaken for an ancient message in the current handshake.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake != NULL &&
|
||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
}
|
||||
else
|
||||
{
|
||||
ssl_handshake_wrapup_free_hs_transform( ssl );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -4127,7 +4120,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
|||
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) );
|
||||
/* Will be handled when trying to parse ServerHello */
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -4149,6 +4142,15 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
|||
return MBEDTLS_ERR_SSL_NON_FATAL;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake != NULL &&
|
||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
ssl_handshake_wrapup_free_hs_transform( ssl );
|
||||
}
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -5026,9 +5028,9 @@ static void ssl_calc_finished_ssl(
|
|||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
|
||||
mbedtls_zeroize( md5sum, sizeof( md5sum ) );
|
||||
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
|
||||
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
@ -5087,7 +5089,7 @@ static void ssl_calc_finished_tls(
|
|||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
@ -5137,7 +5139,7 @@ static void ssl_calc_finished_tls_sha256(
|
|||
|
||||
mbedtls_sha256_free( &sha256 );
|
||||
|
||||
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
@ -5186,7 +5188,7 @@ static void ssl_calc_finished_tls_sha384(
|
|||
|
||||
mbedtls_sha512_free( &sha512 );
|
||||
|
||||
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
@ -6105,7 +6107,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
|||
|
||||
if( conf->psk != NULL )
|
||||
{
|
||||
mbedtls_zeroize( conf->psk, conf->psk_len );
|
||||
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
|
||||
|
||||
mbedtls_free( conf->psk );
|
||||
conf->psk = NULL;
|
||||
|
@ -6148,7 +6150,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
|
|||
|
||||
if( ssl->handshake->psk != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len );
|
||||
mbedtls_platform_zeroize( ssl->handshake->psk,
|
||||
ssl->handshake->psk_len );
|
||||
mbedtls_free( ssl->handshake->psk );
|
||||
ssl->handshake->psk_len = 0;
|
||||
}
|
||||
|
@ -6278,7 +6281,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
|||
|
||||
if( ssl->hostname != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
|
||||
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
|
||||
mbedtls_free( ssl->hostname );
|
||||
}
|
||||
|
||||
|
@ -6485,6 +6488,61 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
|
|||
return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/*
|
||||
* Case A: We're currently holding back
|
||||
* a message for further processing.
|
||||
*/
|
||||
|
||||
if( ssl->keep_current_message == 1 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Case B: Further records are pending in the current datagram.
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->in_left > ssl->next_record_offset )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
|
||||
return( 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/*
|
||||
* Case C: A handshake message is being processed.
|
||||
*/
|
||||
|
||||
if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Case D: An application data message is being processed
|
||||
*/
|
||||
if( ssl->in_offt != NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* In all other cases, the rest of the message can be dropped.
|
||||
* As in ssl_read_record_layer, this needs to be adapted if
|
||||
* we implement support for multiple alerts in single records.
|
||||
*/
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->session != NULL )
|
||||
|
@ -6892,42 +6950,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO
|
||||
*
|
||||
* The logic should be streamlined here:
|
||||
*
|
||||
* Instead of
|
||||
*
|
||||
* - Manually checking whether ssl->in_offt is NULL
|
||||
* - Fetching a new record if yes
|
||||
* - Setting ssl->in_offt if one finds an application record
|
||||
* - Resetting keep_current_message after handling the application data
|
||||
*
|
||||
* one should
|
||||
*
|
||||
* - Adapt read_record to set ssl->in_offt automatically
|
||||
* when a new application data record is processed.
|
||||
* - Always call mbedtls_ssl_read_record here.
|
||||
*
|
||||
* This way, the logic of ssl_read would be much clearer:
|
||||
*
|
||||
* (1) Always call record layer and see what kind of record is on
|
||||
* and have it ready for consumption (in particular, in_offt
|
||||
* properly set for application data records).
|
||||
* (2) If it's application data (either freshly fetched
|
||||
* or something already being partially processed),
|
||||
* serve the read request from it.
|
||||
* (3) If it's something different from application data,
|
||||
* handle it accordingly, e.g. potentially start a
|
||||
* renegotiation.
|
||||
*
|
||||
* This will also remove the need to manually reset
|
||||
* ssl->keep_current_message = 0 below.
|
||||
*
|
||||
*/
|
||||
|
||||
if( ssl->in_offt == NULL )
|
||||
/* Loop as long as no application data record is available */
|
||||
while( ssl->in_offt == NULL )
|
||||
{
|
||||
/* Start timer if not already running */
|
||||
if( ssl->f_get_timer != NULL &&
|
||||
|
@ -6981,7 +7005,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
/* With DTLS, drop the packet (probably from last handshake) */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
{
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
|
@ -6996,7 +7022,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
/* With DTLS, drop the packet (probably from last handshake) */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
{
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
|
@ -7069,7 +7097,25 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
}
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
/* At this point, we don't know whether the renegotiation has been
|
||||
* completed or not. The cases to consider are the following:
|
||||
* 1) The renegotiation is complete. In this case, no new record
|
||||
* has been read yet.
|
||||
* 2) The renegotiation is incomplete because the client received
|
||||
* an application data record while awaiting the ServerHello.
|
||||
* 3) The renegotiation is incomplete because the client received
|
||||
* a non-handshake, non-application data message while awaiting
|
||||
* the ServerHello.
|
||||
* In each of these case, looping will be the proper action:
|
||||
* - For 1), the next iteration will read a new record and check
|
||||
* if it's application data.
|
||||
* - For 2), the loop condition isn't satisfied as application data
|
||||
* is present, hence continue is the same as break
|
||||
* - For 3), the loop condition is satisfied and read_record
|
||||
* will re-deliver the message that was held back by the client
|
||||
* when expecting the ServerHello.
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||
|
@ -7324,7 +7370,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
|
|||
mbedtls_md_free( &transform->md_ctx_enc );
|
||||
mbedtls_md_free( &transform->md_ctx_dec );
|
||||
|
||||
mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
|
||||
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
@ -7384,7 +7430,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( handshake->psk != NULL )
|
||||
{
|
||||
mbedtls_zeroize( handshake->psk, handshake->psk_len );
|
||||
mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
|
||||
mbedtls_free( handshake->psk );
|
||||
}
|
||||
#endif
|
||||
|
@ -7414,7 +7460,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
|
|||
ssl_flight_free( handshake->flight );
|
||||
#endif
|
||||
|
||||
mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
|
||||
mbedtls_platform_zeroize( handshake,
|
||||
sizeof( mbedtls_ssl_handshake_params ) );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
||||
|
@ -7434,7 +7481,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
|||
mbedtls_free( session->ticket );
|
||||
#endif
|
||||
|
||||
mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
|
||||
mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -7449,20 +7496,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ssl->out_buf != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_free( ssl->out_buf );
|
||||
}
|
||||
|
||||
if( ssl->in_buf != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_free( ssl->in_buf );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
if( ssl->compress_buf != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
|
||||
mbedtls_free( ssl->compress_buf );
|
||||
}
|
||||
#endif
|
||||
|
@ -7493,7 +7540,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( ssl->hostname != NULL )
|
||||
{
|
||||
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
|
||||
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
|
||||
mbedtls_free( ssl->hostname );
|
||||
}
|
||||
#endif
|
||||
|
@ -7513,7 +7560,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
|
||||
|
||||
/* Actually clear after last debug message */
|
||||
mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
|
||||
mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -7740,11 +7787,17 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( conf->psk != NULL )
|
||||
{
|
||||
mbedtls_zeroize( conf->psk, conf->psk_len );
|
||||
mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
|
||||
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
|
||||
mbedtls_free( conf->psk );
|
||||
mbedtls_free( conf->psk_identity );
|
||||
conf->psk = NULL;
|
||||
conf->psk_len = 0;
|
||||
}
|
||||
|
||||
if( conf->psk_identity != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
|
||||
mbedtls_free( conf->psk_identity );
|
||||
conf->psk_identity = NULL;
|
||||
conf->psk_identity_len = 0;
|
||||
}
|
||||
#endif
|
||||
|
@ -7753,7 +7806,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
|||
ssl_key_cert_free( conf->key_cert );
|
||||
#endif
|
||||
|
||||
mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
|
||||
mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
|
|
|
@ -111,8 +111,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
|
|||
mbedtls_mutex_lock = mutex_lock;
|
||||
mbedtls_mutex_unlock = mutex_unlock;
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -120,8 +124,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
|
|||
*/
|
||||
void mbedtls_threading_free_alt( void )
|
||||
{
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
||||
|
@ -131,7 +139,11 @@ void mbedtls_threading_free_alt( void )
|
|||
#ifndef MUTEX_INIT
|
||||
#define MUTEX_INIT
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
|
||||
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -90,6 +90,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_ARC4_ALT)
|
||||
"MBEDTLS_ARC4_ALT",
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
#if defined(MBEDTLS_ARIA_ALT)
|
||||
"MBEDTLS_ARIA_ALT",
|
||||
#endif /* MBEDTLS_ARIA_ALT */
|
||||
#if defined(MBEDTLS_BLOWFISH_ALT)
|
||||
"MBEDTLS_BLOWFISH_ALT",
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
@ -237,6 +240,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_AES_ROM_TABLES)
|
||||
"MBEDTLS_AES_ROM_TABLES",
|
||||
#endif /* MBEDTLS_AES_ROM_TABLES */
|
||||
#if defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
"MBEDTLS_AES_FEWER_TABLES",
|
||||
#endif /* MBEDTLS_AES_FEWER_TABLES */
|
||||
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
|
||||
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
|
||||
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
|
||||
|
@ -306,6 +312,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
"MBEDTLS_ECP_DP_CURVE25519_ENABLED",
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
"MBEDTLS_ECP_DP_CURVE448_ENABLED",
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_NIST_OPTIM)
|
||||
"MBEDTLS_ECP_NIST_OPTIM",
|
||||
#endif /* MBEDTLS_ECP_NIST_OPTIM */
|
||||
|
@ -525,6 +534,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
"MBEDTLS_CAMELLIA_C",
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
"MBEDTLS_ARIA_C",
|
||||
#endif /* MBEDTLS_ARIA_C */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
"MBEDTLS_CCM_C",
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
|
|
@ -39,6 +39,7 @@
|
|||
|
||||
#include "mbedtls/x509_crl.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -66,11 +67,6 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Version ::= INTEGER { v1(0), v2(1) }
|
||||
*/
|
||||
|
@ -616,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
|
|||
|
||||
ret = mbedtls_x509_crl_parse( chain, buf, n );
|
||||
|
||||
mbedtls_zeroize( buf, n );
|
||||
mbedtls_platform_zeroize( buf, n );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
|
@ -737,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
|||
{
|
||||
name_prv = name_cur;
|
||||
name_cur = name_cur->next;
|
||||
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
||||
mbedtls_free( name_prv );
|
||||
}
|
||||
|
||||
|
@ -746,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
|||
{
|
||||
entry_prv = entry_cur;
|
||||
entry_cur = entry_cur->next;
|
||||
mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
|
||||
mbedtls_platform_zeroize( entry_prv,
|
||||
sizeof( mbedtls_x509_crl_entry ) );
|
||||
mbedtls_free( entry_prv );
|
||||
}
|
||||
|
||||
if( crl_cur->raw.p != NULL )
|
||||
{
|
||||
mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
|
||||
mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
|
||||
mbedtls_free( crl_cur->raw.p );
|
||||
}
|
||||
|
||||
|
@ -766,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
|||
crl_prv = crl_cur;
|
||||
crl_cur = crl_cur->next;
|
||||
|
||||
mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
|
||||
mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
|
||||
if( crl_prv != crl )
|
||||
mbedtls_free( crl_prv );
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue