AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #4511 from mstarzyk-mobica/mbedtls_private_with_python

Browse Source 
Introduce scripts automating wrapping structs members with MBEDTLS_PRIVATE macro
This commit is contained in:
Ronald Cron 2021-06-14 17:36:39 +02:00 committed by GitHub
commit 823f594db5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
111 changed files with 987 additions and 893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doxygen/mbedtls.doxyfile
View File

@ -1577,13 +1577,13 @@ ENABLE_PREPROCESSING = YES
# compilation will be performed. Macro expansion can be done in a controlled # compilation will be performed. Macro expansion can be done in a controlled
# way by setting EXPAND_ONLY_PREDEF to YES. # way by setting EXPAND_ONLY_PREDEF to YES.
MACRO_EXPANSION = NO MACRO_EXPANSION = YES
# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
# then the macro expansion is limited to the macros specified with the # then the macro expansion is limited to the macros specified with the
# PREDEFINED and EXPAND_AS_DEFINED tags. # PREDEFINED and EXPAND_AS_DEFINED tags.
EXPAND_ONLY_PREDEF = NO EXPAND_ONLY_PREDEF = YES
# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
# pointed to by INCLUDE_PATH will be searched when a #include is found. # pointed to by INCLUDE_PATH will be searched when a #include is found.
@ -1630,7 +1630,7 @@ PREDEFINED = WIN32 \
# Use the PREDEFINED tag if you want to use a different macro definition that # Use the PREDEFINED tag if you want to use a different macro definition that
# overrules the definition found in the source code. # overrules the definition found in the source code.
EXPAND_AS_DEFINED = EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
# doxygen's preprocessor will remove all references to function-like macros # doxygen's preprocessor will remove all references to function-like macros

11
include/mbedtls/aes.h
View File

@ -39,6 +39,7 @@
#ifndef MBEDTLS_AES_H #ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H #define MBEDTLS_AES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -78,9 +79,9 @@ extern "C" {
*/ */
typedef struct mbedtls_aes_context typedef struct mbedtls_aes_context
{ {
int nr; /*!< The number of rounds. */ int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */ uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for hold 32 extra Bytes, which can be used for
one of the following purposes: one of the following purposes:
<ul><li>Alignment if VIA padlock is <ul><li>Alignment if VIA padlock is
@ -97,9 +98,9 @@ mbedtls_aes_context;
*/ */
typedef struct mbedtls_aes_xts_context typedef struct mbedtls_aes_xts_context
{ {
mbedtls_aes_context crypt; /*!< The AES context to use for AES block mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */ encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */ computation. */
} mbedtls_aes_xts_context; } mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */ #endif /* MBEDTLS_CIPHER_MODE_XTS */

7
include/mbedtls/arc4.h
View File

@ -25,6 +25,7 @@
*/ */
#ifndef MBEDTLS_ARC4_H #ifndef MBEDTLS_ARC4_H
#define MBEDTLS_ARC4_H #define MBEDTLS_ARC4_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -51,9 +52,9 @@ extern "C" {
*/ */
typedef struct mbedtls_arc4_context typedef struct mbedtls_arc4_context
{ {
int x; /*!< permutation index */ int MBEDTLS_PRIVATE(x); /*!< permutation index */
int y; /*!< permutation index */ int MBEDTLS_PRIVATE(y); /*!< permutation index */
unsigned char m[256]; /*!< permutation table */ unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */
} }
mbedtls_arc4_context; mbedtls_arc4_context;

5
include/mbedtls/aria.h
View File

@ -28,6 +28,7 @@
#ifndef MBEDTLS_ARIA_H #ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H #define MBEDTLS_ARIA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -64,9 +65,9 @@ extern "C" {
*/ */
typedef struct mbedtls_aria_context typedef struct mbedtls_aria_context
{ {
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */ unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */ /*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
} }
mbedtls_aria_context; mbedtls_aria_context;

25
include/mbedtls/asn1.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_ASN1_H #ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -148,9 +149,9 @@ extern "C" {
*/ */
typedef struct mbedtls_asn1_buf typedef struct mbedtls_asn1_buf
{ {
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
} }
mbedtls_asn1_buf; mbedtls_asn1_buf;
@ -159,9 +160,9 @@ mbedtls_asn1_buf;
*/ */
typedef struct mbedtls_asn1_bitstring typedef struct mbedtls_asn1_bitstring
{ {
size_t len; /**< ASN1 length, in octets. */ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */ unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */ unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
} }
mbedtls_asn1_bitstring; mbedtls_asn1_bitstring;
@ -170,8 +171,8 @@ mbedtls_asn1_bitstring;
*/ */
typedef struct mbedtls_asn1_sequence typedef struct mbedtls_asn1_sequence
{ {
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
} }
mbedtls_asn1_sequence; mbedtls_asn1_sequence;
@ -180,10 +181,10 @@ mbedtls_asn1_sequence;
*/ */
typedef struct mbedtls_asn1_named_data typedef struct mbedtls_asn1_named_data
{ {
mbedtls_asn1_buf oid; /**< The object identifier. */ mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */ mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
unsigned char next_merged; /**< Merge next item into the current one? */ unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
} }
mbedtls_asn1_named_data; mbedtls_asn1_named_data;

7
include/mbedtls/bignum.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_BIGNUM_H #ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -183,9 +184,9 @@ extern "C" {
*/ */
typedef struct mbedtls_mpi typedef struct mbedtls_mpi
{ {
int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t n; /*!< total # of limbs */ size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
mbedtls_mpi_uint *p; /*!< pointer to limbs */ mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
} }
mbedtls_mpi; mbedtls_mpi;

5
include/mbedtls/blowfish.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_BLOWFISH_H #ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H #define MBEDTLS_BLOWFISH_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -57,8 +58,8 @@ extern "C" {
*/ */
typedef struct mbedtls_blowfish_context typedef struct mbedtls_blowfish_context
{ {
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */ uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */
} }
mbedtls_blowfish_context; mbedtls_blowfish_context;

5
include/mbedtls/camellia.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_CAMELLIA_H #ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -53,8 +54,8 @@ extern "C" {
*/ */
typedef struct mbedtls_camellia_context typedef struct mbedtls_camellia_context
{ {
int nr; /*!< number of rounds */ int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */ uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
} }
mbedtls_camellia_context; mbedtls_camellia_context;

3
include/mbedtls/ccm.h
View File

@ -46,6 +46,7 @@
#ifndef MBEDTLS_CCM_H #ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H #define MBEDTLS_CCM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -77,7 +78,7 @@ extern "C" {
*/ */
typedef struct mbedtls_ccm_context typedef struct mbedtls_ccm_context
{ {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} }
mbedtls_ccm_context; mbedtls_ccm_context;

7
include/mbedtls/chacha20.h
View File

@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHA20_H #ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H #define MBEDTLS_CHACHA20_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -51,9 +52,9 @@ extern "C" {
typedef struct mbedtls_chacha20_context typedef struct mbedtls_chacha20_context
{ {
uint32_t state[16]; /*! The state (before round operations). */ uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */ uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */ size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
} }
mbedtls_chacha20_context; mbedtls_chacha20_context;

13
include/mbedtls/chachapoly.h
View File

@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHAPOLY_H #ifndef MBEDTLS_CHACHAPOLY_H
#define MBEDTLS_CHACHAPOLY_H #define MBEDTLS_CHACHAPOLY_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -61,12 +62,12 @@ mbedtls_chachapoly_mode_t;
typedef struct mbedtls_chachapoly_context typedef struct mbedtls_chachapoly_context
{ {
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */ mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */ uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */ uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
int state; /**< The current state of the context. */ int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */ mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
} }
mbedtls_chachapoly_context; mbedtls_chachapoly_context;

73
include/mbedtls/cipher.h
View File

@ -26,6 +26,7 @@
#ifndef MBEDTLS_CIPHER_H #ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H #define MBEDTLS_CIPHER_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -267,37 +268,37 @@ typedef struct mbedtls_cipher_info_t
/** Full cipher identifier. For example, /** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC. * MBEDTLS_CIPHER_AES_256_CBC.
*/ */
mbedtls_cipher_type_t type; mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */ /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
mbedtls_cipher_mode_t mode; mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
/** The cipher key length, in bits. This is the /** The cipher key length, in bits. This is the
* default length for variable sized ciphers. * default length for variable sized ciphers.
* Includes parity bits for ciphers like DES. * Includes parity bits for ciphers like DES.
*/ */
unsigned int key_bitlen; unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */ /** Name of the cipher. */
const char * name; const char * MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes. /** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes, * For ciphers that accept variable IV sizes,
* this is the recommended size. * this is the recommended size.
*/ */
unsigned int iv_size; unsigned int MBEDTLS_PRIVATE(iv_size);
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively. * cipher supports variable IV or variable key sizes, respectively.
*/ */
int flags; int MBEDTLS_PRIVATE(flags);
/** The block size, in Bytes. */ /** The block size, in Bytes. */
unsigned int block_size; unsigned int MBEDTLS_PRIVATE(block_size);
/** Struct for base cipher information and functions. */ /** Struct for base cipher information and functions. */
const mbedtls_cipher_base_t *base; const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
} mbedtls_cipher_info_t; } mbedtls_cipher_info_t;
@ -307,43 +308,43 @@ typedef struct mbedtls_cipher_info_t
typedef struct mbedtls_cipher_context_t typedef struct mbedtls_cipher_context_t
{ {
/** Information about the associated cipher. */ /** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
/** Key length to use. */ /** Key length to use. */
int key_bitlen; int MBEDTLS_PRIVATE(key_bitlen);
/** Operation that the key of the context has been /** Operation that the key of the context has been
* initialized for. * initialized for.
*/ */
mbedtls_operation_t operation; mbedtls_operation_t MBEDTLS_PRIVATE(operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for /** Padding functions to use, if relevant for
* the specific cipher mode. * the specific cipher mode.
*/ */
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
#endif #endif
/** Buffer for input that has not been processed yet. */ /** Buffer for input that has not been processed yet. */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */ /** Number of Bytes that have not been processed yet. */
size_t unprocessed_len; size_t MBEDTLS_PRIVATE(unprocessed_len);
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */ * for XTS-mode. */
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */ /** IV size in Bytes, for ciphers with variable-length IVs. */
size_t iv_size; size_t MBEDTLS_PRIVATE(iv_size);
/** The cipher-specific context. */ /** The cipher-specific context. */
void *cipher_ctx; void *MBEDTLS_PRIVATE(cipher_ctx);
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */ /** CMAC-specific context. */
mbedtls_cmac_context_t *cmac_ctx; mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -354,7 +355,7 @@ typedef struct mbedtls_cipher_context_t
* mbedtls_cipher_setup(), and set if it was established through * mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa(). * mbedtls_cipher_setup_psa().
*/ */
unsigned char psa_enabled; unsigned char MBEDTLS_PRIVATE(psa_enabled);
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t; } mbedtls_cipher_context_t;
@ -504,10 +505,10 @@ static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx ) const mbedtls_cipher_context_t *ctx )
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0; return 0;
return ctx->cipher_info->block_size; return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
} }
/** /**
@ -523,10 +524,10 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx ) const mbedtls_cipher_context_t *ctx )
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_MODE_NONE; return MBEDTLS_MODE_NONE;
return ctx->cipher_info->mode; return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
} }
/** /**
@ -543,13 +544,13 @@ static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx ) const mbedtls_cipher_context_t *ctx )
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0; return 0;
if( ctx->iv_size != 0 ) if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
return (int) ctx->iv_size; return (int) ctx->MBEDTLS_PRIVATE(iv_size);
return (int) ctx->cipher_info->iv_size; return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
} }
/** /**
@ -565,10 +566,10 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE ); ctx != NULL, MBEDTLS_CIPHER_NONE );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_CIPHER_NONE; return MBEDTLS_CIPHER_NONE;
return ctx->cipher_info->type; return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
} }
/** /**
@ -584,10 +585,10 @@ static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx ) const mbedtls_cipher_context_t *ctx )
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0; return 0;
return ctx->cipher_info->name; return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
} }
/** /**
@ -604,10 +605,10 @@ static inline int mbedtls_cipher_get_key_bitlen(
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_KEY_LENGTH_NONE; return MBEDTLS_KEY_LENGTH_NONE;
return (int) ctx->cipher_info->key_bitlen; return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
} }
/** /**
@ -623,10 +624,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
{ {
MBEDTLS_INTERNAL_VALIDATE_RET( MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE ); ctx != NULL, MBEDTLS_OPERATION_NONE );
if( ctx->cipher_info == NULL ) if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_OPERATION_NONE; return MBEDTLS_OPERATION_NONE;
return ctx->operation; return ctx->MBEDTLS_PRIVATE(operation);
} }
/** /**

7
include/mbedtls/cmac.h
View File

@ -25,6 +25,7 @@
#ifndef MBEDTLS_CMAC_H #ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -55,14 +56,14 @@ extern "C" {
struct mbedtls_cmac_context_t struct mbedtls_cmac_context_t
{ {
/** The internal state of the CMAC algorithm. */ /** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still /** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */ * pending processing, or the final block. */
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */ /** The length of data pending processing. */
size_t unprocessed_len; size_t MBEDTLS_PRIVATE(unprocessed_len);
}; };
#else /* !MBEDTLS_CMAC_ALT */ #else /* !MBEDTLS_CMAC_ALT */

19
include/mbedtls/ctr_drbg.h
View File

@ -40,6 +40,7 @@
#ifndef MBEDTLS_CTR_DRBG_H #ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H #define MBEDTLS_CTR_DRBG_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -168,8 +169,8 @@ extern "C" {
*/ */
typedef struct mbedtls_ctr_drbg_context typedef struct mbedtls_ctr_drbg_context
{ {
unsigned char counter[16]; /*!< The counter (V). */ unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter. int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have * This is the number of requests that have
* been made since the last (re)seeding, * been made since the last (re)seeding,
* minus one. * minus one.
@ -179,25 +180,25 @@ typedef struct mbedtls_ctr_drbg_context
* or -1 if no nonce length has been explicitly * or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()). * set (see mbedtls_ctr_drbg_set_nonce_len()).
*/ */
int prediction_resistance; /*!< This determines whether prediction int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is resistance is enabled, that is
whether to systematically reseed before whether to systematically reseed before
each random generation. */ each random generation. */
size_t entropy_len; /*!< The amount of entropy grabbed on each size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */ seed or reseed operation, in bytes. */
int reseed_interval; /*!< The reseed interval. int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests * This is the maximum number of requests
* that can be made between reseedings. */ * that can be made between reseedings. */
mbedtls_aes_context aes_ctx; /*!< The AES context. */ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/* /*
* Callbacks (Entropy) * Callbacks (Entropy)
*/ */
int (*f_entropy)(void *, unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */ /*!< The entropy callback function. */
void *p_entropy; /*!< The context for the entropy function. */ void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL. /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@ -207,7 +208,7 @@ typedef struct mbedtls_ctr_drbg_context
* Note that this invariant may change without notice. Do not rely on it * Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code. * and do not access the mutex directly in application code.
*/ */
mbedtls_threading_mutex_t mutex; mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif #endif
} }
mbedtls_ctr_drbg_context; mbedtls_ctr_drbg_context;

5
include/mbedtls/des.h
View File

@ -26,6 +26,7 @@
*/ */
#ifndef MBEDTLS_DES_H #ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H #define MBEDTLS_DES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -60,7 +61,7 @@ extern "C" {
*/ */
typedef struct mbedtls_des_context typedef struct mbedtls_des_context
{ {
uint32_t sk[32]; /*!< DES subkeys */ uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
} }
mbedtls_des_context; mbedtls_des_context;
@ -69,7 +70,7 @@ mbedtls_des_context;
*/ */
typedef struct mbedtls_des3_context typedef struct mbedtls_des3_context
{ {
uint32_t sk[96]; /*!< 3DES subkeys */ uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
} }
mbedtls_des3_context; mbedtls_des3_context;

23
include/mbedtls/dhm.h
View File

@ -62,6 +62,7 @@
#ifndef MBEDTLS_DHM_H #ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H #define MBEDTLS_DHM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -95,17 +96,17 @@ extern "C" {
*/ */
typedef struct mbedtls_dhm_context typedef struct mbedtls_dhm_context
{ {
size_t len; /*!< The size of \p P in Bytes. */ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
mbedtls_mpi X; /*!< Our secret value. */ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */ mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */ mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */ mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
mbedtls_mpi Vi; /*!< The blinding value. */ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_mpi Vf; /*!< The unblinding value. */ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi pX; /*!< The previous \c X. */ mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
} }
mbedtls_dhm_context; mbedtls_dhm_context;

49
include/mbedtls/ecdh.h
View File

@ -31,6 +31,7 @@
#ifndef MBEDTLS_ECDH_H #ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H #define MBEDTLS_ECDH_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -102,13 +103,13 @@ typedef enum
*/ */
typedef struct mbedtls_ecdh_context_mbed typedef struct mbedtls_ecdh_context_mbed
{ {
mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi z; /*!< The shared secret. */ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif #endif
} mbedtls_ecdh_context_mbed; } mbedtls_ecdh_context_mbed;
#endif #endif
@ -123,35 +124,35 @@ typedef struct mbedtls_ecdh_context_mbed
typedef struct mbedtls_ecdh_context typedef struct mbedtls_ecdh_context
{ {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi z; /*!< The shared secret. */ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
int point_format; /*!< The format of point export in TLS messages. */ int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
mbedtls_ecp_point Vi; /*!< The blinding value. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_ecp_point Vf; /*!< The unblinding value. */ mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi _d; /*!< The previous \p d. */ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
int restart_enabled; /*!< The flag for restartable mode. */ int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECP_RESTARTABLE */
#else #else
uint8_t point_format; /*!< The format of point export in TLS messages uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
as defined in RFC 4492. */ as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */ mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
union union
{ {
mbedtls_ecdh_context_mbed mbed_ecdh; mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh; mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
#endif #endif
} ctx; /*!< Implementation-specific context. The } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var context in use is specified by the \c var
field. */ field. */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
an alternative implementation not supporting an alternative implementation not supporting
restartable mode must return restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error

9
include/mbedtls/ecdsa.h
View File

@ -29,6 +29,7 @@
#ifndef MBEDTLS_ECDSA_H #ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H #define MBEDTLS_ECDSA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -107,12 +108,12 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
*/ */
typedef struct typedef struct
{ {
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
shared administrative info */ shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */ mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */ mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
#endif #endif
} mbedtls_ecdsa_restart_ctx; } mbedtls_ecdsa_restart_ctx;

25
include/mbedtls/ecjpake.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_ECJPAKE_H #ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H
#include "mbedtls/private_access.h"
/* /*
* J-PAKE is a password-authenticated key exchange that allows deriving a * J-PAKE is a password-authenticated key exchange that allows deriving a
@ -73,21 +74,21 @@ typedef enum {
*/ */
typedef struct mbedtls_ecjpake_context typedef struct mbedtls_ecjpake_context
{ {
const mbedtls_md_info_t *md_info; /**< Hash to use */ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
int point_format; /**< Format for point export */ int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */ mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */ mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context; } mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */ #else /* MBEDTLS_ECJPAKE_ALT */

59
include/mbedtls/ecp.h
View File

@ -33,6 +33,7 @@
#ifndef MBEDTLS_ECP_H #ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H #define MBEDTLS_ECP_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -142,10 +143,10 @@ typedef enum
*/ */
typedef struct mbedtls_ecp_curve_info typedef struct mbedtls_ecp_curve_info
{ {
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */ uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
const char *name; /*!< A human-friendly name. */ const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info; } mbedtls_ecp_curve_info;
/** /**
@ -161,9 +162,9 @@ typedef struct mbedtls_ecp_curve_info
*/ */
typedef struct mbedtls_ecp_point typedef struct mbedtls_ecp_point
{ {
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
} }
mbedtls_ecp_point; mbedtls_ecp_point;
@ -210,26 +211,26 @@ mbedtls_ecp_point;
*/ */
typedef struct mbedtls_ecp_group typedef struct mbedtls_ecp_group
{ {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For
Montgomery curves: <code>(A + 2) / 4</code>. */ Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */ For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */
mbedtls_mpi N; /*!< The order of \p G. */ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */
size_t pbits; /*!< The number of bits in \p P.*/ size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the For Montgomery curves: the number of bits in the
private keys. */ private keys. */
unsigned int h; /*!< \internal 1 if the constants are static. */ unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/ mod \p P (see above).*/
int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
void *t_data; /*!< Unused. */ void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
size_t T_size; /*!< The number of dynamic allocated pre-computed points. */ size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
} }
mbedtls_ecp_group; mbedtls_ecp_group;
@ -317,10 +318,10 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
*/ */
typedef struct typedef struct
{ {
unsigned ops_done; /*!< current ops count */ unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */ unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
} mbedtls_ecp_restart_ctx; } mbedtls_ecp_restart_ctx;
/* /*
@ -370,9 +371,9 @@ typedef void mbedtls_ecp_restart_ctx;
*/ */
typedef struct mbedtls_ecp_keypair typedef struct mbedtls_ecp_keypair
{ {
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
} }
mbedtls_ecp_keypair; mbedtls_ecp_keypair;

25
include/mbedtls/entropy.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_ENTROPY_H #ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -104,11 +105,11 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
*/ */
typedef struct mbedtls_entropy_source_state typedef struct mbedtls_entropy_source_state
{ {
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */ mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
void * p_source; /**< The callback data pointer */ void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
size_t size; /**< Amount received in bytes */ size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
size_t threshold; /**< Minimum bytes required before release */ size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
int strong; /**< Is the source strong? */ int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
} }
mbedtls_entropy_source_state; mbedtls_entropy_source_state;
@ -117,21 +118,21 @@ mbedtls_entropy_source_state;
*/ */
typedef struct mbedtls_entropy_context typedef struct mbedtls_entropy_context
{ {
int accumulator_started; /* 0 after init. int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update. * 1 after the first update.
* -1 after free. */ * -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_context accumulator; mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else #else
mbedtls_sha256_context accumulator; mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif #endif
int source_count; /* Number of entries used in source. */ int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES]; mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< mutex */ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif #endif
#if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_ENTROPY_NV_SEED)
int initial_entropy_run; int MBEDTLS_PRIVATE(initial_entropy_run);
#endif #endif
} }
mbedtls_entropy_context; mbedtls_entropy_context;

19
include/mbedtls/gcm.h
View File

@ -30,6 +30,7 @@
#ifndef MBEDTLS_GCM_H #ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H #define MBEDTLS_GCM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -58,15 +59,15 @@ extern "C" {
*/ */
typedef struct mbedtls_gcm_context typedef struct mbedtls_gcm_context
{ {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t len; /*!< The total length of the encrypted data. */ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
uint64_t add_len; /*!< The total length of the additional data. */ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
unsigned char y[16]; /*!< The Y working value. */ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
unsigned char buf[16]; /*!< The buf working value. */ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
int mode; /*!< The operation to perform: int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or #MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */ #MBEDTLS_GCM_DECRYPT. */
} }

19
include/mbedtls/hmac_drbg.h
View File

@ -25,6 +25,7 @@
*/ */
#ifndef MBEDTLS_HMAC_DRBG_H #ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -86,19 +87,19 @@ typedef struct mbedtls_hmac_drbg_context
{ {
/* Working state: the key K is not stored explicitly, /* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */ * but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
int reseed_counter; /*!< reseed counter */ int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */ /* Administrative state */
size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */ size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
int prediction_resistance; /*!< enable prediction resistance (Automatic int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */ reseed before every random generation) */
int reseed_interval; /*!< reseed interval */ int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */ /* Callbacks */
int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
void *p_entropy; /*!< context for the entropy function */ void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if /* Invariant: the mutex is initialized if and only if
@ -109,7 +110,7 @@ typedef struct mbedtls_hmac_drbg_context
* Note that this invariant may change without notice. Do not rely on it * Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code. * and do not access the mutex directly in application code.
*/ */
mbedtls_threading_mutex_t mutex; mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif #endif
} mbedtls_hmac_drbg_context; } mbedtls_hmac_drbg_context;

7
include/mbedtls/md.h
View File

@ -24,6 +24,7 @@
#ifndef MBEDTLS_MD_H #ifndef MBEDTLS_MD_H
#define MBEDTLS_MD_H #define MBEDTLS_MD_H
#include "mbedtls/private_access.h"
#include <stddef.h> #include <stddef.h>
@ -93,13 +94,13 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
typedef struct mbedtls_md_context_t typedef struct mbedtls_md_context_t
{ {
/** Information about the associated message digest. */ /** Information about the associated message digest. */
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
/** The digest-specific context. */ /** The digest-specific context. */
void *md_ctx; void *MBEDTLS_PRIVATE(md_ctx);
/** The HMAC part of the context. */ /** The HMAC part of the context. */
void *hmac_ctx; void *MBEDTLS_PRIVATE(hmac_ctx);
} mbedtls_md_context_t; } mbedtls_md_context_t;
/** /**

9
include/mbedtls/md2.h
View File

@ -26,6 +26,7 @@
*/ */
#ifndef MBEDTLS_MD2_H #ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H #define MBEDTLS_MD2_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -53,10 +54,10 @@ extern "C" {
*/ */
typedef struct mbedtls_md2_context typedef struct mbedtls_md2_context
{ {
unsigned char cksum[16]; /*!< checksum of the data block */ unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */ unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */ unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */
size_t left; /*!< amount of data in buffer */ size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */
} }
mbedtls_md2_context; mbedtls_md2_context;

7
include/mbedtls/md4.h
View File

@ -26,6 +26,7 @@
*/ */
#ifndef MBEDTLS_MD4_H #ifndef MBEDTLS_MD4_H
#define MBEDTLS_MD4_H #define MBEDTLS_MD4_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -54,9 +55,9 @@ extern "C" {
*/ */
typedef struct mbedtls_md4_context typedef struct mbedtls_md4_context
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
} }
mbedtls_md4_context; mbedtls_md4_context;

7
include/mbedtls/md5.h
View File

@ -25,6 +25,7 @@
*/ */
#ifndef MBEDTLS_MD5_H #ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H #define MBEDTLS_MD5_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -53,9 +54,9 @@ extern "C" {
*/ */
typedef struct mbedtls_md5_context typedef struct mbedtls_md5_context
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
} }
mbedtls_md5_context; mbedtls_md5_context;

3
include/mbedtls/net_sockets.h
View File

@ -37,6 +37,7 @@
*/ */
#ifndef MBEDTLS_NET_SOCKETS_H #ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -84,7 +85,7 @@ extern "C" {
*/ */
typedef struct mbedtls_net_context typedef struct mbedtls_net_context
{ {
int fd; /**< The underlying file descriptor */ int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
} }
mbedtls_net_context; mbedtls_net_context;

3
include/mbedtls/nist_kw.h
View File

@ -34,6 +34,7 @@
#ifndef MBEDTLS_NIST_KW_H #ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H #define MBEDTLS_NIST_KW_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -65,7 +66,7 @@ typedef enum
* Don't make any assumptions on this context! * Don't make any assumptions on this context!
*/ */
typedef struct { typedef struct {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context; } mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */ #else /* MBEDTLS_NIST_key wrapping_ALT */

9
include/mbedtls/oid.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_OID_H #ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H #define MBEDTLS_OID_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -440,11 +441,11 @@ extern "C" {
*/ */
typedef struct mbedtls_oid_descriptor_t typedef struct mbedtls_oid_descriptor_t
{ {
const char *asn1; /*!< OID ASN.1 representation */ const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
const char *name; /*!< official name (e.g. from RFC) */ const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
const char *description; /*!< human friendly description */ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif #endif
} mbedtls_oid_descriptor_t; } mbedtls_oid_descriptor_t;

7
include/mbedtls/pem.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_PEM_H #ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H #define MBEDTLS_PEM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -57,9 +58,9 @@ extern "C" {
*/ */
typedef struct mbedtls_pem_context typedef struct mbedtls_pem_context
{ {
unsigned char *buf; /*!< buffer for decoded data */ unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */ size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */ unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
} }
mbedtls_pem_context; mbedtls_pem_context;

23
include/mbedtls/pk.h
View File

@ -22,6 +22,7 @@
#ifndef MBEDTLS_PK_H #ifndef MBEDTLS_PK_H
#define MBEDTLS_PK_H #define MBEDTLS_PK_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -91,8 +92,8 @@ typedef enum {
*/ */
typedef struct mbedtls_pk_rsassa_pss_options typedef struct mbedtls_pk_rsassa_pss_options
{ {
mbedtls_md_type_t mgf1_hash_id; mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
int expected_salt_len; int MBEDTLS_PRIVATE(expected_salt_len);
} mbedtls_pk_rsassa_pss_options; } mbedtls_pk_rsassa_pss_options;
@ -163,9 +164,9 @@ typedef enum
*/ */
typedef struct mbedtls_pk_debug_item typedef struct mbedtls_pk_debug_item
{ {
mbedtls_pk_debug_type type; mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
const char *name; const char *MBEDTLS_PRIVATE(name);
void *value; void *MBEDTLS_PRIVATE(value);
} mbedtls_pk_debug_item; } mbedtls_pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */ /** Maximum number of item send for debugging, plus 1 */
@ -181,8 +182,8 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
*/ */
typedef struct mbedtls_pk_context typedef struct mbedtls_pk_context
{ {
const mbedtls_pk_info_t * pk_info; /**< Public key information */ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * pk_ctx; /**< Underlying public key context */ void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context; } mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@ -191,8 +192,8 @@ typedef struct mbedtls_pk_context
*/ */
typedef struct typedef struct
{ {
const mbedtls_pk_info_t * pk_info; /**< Public key information */ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * rs_ctx; /**< Underlying restart context */ void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx; } mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */ /* Now we can declare functions that take a pointer to that */
@ -208,7 +209,7 @@ typedef void mbedtls_pk_restart_ctx;
*/ */
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{ {
return( (mbedtls_rsa_context *) (pk).pk_ctx ); return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
@ -221,7 +222,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
*/ */
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{ {
return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */

3
include/mbedtls/platform.h
View File

@ -30,6 +30,7 @@
*/ */
#ifndef MBEDTLS_PLATFORM_H #ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -367,7 +368,7 @@ int mbedtls_platform_set_nv_seed(
*/ */
typedef struct mbedtls_platform_context typedef struct mbedtls_platform_context
{ {
char dummy; /**< A placeholder member, as empty structs are not portable. */ char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
} }
mbedtls_platform_context; mbedtls_platform_context;

11
include/mbedtls/poly1305.h
View File

@ -31,6 +31,7 @@
#ifndef MBEDTLS_POLY1305_H #ifndef MBEDTLS_POLY1305_H
#define MBEDTLS_POLY1305_H #define MBEDTLS_POLY1305_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -51,11 +52,11 @@ extern "C" {
typedef struct mbedtls_poly1305_context typedef struct mbedtls_poly1305_context
{ {
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */ uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
uint8_t queue[16]; /** The current partial block of data. */ uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
size_t queue_len; /** The number of bytes stored in 'queue'. */ size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
} }
mbedtls_poly1305_context; mbedtls_poly1305_context;

32
include/mbedtls/private_access.h Normal file
View File

@ -0,0 +1,32 @@
/**
* \file private_access.h
*
* \brief Macro wrapper for struct's memebrs.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_PRIVATE_ACCESS_H
#define MBEDTLS_PRIVATE_ACCESS_H
#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_PRIVATE(member) private_##member
#else
#define MBEDTLS_PRIVATE(member) member
#endif
#endif /* MBEDTLS_PRIVATE_ACCESS_H */

3
include/mbedtls/psa_util.h
View File

@ -25,6 +25,7 @@
#ifndef MBEDTLS_PSA_UTIL_H #ifndef MBEDTLS_PSA_UTIL_H
#define MBEDTLS_PSA_UTIL_H #define MBEDTLS_PSA_UTIL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -380,7 +381,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
if( curve_info == NULL ) if( curve_info == NULL )
return( 0 ); return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR( return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) ); mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */

7
include/mbedtls/ripemd160.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_RIPEMD160_H #ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -44,9 +45,9 @@ extern "C" {
*/ */
typedef struct mbedtls_ripemd160_context typedef struct mbedtls_ripemd160_context
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
} }
mbedtls_ripemd160_context; mbedtls_ripemd160_context;

41
include/mbedtls/rsa.h
View File

@ -27,6 +27,7 @@
*/ */
#ifndef MBEDTLS_RSA_H #ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H #define MBEDTLS_RSA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -81,48 +82,44 @@ extern "C" {
/** /**
* \brief The RSA context structure. * \brief The RSA context structure.
*
* \note Direct manipulation of the members of this structure
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/ */
typedef struct mbedtls_rsa_context typedef struct mbedtls_rsa_context
{ {
int ver; /*!< Reserved for internal purposes. int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application * Do not set this field in application
* code. Its meaning might change without * code. Its meaning might change without
* notice. */ * notice. */
size_t len; /*!< The size of \p N in Bytes. */ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
mbedtls_mpi N; /*!< The public modulus. */ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
mbedtls_mpi E; /*!< The public exponent. */ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
mbedtls_mpi D; /*!< The private exponent. */ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
mbedtls_mpi P; /*!< The first prime factor. */ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
mbedtls_mpi Q; /*!< The second prime factor. */ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi Vi; /*!< The cached blinding value. */ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
mbedtls_mpi Vf; /*!< The cached un-blinding value. */ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
int padding; /*!< Selects padding mode: int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF as specified in md.h for use in the MGF
mask generating function used in the mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */ EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */ /* Invariant: the mutex is initialized iff ver != 0. */
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif #endif
} }
mbedtls_rsa_context; mbedtls_rsa_context;

7
include/mbedtls/sha1.h
View File

@ -28,6 +28,7 @@
*/ */
#ifndef MBEDTLS_SHA1_H #ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -58,9 +59,9 @@ extern "C" {
*/ */
typedef struct mbedtls_sha1_context typedef struct mbedtls_sha1_context
{ {
uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
} }
mbedtls_sha1_context; mbedtls_sha1_context;

9
include/mbedtls/sha256.h
View File

@ -24,6 +24,7 @@
*/ */
#ifndef MBEDTLS_SHA256_H #ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -53,10 +54,10 @@ extern "C" {
*/ */
typedef struct mbedtls_sha256_context typedef struct mbedtls_sha256_context
{ {
uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
int is224; /*!< Determines which function to use: int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */ 0: Use SHA-256, or 1: Use SHA-224. */
} }
mbedtls_sha256_context; mbedtls_sha256_context;

11
include/mbedtls/sha512.h
View File

@ -23,6 +23,7 @@
*/ */
#ifndef MBEDTLS_SHA512_H #ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -52,12 +53,12 @@ extern "C" {
*/ */
typedef struct mbedtls_sha512_context typedef struct mbedtls_sha512_context
{ {
uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */ uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */ unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
int is384; /*!< Determines which function to use: int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */ 0: Use SHA-512, or 1: Use SHA-384. */
#endif #endif
} }
mbedtls_sha512_context; mbedtls_sha512_context;

327
include/mbedtls/ssl.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_SSL_H #ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H #define MBEDTLS_SSL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -897,11 +898,11 @@ typedef uint16_t mbedtls_ssl_srtp_profile;
typedef struct mbedtls_dtls_srtp_info_t typedef struct mbedtls_dtls_srtp_info_t
{ {
/*! The SRTP profile that was negotiated. */ /*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */ /*! The length of mki_value. */
uint16_t mki_len; uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */ /*! The mki_value used, with max size of 256 bytes. */
unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
} }
mbedtls_dtls_srtp_info; mbedtls_dtls_srtp_info;
@ -921,43 +922,43 @@ mbedtls_dtls_srtp_info;
struct mbedtls_ssl_session struct mbedtls_ssl_session
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t start; /*!< starting time */ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif #endif
int ciphersuite; /*!< chosen ciphersuite */ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
int compression; /*!< chosen compression */ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
size_t id_len; /*!< session id length */ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
unsigned char id[32]; /*!< session identifier */ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT /*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */ * changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *peer_cert_digest; unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
size_t peer_cert_digest_len; size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
mbedtls_md_type_t peer_cert_digest_type; mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
unsigned char *ticket; /*!< RFC 5077 session ticket */ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
size_t ticket_len; /*!< session ticket length */ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
uint32_t ticket_lifetime; /*!< ticket lifetime hint */ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation */ int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif #endif
}; };
@ -973,114 +974,114 @@ struct mbedtls_ssl_config
*/ */
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
const int *ciphersuite_list; const int *MBEDTLS_PRIVATE(ciphersuite_list);
/** Callback for printing debug output */ /** Callback for printing debug output */
void (*f_dbg)(void *, int, const char *, int, const char *); void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
void *p_dbg; /*!< context for the debug function */ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */ /** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */ /** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *f_get_cache; mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */ /** Callback to store a session into the cache */
mbedtls_ssl_cache_set_t *f_set_cache; mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
void *p_cache; /*!< context for cache callbacks */ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */ /** Callback for setting cert according to SNI extension */
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI callback */ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */ /** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */ /** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK callback */ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */ /** Callback to create & write a cookie for ClientHello veirifcation */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *, int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t ); const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */ /** Callback to verify validity of a ClientHello cookie */
int (*f_cookie_check)( void *, const unsigned char *, size_t, int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t ); const unsigned char *, size_t );
void *p_cookie; /*!< context for the cookie callbacks */ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */ /** Callback to create & write a session ticket */
int (*f_ticket_write)( void *, const mbedtls_ssl_session *, int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * ); unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */ /** Callback to parse a session ticket into a session structure */
int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *p_ticket; /*!< context for the ticket callbacks */ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */ /** Callback to export key block and master secret */
int (*f_export_keys)( void *, const unsigned char *, int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t ); const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret, /** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */ * tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *, int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t, const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32], const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types ); mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t f_ca_cb; mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
void *p_ca_cb; void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */ mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif #endif
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P; /*!< prime modulus for DHM */ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi dhm_G; /*!< generator for DHM */ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via * should only be set via
* mbedtls_ssl_conf_psk_opaque(). * mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been * If either no PSK or a raw PSK have been
@ -1088,22 +1089,22 @@ struct mbedtls_ssl_config
*/ */
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< The raw pre-shared key. This field should unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk(). * only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK * If either no PSK or an opaque PSK
* have been configured, this has value NULL. */ * have been configured, this has value NULL. */
size_t psk_len; /*!< The length of the raw pre-shared key. size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via * This field should only be set via
* mbedtls_ssl_conf_psk(). * mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if * Its value is non-zero if and only if
* \c psk is not \c NULL. */ * \c psk is not \c NULL. */
unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation. unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via * This field should only be set via
* mbedtls_ssl_conf_psk(). * mbedtls_ssl_conf_psk().
* This is set if and only if either * This is set if and only if either
* \c psk or \c psk_opaque are set. */ * \c psk or \c psk_opaque are set. */
size_t psk_identity_len;/*!< The length of PSK identity. size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via * This field should only be set via
* mbedtls_ssl_conf_psk(). * mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if * Its value is non-zero if and only if
@ -1112,264 +1113,264 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char **alpn_list; /*!< ordered list of protocols */ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */ /*! ordered list of supported srtp profile */
const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */ /*! number of supported profiles */
size_t dtls_srtp_profile_list_len; size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
/* /*
* Numerical settings (int then char) * Numerical settings (int then char)
*/ */
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min; /*!< initial value of the handshake uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */ retransmission timeout (ms) */
uint32_t hs_timeout_max; /*!< maximum value of the handshake uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */ retransmission timeout (ms) */
#endif #endif
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */ that triggers renegotiation */
#endif #endif
unsigned int badmac_limit; /*!< limit of records with a bad MAC */ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif #endif
unsigned char max_major_ver; /*!< max. major version used */ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char max_minor_ver; /*!< max. minor version used */ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char min_major_ver; /*!< min. major version used */ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char min_minor_ver; /*!< min. minor version used */ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/* /*
* Flags (bitfields) * Flags (bitfields)
*/ */
unsigned int endpoint : 1; /*!< 0: client, 1: server */ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int mfl_code : 3; /*!< desired fragment length */ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif #endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1; /*!< detect and prevent replay? */ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif #endif
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif #endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */ unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int session_tickets : 1; /*!< use session tickets? */ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */ Certificate Request messages? */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID * record with unexpected CID
* should lead to failure. */ * should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned int dtls_srtp_mki_support : 1; /* support having mki_value unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */ in the use_srtp extension */
#endif #endif
}; };
struct mbedtls_ssl_context struct mbedtls_ssl_context
{ {
const mbedtls_ssl_config *conf; /*!< configuration information */ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/* /*
* Miscellaneous * Miscellaneous
*/ */
int state; /*!< SSL handshake: current state */ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS, int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if number of retransmissions of request if
renego_max_records is < 0 */ renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
unsigned badmac_seen; /*!< records with a bad MAC received */ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */ /** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify callback */ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif #endif
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *f_recv_timeout; mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */ /*!< Callback for network receive with timeout */
void *p_bio; /*!< context for I/O operations */ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/* /*
* Session layer * Session layer
*/ */
mbedtls_ssl_session *session_in; /*!< current session data (in) */ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
mbedtls_ssl_session *session_out; /*!< current session data (out) */ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
mbedtls_ssl_session *session; /*!< negotiated session data */ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
mbedtls_ssl_handshake_params *handshake; /*!< params required only during mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */ the handshake process */
/* /*
* Record layer transformations * Record layer transformations
*/ */
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
mbedtls_ssl_transform *transform; /*!< negotiated transform params */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/* /*
* Timers * Timers
*/ */
void *p_timer; /*!< context for the timer callbacks */ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/* /*
* Record layer (incoming data) * Record layer (incoming data)
*/ */
unsigned char *in_buf; /*!< input buffer */ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
unsigned char *in_ctr; /*!< 64-bit incoming message counter unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us TLS: maintained by us
DTLS: read from peer */ DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *in_cid; /*!< The start of the CID; unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */ * (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
unsigned char *in_offt; /*!< read offset in application data */ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
size_t in_msglen; /*!< record header: message length */ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
size_t in_left; /*!< amount of data read so far */ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len; /*!< length of input buffer */ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t in_epoch; /*!< DTLS epoch for incoming records */ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
size_t next_record_offset; /*!< offset of the next record in datagram size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */ (equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
size_t in_hslen; /*!< current handshake message length, size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */ including the handshake header */
int nb_zero; /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
int keep_current_message; /*!< drop or reuse current message int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */ on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
uint8_t disable_datagram_packing; /*!< Disable packing multiple records uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */ * within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/* /*
* Record layer (outgoing data) * Record layer (outgoing data)
*/ */
unsigned char *out_buf; /*!< output buffer */ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *out_cid; /*!< The start of the CID; unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */ * (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
int out_msgtype; /*!< record header: message type */ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len; /*!< length of output buffer */ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif #endif
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/* /*
* PKI layer * PKI layer
*/ */
int client_auth; /*!< flag for client auth. */ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/* /*
* User settings * User settings
*/ */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */ (and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char *alpn_chosen; /*!< negotiated protocol */ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
/* /*
* use_srtp extension * use_srtp extension
*/ */
mbedtls_dtls_srtp_info dtls_srtp_info; mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
/* /*
* Information for DTLS hello verify * Information for DTLS hello verify
*/ */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
/* needed to know when to send extension on server */ /* needed to know when to send extension on server */
int secure_renegotiation; /*!< does peer support legacy or int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */ secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
size_t verify_data_len; /*!< length of verify data stored */ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -1379,9 +1380,9 @@ struct mbedtls_ssl_context
* all subsequent handshakes. This may be different from the * all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID * CID currently used in case the user has re-configured the CID
* after an initial handshake. */ * after an initial handshake. */
unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t own_cid_len; /*!< The length of \c own_cid. */ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
uint8_t negotiate_cid; /*!< This indicates whether the CID extension should uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not. * be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED * Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */ * and #MBEDTLS_SSL_CID_DISABLED. */

21
include/mbedtls/ssl_cache.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_SSL_CACHE_H #ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -65,16 +66,16 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
struct mbedtls_ssl_cache_entry struct mbedtls_ssl_cache_entry
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t timestamp; /*!< entry timestamp */ mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif #endif
unsigned char session_id[32]; /*!< session ID */ unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
size_t session_id_len; size_t MBEDTLS_PRIVATE(session_id_len);
unsigned char *session; /*!< serialized session */ unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
size_t session_len; size_t MBEDTLS_PRIVATE(session_len);
mbedtls_ssl_cache_entry *next; /*!< chain pointer */ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
}; };
/** /**
@ -82,11 +83,11 @@ struct mbedtls_ssl_cache_entry
*/ */
struct mbedtls_ssl_cache_context struct mbedtls_ssl_cache_context
{ {
mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
int timeout; /*!< cache entry timeout */ int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
int max_entries; /*!< maximum entries */ int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< mutex */ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif #endif
}; };

37
include/mbedtls/ssl_ciphersuites.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_SSL_CIPHERSUITES_H #ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -362,19 +363,19 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
*/ */
struct mbedtls_ssl_ciphersuite_t struct mbedtls_ssl_ciphersuite_t
{ {
int id; int MBEDTLS_PRIVATE(id);
const char * name; const char * MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t cipher; mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
mbedtls_md_type_t mac; mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
mbedtls_key_exchange_type_t key_exchange; mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
int min_major_ver; int MBEDTLS_PRIVATE(min_major_ver);
int min_minor_ver; int MBEDTLS_PRIVATE(min_minor_ver);
int max_major_ver; int MBEDTLS_PRIVATE(max_major_ver);
int max_minor_ver; int MBEDTLS_PRIVATE(max_minor_ver);
unsigned char flags; unsigned char MBEDTLS_PRIVATE(flags);
}; };
const int *mbedtls_ssl_list_ciphersuites( void ); const int *mbedtls_ssl_list_ciphersuites( void );
@ -393,7 +394,7 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@ -412,7 +413,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@ -430,7 +431,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@ -444,7 +445,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -461,7 +462,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ci
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@ -480,7 +481,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@ -495,7 +496,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@ -511,7 +512,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersu
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{ {
switch( info->key_exchange ) switch( info->MBEDTLS_PRIVATE(key_exchange) )
{ {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:

9
include/mbedtls/ssl_cookie.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_SSL_COOKIE_H #ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -56,15 +57,15 @@ extern "C" {
*/ */
typedef struct mbedtls_ssl_cookie_ctx typedef struct mbedtls_ssl_cookie_ctx
{ {
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME) #if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */ unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif #endif
unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME, unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */ or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif #endif
} mbedtls_ssl_cookie_ctx; } mbedtls_ssl_cookie_ctx;

19
include/mbedtls/ssl_ticket.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_SSL_TICKET_H #ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -50,9 +51,9 @@ extern "C" {
*/ */
typedef struct mbedtls_ssl_ticket_key typedef struct mbedtls_ssl_ticket_key
{ {
unsigned char name[4]; /*!< random key identifier */ unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
} }
mbedtls_ssl_ticket_key; mbedtls_ssl_ticket_key;
@ -61,17 +62,17 @@ mbedtls_ssl_ticket_key;
*/ */
typedef struct mbedtls_ssl_ticket_context typedef struct mbedtls_ssl_ticket_context
{ {
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */ unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */ /** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t); int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif #endif
} }
mbedtls_ssl_ticket_context; mbedtls_ssl_ticket_context;

5
include/mbedtls/threading.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_THREADING_H #ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -41,11 +42,11 @@ extern "C" {
#include <pthread.h> #include <pthread.h>
typedef struct mbedtls_threading_mutex_t typedef struct mbedtls_threading_mutex_t
{ {
pthread_mutex_t mutex; pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a /* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public * successful init. This field is not considered part of the public
* API of Mbed TLS and may change without notice. */ * API of Mbed TLS and may change without notice. */
char is_valid; char MBEDTLS_PRIVATE(is_valid);
} mbedtls_threading_mutex_t; } mbedtls_threading_mutex_t;
#endif #endif

9
include/mbedtls/timing.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_TIMING_H #ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -43,7 +44,7 @@ extern "C" {
*/ */
struct mbedtls_timing_hr_time struct mbedtls_timing_hr_time
{ {
unsigned char opaque[32]; unsigned char MBEDTLS_PRIVATE(opaque)[32];
}; };
/** /**
@ -51,9 +52,9 @@ struct mbedtls_timing_hr_time
*/ */
typedef struct mbedtls_timing_delay_context typedef struct mbedtls_timing_delay_context
{ {
struct mbedtls_timing_hr_time timer; struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
uint32_t int_ms; uint32_t MBEDTLS_PRIVATE(int_ms);
uint32_t fin_ms; uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context; } mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */ #else /* MBEDTLS_TIMING_ALT */

5
include/mbedtls/x509.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_X509_H #ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H #define MBEDTLS_X509_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -229,8 +230,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */ /** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time typedef struct mbedtls_x509_time
{ {
int year, mon, day; /**< Date. */ int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
int hour, min, sec; /**< Time. */ int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
} }
mbedtls_x509_time; mbedtls_x509_time;

43
include/mbedtls/x509_crl.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_X509_CRL_H #ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -49,15 +50,15 @@ extern "C" {
*/ */
typedef struct mbedtls_x509_crl_entry typedef struct mbedtls_x509_crl_entry
{ {
mbedtls_x509_buf raw; mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
mbedtls_x509_buf serial; mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
mbedtls_x509_time revocation_date; mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
mbedtls_x509_buf entry_ext; mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
struct mbedtls_x509_crl_entry *next; struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
} }
mbedtls_x509_crl_entry; mbedtls_x509_crl_entry;
@ -67,30 +68,30 @@ mbedtls_x509_crl_entry;
*/ */
typedef struct mbedtls_x509_crl typedef struct mbedtls_x509_crl
{ {
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< CRL version (1=v1, 2=v2) */ int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_time this_update; mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
mbedtls_x509_time next_update; mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_buf crl_ext; mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
mbedtls_x509_buf sig_oid2; mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf sig; mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crl *next; struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
} }
mbedtls_x509_crl; mbedtls_x509_crl;

133
include/mbedtls/x509_crt.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_X509_CRT_H #ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -51,50 +52,50 @@ extern "C" {
*/ */
typedef struct mbedtls_x509_crt typedef struct mbedtls_x509_crt
{ {
int own_buffer; /**< Indicates if \c raw is owned int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */ * by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
mbedtls_x509_time valid_to; /**< End time of certificate validity. */ mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
mbedtls_x509_buf pk_raw; mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
mbedtls_pk_context pk; /**< Container for the public key context. */ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
int ext_types; /**< Bit string containing detected and parsed extensions */ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
} }
mbedtls_x509_crt; mbedtls_x509_crt;
@ -111,7 +112,7 @@ typedef struct mbedtls_x509_san_other_name
* To check the value of the type id, you should use * To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/ */
mbedtls_x509_buf type_id; /**< The type id. */ mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union union
{ {
/** /**
@ -122,12 +123,12 @@ typedef struct mbedtls_x509_san_other_name
*/ */
struct struct
{ {
mbedtls_x509_buf oid; /**< The object identifier. */ mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */ mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
} }
hardware_module_name; MBEDTLS_PRIVATE(hardware_module_name);
} }
value; MBEDTLS_PRIVATE(value);
} }
mbedtls_x509_san_other_name; mbedtls_x509_san_other_name;
@ -136,12 +137,12 @@ mbedtls_x509_san_other_name;
*/ */
typedef struct mbedtls_x509_subject_alternative_name typedef struct mbedtls_x509_subject_alternative_name
{ {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union { union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
} }
san; /**< A union of the supported SAN types */ MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
} }
mbedtls_x509_subject_alternative_name; mbedtls_x509_subject_alternative_name;
@ -158,10 +159,10 @@ mbedtls_x509_subject_alternative_name;
*/ */
typedef struct mbedtls_x509_crt_profile typedef struct mbedtls_x509_crt_profile
{ {
uint32_t allowed_mds; /**< MDs for signatures */ uint32_t MBEDTLS_PRIVATE(allowed_mds); /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */ uint32_t MBEDTLS_PRIVATE(allowed_pks); /**< PK algs for signatures */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ uint32_t MBEDTLS_PRIVATE(allowed_curves); /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ uint32_t MBEDTLS_PRIVATE(rsa_min_bitlen); /**< Minimum size for RSA keys */
} }
mbedtls_x509_crt_profile; mbedtls_x509_crt_profile;
@ -249,16 +250,16 @@ mbedtls_x509_crt_profile;
*/ */
typedef struct mbedtls_x509write_cert typedef struct mbedtls_x509write_cert
{ {
int version; int MBEDTLS_PRIVATE(version);
mbedtls_mpi serial; mbedtls_mpi MBEDTLS_PRIVATE(serial);
mbedtls_pk_context *subject_key; mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
mbedtls_pk_context *issuer_key; mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
mbedtls_asn1_named_data *subject; mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_asn1_named_data *issuer; mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
mbedtls_md_type_t md_alg; mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
mbedtls_asn1_named_data *extensions; mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
} }
mbedtls_x509write_cert; mbedtls_x509write_cert;
@ -266,8 +267,8 @@ mbedtls_x509write_cert;
* Item in a verification chain: cert and flags for it * Item in a verification chain: cert and flags for it
*/ */
typedef struct { typedef struct {
mbedtls_x509_crt *crt; mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
uint32_t flags; uint32_t MBEDTLS_PRIVATE(flags);
} mbedtls_x509_crt_verify_chain_item; } mbedtls_x509_crt_verify_chain_item;
/** /**
@ -280,15 +281,15 @@ typedef struct {
*/ */
typedef struct typedef struct
{ {
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len; unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* This stores the list of potential trusted signers obtained from /* This stores the list of potential trusted signers obtained from
* the CA callback used for the CRT verification, if configured. * the CA callback used for the CRT verification, if configured.
* We must track it somewhere because the callback passes its * We must track it somewhere because the callback passes its
* ownership to the caller. */ * ownership to the caller. */
mbedtls_x509_crt *trust_ca_cb_result; mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
} mbedtls_x509_crt_verify_chain; } mbedtls_x509_crt_verify_chain;
@ -300,23 +301,23 @@ typedef struct
typedef struct typedef struct
{ {
/* for check_signature() */ /* for check_signature() */
mbedtls_pk_restart_ctx pk; mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */ /* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
mbedtls_x509_crt *fallback_parent; mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
int fallback_signature_is_good; int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */ /* for find_parent() */
int parent_is_trusted; /* -1 if find_parent is not in progress */ int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
/* for verify_chain() */ /* for verify_chain() */
enum { enum {
x509_crt_rs_none, x509_crt_rs_none,
x509_crt_rs_find_parent, x509_crt_rs_find_parent,
} in_progress; /* none if no operation is in progress */ } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
int self_cnt; int MBEDTLS_PRIVATE(self_cnt);
mbedtls_x509_crt_verify_chain ver_chain; mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
} mbedtls_x509_crt_restart_ctx; } mbedtls_x509_crt_restart_ctx;

31
include/mbedtls/x509_csr.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_X509_CSR_H #ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -48,21 +49,21 @@ extern "C" {
*/ */
typedef struct mbedtls_x509_csr typedef struct mbedtls_x509_csr
{ {
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
int version; /**< CSR version (1=v1). */ int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_pk_context pk; /**< Container for the public key context. */ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_x509_buf sig_oid; mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
mbedtls_x509_buf sig; mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
} }
mbedtls_x509_csr; mbedtls_x509_csr;
@ -71,10 +72,10 @@ mbedtls_x509_csr;
*/ */
typedef struct mbedtls_x509write_csr typedef struct mbedtls_x509write_csr
{ {
mbedtls_pk_context *key; mbedtls_pk_context *MBEDTLS_PRIVATE(key);
mbedtls_asn1_named_data *subject; mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_md_type_t md_alg; mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
mbedtls_asn1_named_data *extensions; mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
} }
mbedtls_x509write_csr; mbedtls_x509write_csr;

3
include/mbedtls/xtea.h
View File

@ -21,6 +21,7 @@
*/ */
#ifndef MBEDTLS_XTEA_H #ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H #define MBEDTLS_XTEA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
@ -49,7 +50,7 @@ extern "C" {
*/ */
typedef struct mbedtls_xtea_context typedef struct mbedtls_xtea_context
{ {
uint32_t k[4]; /*!< key */ uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */
} }
mbedtls_xtea_context; mbedtls_xtea_context;

15
include/psa/crypto_builtin_composites.h
View File

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H #define PSA_CRYPTO_BUILTIN_COMPOSITES_H
#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h> #include <psa/crypto_driver_common.h>
@ -47,11 +48,11 @@
typedef struct typedef struct
{ {
/** The HMAC algorithm in use */ /** The HMAC algorithm in use */
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */ /** The hash context. */
struct psa_hash_operation_s hash_ctx; struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */ /** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t; } mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} #define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
@ -61,17 +62,17 @@ typedef struct
typedef struct typedef struct
{ {
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
union union
{ {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_psa_hmac_operation_t hmac; mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_cipher_context_t cmac; mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
} ctx; } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t; } mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}

29
include/psa/crypto_builtin_primitives.h
View File

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H #define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h> #include <psa/crypto_driver_common.h>
@ -61,32 +62,32 @@
typedef struct typedef struct
{ {
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
union union
{ {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD2_C) #if defined(MBEDTLS_MD2_C)
mbedtls_md2_context md2; mbedtls_md2_context MBEDTLS_PRIVATE(md2);
#endif #endif
#if defined(MBEDTLS_MD4_C) #if defined(MBEDTLS_MD4_C)
mbedtls_md4_context md4; mbedtls_md4_context MBEDTLS_PRIVATE(md4);
#endif #endif
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
mbedtls_md5_context md5; mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif #endif
#if defined(MBEDTLS_RIPEMD160_C) #if defined(MBEDTLS_RIPEMD160_C)
mbedtls_ripemd160_context ripemd160; mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160);
#endif #endif
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
mbedtls_sha1_context sha1; mbedtls_sha1_context MBEDTLS_PRIVATE(sha1);
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_context sha256; mbedtls_sha256_context MBEDTLS_PRIVATE(sha256);
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_context sha512; mbedtls_sha512_context MBEDTLS_PRIVATE(sha512);
#endif #endif
} ctx; } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t; } mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}} #define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
@ -110,10 +111,10 @@ typedef struct
typedef struct { typedef struct {
/* Context structure for the Mbed TLS cipher implementation. */ /* Context structure for the Mbed TLS cipher implementation. */
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
uint8_t iv_length; uint8_t MBEDTLS_PRIVATE(iv_length);
uint8_t block_length; uint8_t MBEDTLS_PRIVATE(block_length);
mbedtls_cipher_context_t cipher; mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} mbedtls_psa_cipher_operation_t; } mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}

29
include/psa/crypto_extra.h
View File

@ -27,6 +27,7 @@
#ifndef PSA_CRYPTO_EXTRA_H #ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H #define PSA_CRYPTO_EXTRA_H
#include "mbedtls/private_access.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
@ -71,7 +72,7 @@ static inline void psa_set_key_enrollment_algorithm(
psa_key_attributes_t *attributes, psa_key_attributes_t *attributes,
psa_algorithm_t alg2) psa_algorithm_t alg2)
{ {
attributes->core.policy.alg2 = alg2; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
} }
/** Retrieve the enrollment algorithm policy from key attributes. /** Retrieve the enrollment algorithm policy from key attributes.
@ -83,7 +84,7 @@ static inline void psa_set_key_enrollment_algorithm(
static inline psa_algorithm_t psa_get_key_enrollment_algorithm( static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes) const psa_key_attributes_t *attributes)
{ {
return( attributes->core.policy.alg2 ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
} }
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -141,8 +142,8 @@ static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes, psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number ) psa_key_slot_number_t slot_number )
{ {
attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->slot_number = slot_number; attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
} }
/** Remove the slot number attribute from a key attribute structure. /** Remove the slot number attribute from a key attribute structure.
@ -154,7 +155,7 @@ static inline void psa_set_key_slot_number(
static inline void psa_clear_key_slot_number( static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes ) psa_key_attributes_t *attributes )
{ {
attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
} }
/** Register a key that is already present in a secure element. /** Register a key that is already present in a secure element.
@ -226,26 +227,26 @@ void mbedtls_psa_crypto_free( void );
typedef struct mbedtls_psa_stats_s typedef struct mbedtls_psa_stats_s
{ {
/** Number of slots containing key material for a volatile key. */ /** Number of slots containing key material for a volatile key. */
size_t volatile_slots; size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in /** Number of slots containing key material for a key which is in
* internal persistent storage. */ * internal persistent storage. */
size_t persistent_slots; size_t MBEDTLS_PRIVATE(persistent_slots);
/** Number of slots containing a reference to a key in a /** Number of slots containing a reference to a key in a
* secure element. */ * secure element. */
size_t external_slots; size_t MBEDTLS_PRIVATE(external_slots);
/** Number of slots which are occupied, but do not contain /** Number of slots which are occupied, but do not contain
* key material yet. */ * key material yet. */
size_t half_filled_slots; size_t MBEDTLS_PRIVATE(half_filled_slots);
/** Number of slots that contain cache data. */ /** Number of slots that contain cache data. */
size_t cache_slots; size_t MBEDTLS_PRIVATE(cache_slots);
/** Number of slots that are not used for anything. */ /** Number of slots that are not used for anything. */
size_t empty_slots; size_t MBEDTLS_PRIVATE(empty_slots);
/** Number of slots that are locked. */ /** Number of slots that are locked. */
size_t locked_slots; size_t MBEDTLS_PRIVATE(locked_slots);
/** Largest key id value among open keys in internal persistent storage. */ /** Largest key id value among open keys in internal persistent storage. */
psa_key_id_t max_open_internal_key_id; psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
/** Largest key id value among open keys in secure elements. */ /** Largest key id value among open keys in secure elements. */
psa_key_id_t max_open_external_key_id; psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
} mbedtls_psa_stats_t; } mbedtls_psa_stats_t;
/** \brief Get statistics about /** \brief Get statistics about

3
include/psa/crypto_platform.h
View File

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_PLATFORM_H #ifndef PSA_CRYPTO_PLATFORM_H
#define PSA_CRYPTO_PLATFORM_H #define PSA_CRYPTO_PLATFORM_H
#include "mbedtls/private_access.h"
/* Include the Mbed TLS configuration file, the way Mbed TLS does it /* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */ * in each of its header files. */
@ -92,7 +93,7 @@ static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
* are expected to replace it with a custom definition. * are expected to replace it with a custom definition.
*/ */
typedef struct { typedef struct {
uintptr_t opaque[2]; uintptr_t MBEDTLS_PRIVATE(opaque)[2];
} mbedtls_psa_external_random_context_t; } mbedtls_psa_external_random_context_t;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */

91
include/psa/crypto_se_driver.h
View File

@ -33,6 +33,7 @@
*/ */
#ifndef PSA_CRYPTO_SE_DRIVER_H #ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H #define PSA_CRYPTO_SE_DRIVER_H
#include "mbedtls/private_access.h"
#include "crypto_driver_common.h" #include "crypto_driver_common.h"
@ -97,21 +98,21 @@ typedef struct {
* - psa_destroy_key() causes a call to * - psa_destroy_key() causes a call to
* psa_drv_se_key_management_t::p_destroy. * psa_drv_se_key_management_t::p_destroy.
*/ */
const void *const persistent_data; const void *const MBEDTLS_PRIVATE(persistent_data);
/** The size of \c persistent_data in bytes. /** The size of \c persistent_data in bytes.
* *
* This is always equal to the value of the `persistent_data_size` field * This is always equal to the value of the `persistent_data_size` field
* of the ::psa_drv_se_t structure when the driver is registered. * of the ::psa_drv_se_t structure when the driver is registered.
*/ */
const size_t persistent_data_size; const size_t MBEDTLS_PRIVATE(persistent_data_size);
/** Driver transient data. /** Driver transient data.
* *
* The core initializes this value to 0 and does not read or modify it * The core initializes this value to 0 and does not read or modify it
* afterwards. The driver may store whatever it wants in this field. * afterwards. The driver may store whatever it wants in this field.
*/ */
uintptr_t transient_data; uintptr_t MBEDTLS_PRIVATE(transient_data);
} psa_drv_se_context_t; } psa_drv_se_context_t;
/** \brief A driver initialization function. /** \brief A driver initialization function.
@ -323,28 +324,28 @@ typedef struct {
/**The size in bytes of the hardware-specific secure element MAC context /**The size in bytes of the hardware-specific secure element MAC context
* structure * structure
*/ */
size_t context_size; size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation /** Function that performs a MAC setup operation
*/ */
psa_drv_se_mac_setup_t p_setup; psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that performs a MAC update operation /** Function that performs a MAC update operation
*/ */
psa_drv_se_mac_update_t p_update; psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a MAC operation /** Function that completes a MAC operation
*/ */
psa_drv_se_mac_finish_t p_finish; psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that completes a MAC operation with a verify check /** Function that completes a MAC operation with a verify check
*/ */
psa_drv_se_mac_finish_verify_t p_finish_verify; psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
/** Function that aborts a previoustly started MAC operation /** Function that aborts a previoustly started MAC operation
*/ */
psa_drv_se_mac_abort_t p_abort; psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs a MAC operation in one call /** Function that performs a MAC operation in one call
*/ */
psa_drv_se_mac_generate_t p_mac; psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);
/** Function that performs a MAC and verify operation in one call /** Function that performs a MAC and verify operation in one call
*/ */
psa_drv_se_mac_verify_t p_mac_verify; psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);
} psa_drv_se_mac_t; } psa_drv_se_mac_t;
/**@}*/ /**@}*/
@ -510,22 +511,22 @@ typedef struct {
/** The size in bytes of the hardware-specific secure element cipher /** The size in bytes of the hardware-specific secure element cipher
* context structure * context structure
*/ */
size_t context_size; size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a cipher setup operation */ /** Function that performs a cipher setup operation */
psa_drv_se_cipher_setup_t p_setup; psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets a cipher IV (if necessary) */ /** Function that sets a cipher IV (if necessary) */
psa_drv_se_cipher_set_iv_t p_set_iv; psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);
/** Function that performs a cipher update operation */ /** Function that performs a cipher update operation */
psa_drv_se_cipher_update_t p_update; psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a cipher operation */ /** Function that completes a cipher operation */
psa_drv_se_cipher_finish_t p_finish; psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that aborts a cipher operation */ /** Function that aborts a cipher operation */
psa_drv_se_cipher_abort_t p_abort; psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs ECB mode for a cipher operation /** Function that performs ECB mode for a cipher operation
* (Danger: ECB mode should not be used directly by clients of the PSA * (Danger: ECB mode should not be used directly by clients of the PSA
* Crypto Client API) * Crypto Client API)
*/ */
psa_drv_se_cipher_ecb_t p_ecb; psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);
} psa_drv_se_cipher_t; } psa_drv_se_cipher_t;
/**@}*/ /**@}*/
@ -681,13 +682,13 @@ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *dr
*/ */
typedef struct { typedef struct {
/** Function that performs an asymmetric sign operation */ /** Function that performs an asymmetric sign operation */
psa_drv_se_asymmetric_sign_t p_sign; psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);
/** Function that performs an asymmetric verify operation */ /** Function that performs an asymmetric verify operation */
psa_drv_se_asymmetric_verify_t p_verify; psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);
/** Function that performs an asymmetric encrypt operation */ /** Function that performs an asymmetric encrypt operation */
psa_drv_se_asymmetric_encrypt_t p_encrypt; psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs an asymmetric decrypt operation */ /** Function that performs an asymmetric decrypt operation */
psa_drv_se_asymmetric_decrypt_t p_decrypt; psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_asymmetric_t; } psa_drv_se_asymmetric_t;
/**@}*/ /**@}*/
@ -798,9 +799,9 @@ typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_cont
*/ */
typedef struct { typedef struct {
/** Function that performs the AEAD encrypt operation */ /** Function that performs the AEAD encrypt operation */
psa_drv_se_aead_encrypt_t p_encrypt; psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs the AEAD decrypt operation */ /** Function that performs the AEAD decrypt operation */
psa_drv_se_aead_decrypt_t p_decrypt; psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_aead_t; } psa_drv_se_aead_t;
/**@}*/ /**@}*/
@ -1120,19 +1121,19 @@ typedef psa_status_t (*psa_drv_se_generate_key_t)(
*/ */
typedef struct { typedef struct {
/** Function that allocates a slot for a key. */ /** Function that allocates a slot for a key. */
psa_drv_se_allocate_key_t p_allocate; psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);
/** Function that checks the validity of a slot for a key. */ /** Function that checks the validity of a slot for a key. */
psa_drv_se_validate_slot_number_t p_validate_slot_number; psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);
/** Function that performs a key import operation */ /** Function that performs a key import operation */
psa_drv_se_import_key_t p_import; psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);
/** Function that performs a generation */ /** Function that performs a generation */
psa_drv_se_generate_key_t p_generate; psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);
/** Function that performs a key destroy operation */ /** Function that performs a key destroy operation */
psa_drv_se_destroy_key_t p_destroy; psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);
/** Function that performs a key export operation */ /** Function that performs a key export operation */
psa_drv_se_export_key_t p_export; psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);
/** Function that performs a public key export operation */ /** Function that performs a public key export operation */
psa_drv_se_export_key_t p_export_public; psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);
} psa_drv_se_key_management_t; } psa_drv_se_key_management_t;
/**@}*/ /**@}*/
@ -1263,16 +1264,16 @@ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,
*/ */
typedef struct { typedef struct {
/** The driver-specific size of the key derivation context */ /** The driver-specific size of the key derivation context */
size_t context_size; size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a key derivation setup */ /** Function that performs a key derivation setup */
psa_drv_se_key_derivation_setup_t p_setup; psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets key derivation collateral */ /** Function that sets key derivation collateral */
psa_drv_se_key_derivation_collateral_t p_collateral; psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
/** Function that performs a final key derivation step */ /** Function that performs a final key derivation step */
psa_drv_se_key_derivation_derive_t p_derive; psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
/** Function that perforsm a final key derivation or agreement and /** Function that perforsm a final key derivation or agreement and
* exports the key */ * exports the key */
psa_drv_se_key_derivation_export_t p_export; psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
} psa_drv_se_key_derivation_t; } psa_drv_se_key_derivation_t;
/**@}*/ /**@}*/
@ -1293,7 +1294,7 @@ typedef struct {
* a different version of this specification. * a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION. * Use #PSA_DRV_SE_HAL_VERSION.
*/ */
uint32_t hal_version; uint32_t MBEDTLS_PRIVATE(hal_version);
/** The size of the driver's persistent data in bytes. /** The size of the driver's persistent data in bytes.
* *
@ -1303,7 +1304,7 @@ typedef struct {
* for more information about why and how a driver can use * for more information about why and how a driver can use
* persistent data. * persistent data.
*/ */
size_t persistent_data_size; size_t MBEDTLS_PRIVATE(persistent_data_size);
/** The driver initialization function. /** The driver initialization function.
* *
@ -1315,14 +1316,14 @@ typedef struct {
* If this field is \c NULL, it is equivalent to a function that does * If this field is \c NULL, it is equivalent to a function that does
* nothing and returns #PSA_SUCCESS. * nothing and returns #PSA_SUCCESS.
*/ */
psa_drv_se_init_t p_init; psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);
const psa_drv_se_key_management_t *key_management; const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);
const psa_drv_se_mac_t *mac; const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);
const psa_drv_se_cipher_t *cipher; const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);
const psa_drv_se_aead_t *aead; const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);
const psa_drv_se_asymmetric_t *asymmetric; const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);
const psa_drv_se_key_derivation_t *derivation; const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);
} psa_drv_se_t; } psa_drv_se_t;
/** The current version of the secure element driver HAL. /** The current version of the secure element driver HAL.

157
include/psa/crypto_struct.h
View File

@ -60,6 +60,7 @@
#ifndef PSA_CRYPTO_STRUCT_H #ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H #define PSA_CRYPTO_STRUCT_H
#include "mbedtls/private_access.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -88,8 +89,8 @@ struct psa_hash_operation_s
* ID values are auto-generated in psa_driver_wrappers.h. * ID values are auto-generated in psa_driver_wrappers.h.
* ID value zero means the context is not valid or not assigned to * ID value zero means the context is not valid or not assigned to
* any driver (i.e. the driver context is not active, in use). */ * any driver (i.e. the driver context is not active, in use). */
unsigned int id; unsigned int MBEDTLS_PRIVATE(id);
psa_driver_hash_context_t ctx; psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
}; };
#define PSA_HASH_OPERATION_INIT { 0, { 0 } } #define PSA_HASH_OPERATION_INIT { 0, { 0 } }
@ -107,14 +108,14 @@ struct psa_cipher_operation_s
* ID values are auto-generated in psa_crypto_driver_wrappers.h * ID values are auto-generated in psa_crypto_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to * ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */ * any driver (i.e. none of the driver contexts are active). */
unsigned int id; unsigned int MBEDTLS_PRIVATE(id);
unsigned int iv_required : 1; unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
unsigned int iv_set : 1; unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
uint8_t default_iv_length; uint8_t MBEDTLS_PRIVATE(default_iv_length);
psa_driver_cipher_context_t ctx; psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
}; };
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
@ -136,10 +137,10 @@ struct psa_mac_operation_s
* ID values are auto-generated in psa_driver_wrappers.h * ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to * ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */ * any driver (i.e. none of the driver contexts are active). */
unsigned int id; unsigned int MBEDTLS_PRIVATE(id);
uint8_t mac_size; uint8_t MBEDTLS_PRIVATE(mac_size);
unsigned int is_sign : 1; unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
psa_driver_mac_context_t ctx; psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
}; };
#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
@ -151,16 +152,16 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
struct psa_aead_operation_s struct psa_aead_operation_s
{ {
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int key_set : 1; unsigned int MBEDTLS_PRIVATE(key_set) : 1;
unsigned int iv_set : 1; unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
uint8_t iv_size; uint8_t MBEDTLS_PRIVATE(iv_size);
uint8_t block_size; uint8_t MBEDTLS_PRIVATE(block_size);
union union
{ {
unsigned dummy; /* Enable easier initializing of the union. */ unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
mbedtls_cipher_context_t cipher; mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} ctx; } MBEDTLS_PRIVATE(ctx);
}; };
#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } } #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
@ -173,18 +174,18 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void )
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct typedef struct
{ {
uint8_t *info; uint8_t *MBEDTLS_PRIVATE(info);
size_t info_length; size_t MBEDTLS_PRIVATE(info_length);
psa_mac_operation_t hmac; psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
uint8_t prk[PSA_HASH_MAX_SIZE]; uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
uint8_t output_block[PSA_HASH_MAX_SIZE]; uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff #if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif #endif
uint8_t offset_in_block; uint8_t MBEDTLS_PRIVATE(offset_in_block);
uint8_t block_number; uint8_t MBEDTLS_PRIVATE(block_number);
unsigned int state : 2; unsigned int MBEDTLS_PRIVATE(state) : 2;
unsigned int info_set : 1; unsigned int MBEDTLS_PRIVATE(info_set) : 1;
} psa_hkdf_key_derivation_t; } psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@ -207,45 +208,45 @@ typedef struct psa_tls12_prf_key_derivation_s
/* Indicates how many bytes in the current HMAC block have /* Indicates how many bytes in the current HMAC block have
* not yet been read by the user. */ * not yet been read by the user. */
uint8_t left_in_block; uint8_t MBEDTLS_PRIVATE(left_in_block);
/* The 1-based number of the block. */ /* The 1-based number of the block. */
uint8_t block_number; uint8_t MBEDTLS_PRIVATE(block_number);
psa_tls12_prf_key_derivation_state_t state; psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
uint8_t *secret; uint8_t *MBEDTLS_PRIVATE(secret);
size_t secret_length; size_t MBEDTLS_PRIVATE(secret_length);
uint8_t *seed; uint8_t *MBEDTLS_PRIVATE(seed);
size_t seed_length; size_t MBEDTLS_PRIVATE(seed_length);
uint8_t *label; uint8_t *MBEDTLS_PRIVATE(label);
size_t label_length; size_t MBEDTLS_PRIVATE(label_length);
uint8_t Ai[PSA_HASH_MAX_SIZE]; uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
/* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */ /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
uint8_t output_block[PSA_HASH_MAX_SIZE]; uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t; } psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s struct psa_key_derivation_s
{ {
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int can_output_key : 1; unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
size_t capacity; size_t MBEDTLS_PRIVATE(capacity);
union union
{ {
/* Make the union non-empty even with no supported algorithms. */ /* Make the union non-empty even with no supported algorithms. */
uint8_t dummy; uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
psa_hkdf_key_derivation_t hkdf; psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
psa_tls12_prf_key_derivation_t tls12_prf; psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif #endif
} ctx; } MBEDTLS_PRIVATE(ctx);
}; };
/* This only zeroes out the first byte in the union, the rest is unspecified. */ /* This only zeroes out the first byte in the union, the rest is unspecified. */
@ -259,9 +260,9 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
struct psa_key_policy_s struct psa_key_policy_s
{ {
psa_key_usage_t usage; psa_key_usage_t MBEDTLS_PRIVATE(usage);
psa_algorithm_t alg; psa_algorithm_t MBEDTLS_PRIVATE(alg);
psa_algorithm_t alg2; psa_algorithm_t MBEDTLS_PRIVATE(alg2);
}; };
typedef struct psa_key_policy_s psa_key_policy_t; typedef struct psa_key_policy_s psa_key_policy_t;
@ -310,12 +311,12 @@ typedef uint16_t psa_key_attributes_flag_t;
typedef struct typedef struct
{ {
psa_key_type_t type; psa_key_type_t MBEDTLS_PRIVATE(type);
psa_key_bits_t bits; psa_key_bits_t MBEDTLS_PRIVATE(bits);
psa_key_lifetime_t lifetime; psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
mbedtls_svc_key_id_t id; mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
psa_key_policy_t policy; psa_key_policy_t MBEDTLS_PRIVATE(policy);
psa_key_attributes_flag_t flags; psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
} psa_core_key_attributes_t; } psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ #define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
@ -325,12 +326,12 @@ typedef struct
struct psa_key_attributes_s struct psa_key_attributes_s
{ {
psa_core_key_attributes_t core; psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t slot_number; psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
void *domain_parameters; void *MBEDTLS_PRIVATE(domain_parameters);
size_t domain_parameters_size; size_t MBEDTLS_PRIVATE(domain_parameters_size);
}; };
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -348,13 +349,13 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
static inline void psa_set_key_id( psa_key_attributes_t *attributes, static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key ) mbedtls_svc_key_id_t key )
{ {
psa_key_lifetime_t lifetime = attributes->core.lifetime; psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
attributes->core.id = key; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{ {
attributes->core.lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT, PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) ); PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
@ -364,27 +365,27 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
static inline mbedtls_svc_key_id_t psa_get_key_id( static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.id ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
} }
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner ) mbedtls_key_owner_id_t owner )
{ {
attributes->core.id.owner = owner; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
} }
#endif #endif
static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes, static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime ) psa_key_lifetime_t lifetime )
{ {
attributes->core.lifetime = lifetime; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{ {
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else #else
attributes->core.id = 0; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
#endif #endif
} }
} }
@ -392,31 +393,31 @@ static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
static inline psa_key_lifetime_t psa_get_key_lifetime( static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.lifetime ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
} }
static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes, static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags ) psa_key_usage_t usage_flags )
{ {
attributes->core.policy.usage = usage_flags; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
} }
static inline psa_key_usage_t psa_get_key_usage_flags( static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.policy.usage ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
} }
static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes, static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
psa_algorithm_t alg ) psa_algorithm_t alg )
{ {
attributes->core.policy.alg = alg; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
} }
static inline psa_algorithm_t psa_get_key_algorithm( static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.policy.alg ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
} }
/* This function is declared in crypto_extra.h, which comes after this /* This function is declared in crypto_extra.h, which comes after this
@ -429,10 +430,10 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
static inline void psa_set_key_type( psa_key_attributes_t *attributes, static inline void psa_set_key_type( psa_key_attributes_t *attributes,
psa_key_type_t type ) psa_key_type_t type )
{ {
if( attributes->domain_parameters == NULL ) if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
{ {
/* Common case: quick path */ /* Common case: quick path */
attributes->core.type = type; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
} }
else else
{ {
@ -447,22 +448,22 @@ static inline void psa_set_key_type( psa_key_attributes_t *attributes,
static inline psa_key_type_t psa_get_key_type( static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.type ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
} }
static inline void psa_set_key_bits( psa_key_attributes_t *attributes, static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
size_t bits ) size_t bits )
{ {
if( bits > PSA_MAX_KEY_BITS ) if( bits > PSA_MAX_KEY_BITS )
attributes->core.bits = PSA_KEY_BITS_TOO_LARGE; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
else else
attributes->core.bits = (psa_key_bits_t) bits; attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
} }
static inline size_t psa_get_key_bits( static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes )
{ {
return( attributes->core.bits ); return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
} }
#ifdef __cplusplus #ifdef __cplusplus

5
include/psa/crypto_types.h
View File

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_TYPES_H #ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H
#include "mbedtls/private_access.h"
#include "crypto_platform.h" #include "crypto_platform.h"
@ -234,8 +235,8 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
*/ */
typedef struct typedef struct
{ {
psa_key_id_t key_id; psa_key_id_t MBEDTLS_PRIVATE(key_id);
mbedtls_key_owner_id_t owner; mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
} mbedtls_svc_key_id_t; } mbedtls_svc_key_id_t;
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

11
include/psa/crypto_values.h
View File

@ -33,6 +33,7 @@
#ifndef PSA_CRYPTO_VALUES_H #ifndef PSA_CRYPTO_VALUES_H
#define PSA_CRYPTO_VALUES_H #define PSA_CRYPTO_VALUES_H
#include "mbedtls/private_access.h"
/** \defgroup error Error codes /** \defgroup error Error codes
* @{ * @{
@ -2124,8 +2125,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{ {
return( (mbedtls_svc_key_id_t){ .key_id = key_id, return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
.owner = owner_id } ); .MBEDTLS_PRIVATE(owner) = owner_id } );
} }
/** Compare two key identifiers. /** Compare two key identifiers.
@ -2138,8 +2139,8 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 ) mbedtls_svc_key_id_t id2 )
{ {
return( ( id1.key_id == id2.key_id ) && return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
} }
/** Check whether a key identifier is null. /** Check whether a key identifier is null.
@ -2150,7 +2151,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*/ */
static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
{ {
return( ( key.key_id == 0 ) && ( key.owner == 0 ) ); return( ( key.MBEDTLS_PRIVATE(key_id) == 0 ) && ( key.MBEDTLS_PRIVATE(owner) == 0 ) );
} }
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

7
library/common.h
View File

@ -50,4 +50,11 @@
#define MBEDTLS_STATIC_TESTABLE static #define MBEDTLS_STATIC_TESTABLE static
#endif #endif
/** Allow library to access its structs' private members.
*
* Although structs defined in header files are publicly available,
* their members are private and should not be accessed by the user.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif /* MBEDTLS_LIBRARY_COMMON_H */ #endif /* MBEDTLS_LIBRARY_COMMON_H */

1
library/psa_crypto_driver_wrappers.c
View File

@ -19,6 +19,7 @@
* limitations under the License. * limitations under the License.
*/ */
#include "common.h"
#include "psa_crypto_aead.h" #include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h" #include "psa_crypto_cipher.h"
#include "psa_crypto_core.h" #include "psa_crypto_core.h"

6
library/psa_crypto_storage.c
View File

@ -18,11 +18,7 @@
* limitations under the License. * limitations under the License.
*/ */
#if defined(MBEDTLS_CONFIG_FILE) #include "common.h"
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)

6
library/psa_its_file.c
View File

@ -18,11 +18,7 @@
* limitations under the License. * limitations under the License.
*/ */
#if defined(MBEDTLS_CONFIG_FILE) #include "common.h"
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#if defined(MBEDTLS_PSA_ITS_FILE_C) #if defined(MBEDTLS_PSA_ITS_FILE_C)

8
programs/aes/crypt_and_hash.c
View File

@ -128,7 +128,7 @@ int main( int argc, char *argv[] )
while( *list ) while( *list )
{ {
cipher_info = mbedtls_cipher_info_from_type( *list ); cipher_info = mbedtls_cipher_info_from_type( *list );
mbedtls_printf( " %s\n", cipher_info->name ); mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
list++; list++;
} }
@ -313,7 +313,7 @@ int main( int argc, char *argv[] )
} }
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_ENCRYPT ) != 0 ) MBEDTLS_ENCRYPT ) != 0 )
{ {
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n"); mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@ -412,7 +412,7 @@ int main( int argc, char *argv[] )
/* /*
* Check the file size. * Check the file size.
*/ */
if( cipher_info->mode != MBEDTLS_MODE_GCM && if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) % ( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{ {
@ -452,7 +452,7 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &md_ctx, digest ); mbedtls_md_finish( &md_ctx, digest );
} }
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_DECRYPT ) != 0 ) MBEDTLS_DECRYPT ) != 0 )
{ {
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" ); mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );

2
programs/fuzz/fuzz_client.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"

2
programs/fuzz/fuzz_dtlsclient.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>

2
programs/fuzz/fuzz_dtlsserver.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>

2
programs/fuzz/fuzz_privkey.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include "mbedtls/pk.h" #include "mbedtls/pk.h"

2
programs/fuzz/fuzz_pubkey.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include "mbedtls/pk.h" #include "mbedtls/pk.h"

2
programs/fuzz/fuzz_server.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"

2
programs/fuzz/fuzz_x509crl.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_crl.h" #include "mbedtls/x509_crl.h"

2
programs/fuzz/fuzz_x509crt.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_crt.h" #include "mbedtls/x509_crt.h"

2
programs/fuzz/fuzz_x509csr.c
View File

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_csr.h" #include "mbedtls/x509_csr.h"

14
programs/pkey/dh_client.c
View File

@ -126,15 +126,15 @@ int main( void )
mbedtls_rsa_init( &rsa ); mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f ); fclose( f );
goto exit; goto exit;
} }
rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f ); fclose( f );
@ -192,7 +192,7 @@ int main( void )
goto exit; goto exit;
} }
if( dhm.len < 64 || dhm.len > 512 ) if( dhm.MBEDTLS_PRIVATE(len) < 64 || dhm.MBEDTLS_PRIVATE(len) > 512 )
{ {
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit; goto exit;
@ -207,7 +207,7 @@ int main( void )
p += 2; p += 2;
if( ( n = (size_t) ( end - p ) ) != rsa.len ) if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
{ {
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" ); mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit; goto exit;
@ -232,8 +232,8 @@ int main( void )
mbedtls_printf( "\n . Sending own public value to server" ); mbedtls_printf( "\n . Sending own public value to server" );
fflush( stdout ); fflush( stdout );
n = dhm.len; n = dhm.MBEDTLS_PRIVATE(len);
if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n, if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.MBEDTLS_PRIVATE(len), buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );

16
programs/pkey/dh_server.c
View File

@ -172,8 +172,8 @@ int main( void )
goto exit; goto exit;
} }
if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 || if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 ||
mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 )
{ {
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f ); fclose( f );
@ -209,7 +209,7 @@ int main( void )
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n, if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
@ -225,8 +225,8 @@ int main( void )
goto exit; goto exit;
} }
buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
buf[n + 1] = (unsigned char)( rsa.len ); buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256, if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 ) 0, hash, buf + n + 2 ) ) != 0 )
@ -235,7 +235,7 @@ int main( void )
goto exit; goto exit;
} }
buflen = n + 2 + rsa.len; buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
buf2[0] = (unsigned char)( buflen >> 8 ); buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen ); buf2[1] = (unsigned char)( buflen );
@ -254,14 +254,14 @@ int main( void )
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
n = dhm.len; n = dhm.MBEDTLS_PRIVATE(len);
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit; goto exit;
} }
if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 ) if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.MBEDTLS_PRIVATE(len) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
goto exit; goto exit;

30
programs/pkey/ecdh_curve25519.c
View File

@ -91,14 +91,14 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up client context..." ); mbedtls_printf( " . Setting up client context..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 ); ret = mbedtls_ecp_group_load( &ctx_cli.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, ret = mbedtls_ecdh_gen_public( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(d), &ctx_cli.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -106,7 +106,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 ); ret = mbedtls_mpi_write_binary( &ctx_cli.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@ -121,14 +121,14 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up server context..." ); mbedtls_printf( " . Setting up server context..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 ); ret = mbedtls_ecp_group_load( &ctx_srv.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q, ret = mbedtls_ecdh_gen_public( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(d), &ctx_srv.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -136,7 +136,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 ); ret = mbedtls_mpi_write_binary( &ctx_srv.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@ -151,22 +151,22 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Server reading client key and computing secret..." ); mbedtls_printf( " . Server reading client key and computing secret..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 ); ret = mbedtls_mpi_lset( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 ); ret = mbedtls_mpi_read_binary( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z, ret = mbedtls_ecdh_compute_shared( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(z),
&ctx_srv.Qp, &ctx_srv.d, &ctx_srv.MBEDTLS_PRIVATE(Qp), &ctx_srv.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -182,22 +182,22 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Client reading server key and computing secret..." ); mbedtls_printf( " . Client reading server key and computing secret..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 ); ret = mbedtls_mpi_lset( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 ); ret = mbedtls_mpi_read_binary( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit; goto exit;
} }
ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z, ret = mbedtls_ecdh_compute_shared( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(z),
&ctx_cli.Qp, &ctx_cli.d, &ctx_cli.MBEDTLS_PRIVATE(Qp), &ctx_cli.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Checking if both computed secrets are equal..." ); mbedtls_printf( " . Checking if both computed secrets are equal..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z ); ret = mbedtls_mpi_cmp_mpi( &ctx_cli.MBEDTLS_PRIVATE(z), &ctx_srv.MBEDTLS_PRIVATE(z) );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );

10
programs/pkey/ecdsa.c
View File

@ -55,7 +55,7 @@
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 #define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS) #if !defined(ECPARAMS)
#define ECPARAMS mbedtls_ecp_curve_list()->grp_id #define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#endif #endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ #if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
@ -84,7 +84,7 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
unsigned char buf[300]; unsigned char buf[300];
size_t len; size_t len;
if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q, if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 ) MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{ {
mbedtls_printf("internal error\n"); mbedtls_printf("internal error\n");
@ -156,7 +156,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits ); mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(pbits) );
dump_pubkey( " + Public key: ", &ctx_sign ); dump_pubkey( " + Public key: ", &ctx_sign );
@ -204,13 +204,13 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Preparing verification context..." ); mbedtls_printf( " . Preparing verification context..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 ) if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
goto exit; goto exit;
} }
if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 ) if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
goto exit; goto exit;

18
programs/pkey/gen_key.c
View File

@ -90,7 +90,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id #define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#else #else
#define DFL_EC_CURVE 0 #define DFL_EC_CURVE 0
#endif #endif
@ -223,9 +223,9 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" ); mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list(); curve_info = mbedtls_ecp_curve_list();
mbedtls_printf( " %s (default)\n", curve_info->name ); mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
while( ( ++curve_info )->name != NULL ) while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
mbedtls_printf( " %s\n", curve_info->name ); mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
goto exit; goto exit;
} }
@ -274,7 +274,7 @@ int main( int argc, char *argv[] )
{ {
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL ) if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage; goto usage;
opt.ec_curve = curve_info->grp_id; opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
} }
#endif #endif
else if( strcmp( p, "filename" ) == 0 ) else if( strcmp( p, "filename" ) == 0 )
@ -395,10 +395,10 @@ int main( int argc, char *argv[] )
{ {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n", mbedtls_printf( "curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name ); mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(id) )->MBEDTLS_PRIVATE(name) );
mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
} }
else else
#endif #endif

14
programs/pkey/key_app.c
View File

@ -222,10 +222,10 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{ {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) );
} }
else else
#endif #endif
@ -273,9 +273,9 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{ {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
} }
else else
#endif #endif

14
programs/pkey/key_app_writer.c
View File

@ -335,10 +335,10 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{ {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ); mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
} }
else else
#endif #endif
@ -389,9 +389,9 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{ {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
} }
else else
#endif #endif

2
programs/pkey/rsa_decrypt.c
View File

@ -164,7 +164,7 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
if( i != rsa.len ) if( i != rsa.MBEDTLS_PRIVATE(len) )
{ {
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit; goto exit;

2
programs/pkey/rsa_encrypt.c
View File

@ -160,7 +160,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
for( i = 0; i < rsa.len; i++ ) for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i], mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " ); ( i + 1 ) % 16 == 0 ? "\r\n" : " " );

2
programs/pkey/rsa_sign.c
View File

@ -164,7 +164,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
for( i = 0; i < rsa.len; i++ ) for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i], mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " ); ( i + 1 ) % 16 == 0 ? "\r\n" : " " );

8
programs/pkey/rsa_verify.c
View File

@ -89,15 +89,15 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f ); fclose( f );
goto exit; goto exit;
} }
rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f ); fclose( f );
@ -119,7 +119,7 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
if( i != rsa.len ) if( i != rsa.MBEDTLS_PRIVATE(len) )
{ {
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit; goto exit;

2
programs/ssl/dtls_server.c
View File

@ -229,7 +229,7 @@ int main( void )
mbedtls_ssl_cache_set ); mbedtls_ssl_cache_set );
#endif #endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{ {
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

4
programs/ssl/mini_client.c
View File

@ -250,13 +250,13 @@ int main( void )
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0; ret = 0;
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{ {
ret = socket_failed; ret = socket_failed;
goto exit; goto exit;
} }
if( connect( server_fd.fd, if( connect( server_fd.MBEDTLS_PRIVATE(fd),
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{ {
ret = connect_failed; ret = connect_failed;

2
programs/ssl/ssl_client2.c
View File

@ -17,6 +17,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h" #include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)

2
programs/ssl/ssl_context_info.c
View File

@ -17,6 +17,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
#else #else

2
programs/ssl/ssl_fork_server.c
View File

@ -193,7 +193,7 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{ {
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

1
programs/ssl/ssl_mail_client.c
View File

@ -20,6 +20,7 @@
/* Enable definition of gethostname() even when compiling with -std=c99. Must /* Enable definition of gethostname() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600 #define _XOPEN_SOURCE 600

2
programs/ssl/ssl_server.c
View File

@ -215,7 +215,7 @@ int main( void )
mbedtls_ssl_cache_set ); mbedtls_ssl_cache_set );
#endif #endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

2
programs/ssl/ssl_server2.c
View File

@ -17,6 +17,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h" #include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)

2
programs/ssl/ssl_test_lib.c
View File

@ -20,6 +20,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h" #include "ssl_test_lib.h"
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS)

2
programs/test/benchmark.c
View File

@ -17,6 +17,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
#else #else

2
programs/test/selftest.c
View File

@ -17,6 +17,8 @@
* limitations under the License. * limitations under the License.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
#else #else

2
programs/test/udp_proxy.c
View File

@ -23,6 +23,8 @@
* example of good general usage. * example of good general usage.
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
#else #else

2
programs/x509/cert_app.c
View File

@ -335,7 +335,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "%s\n", buf ); mbedtls_printf( "%s\n", buf );
cur = cur->next; cur = cur->MBEDTLS_PRIVATE(next);
} }
/* /*

8
programs/x509/cert_write.c
View File

@ -518,7 +518,7 @@ int main( int argc, char *argv[] )
} }
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name), ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
&issuer_crt.subject ); &issuer_crt.MBEDTLS_PRIVATE(subject) );
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
@ -552,7 +552,7 @@ int main( int argc, char *argv[] )
} }
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name), ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
&csr.subject ); &csr.MBEDTLS_PRIVATE(subject) );
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
@ -562,7 +562,7 @@ int main( int argc, char *argv[] )
} }
opt.subject_name = subject_name; opt.subject_name = subject_name;
subject_key = &csr.pk; subject_key = &csr.MBEDTLS_PRIVATE(pk);
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
} }
@ -606,7 +606,7 @@ int main( int argc, char *argv[] )
// //
if( strlen( opt.issuer_crt ) ) if( strlen( opt.issuer_crt ) )
{ {
if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 ) if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 )
{ {
mbedtls_printf( " failed\n ! issuer_key does not match " mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" ); "issuer certificate\n\n" );

Some files were not shown because too many files have changed in this diff Show More