Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts: include/mbedtls/ecdh.h -> documentation style include/mbedtls/ecdsa.h -> documentation style include/mbedtls/ecp.h -> alt style, new error codes, documentation style include/mbedtls/error.h -> new error codes library/error.c -> new error codes (generated anyway) library/ecp.c: - code of an extracted function was changed library/ssl_cli.c: - code addition on one side near code change on the other side (ciphersuite validation) library/x509_crt.c -> various things - top fo file: helper structure added near old zeroize removed - documentation of find_parent_in()'s signature: improved on one side, added arguments on the other side - documentation of find_parent()'s signature: same as above - verify_chain(): variables initialised later to give compiler an opportunity to warn us if not initialised on a code path - find_parent(): funcion structure completely changed, for some reason git tried to insert a paragraph of the old structure... - merge_flags_with_cb(): data structure changed, one line was fixed with a cast to keep MSVC happy, this cast is already in the new version - in verify_restratable(): adjacent independent changes (function signature on one line, variable type on the next) programs/ssl/ssl_client2.c: - testing for IN_PROGRESS return code near idle() (event-driven): don't wait for data in the the socket if ECP_IN_PROGRESS tests/data_files/Makefile: adjacent independent additions tests/suites/test_suite_ecdsa.data: adjacent independent additions tests/suites/test_suite_x509parse.data: adjacent independent additions * development: (1059 commits) Change symlink to hardlink to avoid permission issues Fix out-of-tree testing symlinks on Windows Updated version number to 2.10.0 for release Add a disabled CMAC define in the no-entropy configuration Adapt the ARIA test cases for new ECB function Fix file permissions for ssl.h Add ChangeLog entry for PR#1651 Fix MicroBlaze register typo. Fix typo in doc and copy missing warning Fix edit mistake in cipher_wrap.c Update CTR doc for the 64-bit block cipher Update CTR doc for other 128-bit block ciphers Slightly tune ARIA CTR documentation Remove double declaration of mbedtls_ssl_list_ciphersuites Update CTR documentation Use zeroize function from new platform_util Move to new header style for ALT implementations Add ifdef for selftest in header file Fix typo in comments Use more appropriate type for local variable ...
This commit is contained in:
commit
da19f4c79f
4
.github/issue_template.md
vendored
4
.github/issue_template.md
vendored
@ -8,7 +8,7 @@ Note: This is just a template, so feel free to use/remove the unnecessary things
|
||||
## Bug
|
||||
|
||||
**OS**
|
||||
mbed-OS|linux|windows|
|
||||
Mbed OS|linux|windows|
|
||||
|
||||
**mbed TLS build:**
|
||||
Version: x.x.x or git commit id
|
||||
@ -38,4 +38,4 @@ Version:
|
||||
|
||||
## Question
|
||||
|
||||
**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)**
|
||||
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
|
||||
|
@ -9,6 +9,7 @@ script:
|
||||
- tests/scripts/check-generated-files.sh
|
||||
- tests/scripts/check-doxy-blocks.pl
|
||||
- tests/scripts/check-names.sh
|
||||
- tests/scripts/check-files.py
|
||||
- tests/scripts/doxygen.sh
|
||||
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
|
||||
- make
|
||||
|
@ -31,7 +31,7 @@ find_package(Perl)
|
||||
if(PERL_FOUND)
|
||||
|
||||
# If NULL Entropy is configured, display an appropriate warning
|
||||
execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
|
||||
execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
|
||||
RESULT_VARIABLE result)
|
||||
if(${result} EQUAL 0)
|
||||
message(WARNING ${NULL_ENTROPY_WARNING})
|
||||
@ -56,6 +56,34 @@ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
|
||||
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
|
||||
FORCE)
|
||||
|
||||
# Create a symbolic link from ${base_name} in the binary directory
|
||||
# to the corresponding path in the source directory.
|
||||
function(link_to_source base_name)
|
||||
# Get OS dependent path to use in `execute_process`
|
||||
file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link)
|
||||
file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target)
|
||||
|
||||
if (NOT EXISTS ${link})
|
||||
if (CMAKE_HOST_UNIX)
|
||||
set(command ln -s ${target} ${link})
|
||||
else()
|
||||
if (IS_DIRECTORY ${target})
|
||||
set(command cmd.exe /c mklink /j ${link} ${target})
|
||||
else()
|
||||
set(command cmd.exe /c mklink /h ${link} ${target})
|
||||
endif()
|
||||
endif()
|
||||
|
||||
execute_process(COMMAND ${command}
|
||||
RESULT_VARIABLE result
|
||||
ERROR_VARIABLE output)
|
||||
|
||||
if (NOT ${result} EQUAL 0)
|
||||
message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
|
||||
endif()
|
||||
endif()
|
||||
endfunction(link_to_source)
|
||||
|
||||
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
@ -126,8 +154,8 @@ if(ENABLE_PROGRAMS)
|
||||
endif()
|
||||
|
||||
ADD_CUSTOM_TARGET(apidoc
|
||||
COMMAND doxygen doxygen/mbedtls.doxyfile
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
COMMAND doxygen mbedtls.doxyfile
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
|
||||
|
||||
if(ENABLE_TESTING)
|
||||
enable_testing()
|
||||
@ -164,3 +192,12 @@ if(ENABLE_TESTING)
|
||||
)
|
||||
endif(UNIX)
|
||||
endif()
|
||||
|
||||
# Make scripts needed for testing available in an out-of-source build.
|
||||
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
link_to_source(scripts)
|
||||
# Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
|
||||
# keep things simple with the sed commands in the memcheck target.
|
||||
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
|
||||
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
|
||||
endif()
|
||||
|
63
CONTRIBUTING.md
Normal file
63
CONTRIBUTING.md
Normal file
@ -0,0 +1,63 @@
|
||||
Contributing
|
||||
============
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||
- The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
|
||||
|
||||
Contributor License Agreement (CLA)
|
||||
-----------------------------------
|
||||
- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
|
||||
- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||
|
||||
Coding Standards
|
||||
----------------
|
||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
|
||||
- The code should be written in a clean and readable style.
|
||||
- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs.
|
||||
- The code should be secure, and will be reviewed from a security point of view as well.
|
||||
|
||||
Making a Contribution
|
||||
---------------------
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
|
||||
1. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
|
||||
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
|
||||
1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
|
||||
|
||||
Backports
|
||||
---------
|
||||
Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules:
|
||||
|
||||
1. If the contribution is a new feature or enhancement, no backporting is needed.
|
||||
1. Bug fixes should be backported to the legacy branches containing these bugs.
|
||||
1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch.
|
||||
|
||||
It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
|
||||
At the moment, the legacy branches are:
|
||||
|
||||
1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3)
|
||||
1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
|
||||
|
||||
Tests
|
||||
-----
|
||||
As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
|
||||
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
|
||||
|
||||
Sample applications, if needed, should be modified as well.
|
||||
|
||||
Continuous Integration Tests
|
||||
----------------------------
|
||||
Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
|
||||
It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
Mbed TLS should be well documented. If documentation is needed, speak out!
|
||||
|
||||
1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
|
||||
1. Complex parts in the code should include comments.
|
||||
1. If needed, a Readme file is advised.
|
||||
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
|
||||
1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
|
517
ChangeLog
517
ChangeLog
@ -1,6 +1,6 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.y.0 released YYYY-MM-DD
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Features
|
||||
* Add support for restartable ECC operations, enabled by
|
||||
@ -10,70 +10,516 @@ Features
|
||||
functions in ECDH and SSL (currently only implemented client-side, for
|
||||
ECDHE-ECDSA ciphersuites with TLS 1.2, including client authentication).
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
= mbed TLS 2.10.0 branch released 2018-06-06
|
||||
|
||||
Features
|
||||
* Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites
|
||||
(RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h
|
||||
|
||||
API Changes
|
||||
* Extend the platform module with a util component that contains
|
||||
functionality shared by multiple Mbed TLS modules. At this stage
|
||||
platform_util.h (and its associated platform_util.c) only contain
|
||||
mbedtls_platform_zeroize(), which is a critical function from a security
|
||||
point of view. mbedtls_platform_zeroize() needs to be regularly tested
|
||||
against compilers to ensure that calls to it are not removed from the
|
||||
output binary as part of redundant code elimination optimizations.
|
||||
Therefore, mbedtls_platform_zeroize() is moved to the platform module to
|
||||
facilitate testing and maintenance.
|
||||
|
||||
Bugfix
|
||||
* Fix an issue with MicroBlaze support in bn_mul.h which was causing the
|
||||
build to fail. Found by zv-io. Fixes #1651.
|
||||
|
||||
Changes
|
||||
* Support TLS testing in out-of-source builds using cmake. Fixes #1193.
|
||||
* Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
|
||||
TrinityTonic. #1359.
|
||||
|
||||
= mbed TLS 2.9.0 branch released 2018-04-30
|
||||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||
* Fix an issue in the X.509 module which could lead to a buffer overread
|
||||
during certificate validation. Additionally, the issue could also lead to
|
||||
unnecessary callback checks being made or to some validation checks to be
|
||||
omitted. The overread could be triggered remotely, while the other issues
|
||||
would require a non DER-compliant certificate to be correctly signed by a
|
||||
trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
|
||||
luocm. Fixes #825.
|
||||
* Fix the buffer length assertion in the ssl_parse_certificate_request()
|
||||
function which led to an arbitrary overread of the message buffer. The
|
||||
overreads could be caused by receiving a malformed message at the point
|
||||
where an optional signature algorithms list is expected when the signature
|
||||
algorithms section is too short. In builds with debug output, the overread
|
||||
data is output with the debug data.
|
||||
* Fix a client-side bug in the validation of the server's ciphersuite choice
|
||||
which could potentially lead to the client accepting a ciphersuite it didn't
|
||||
offer or a ciphersuite that cannot be used with the TLS or DTLS version
|
||||
chosen by the server. This could lead to corruption of internal data
|
||||
structures for some configurations.
|
||||
|
||||
Features
|
||||
* Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES
|
||||
tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB.
|
||||
Suggested and contributed by jkivilin in pull request #394.
|
||||
* Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and
|
||||
ECDH primitive functions (mbedtls_ecdh_gen_public(),
|
||||
mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
|
||||
Nicholas Wilson in pull request #348.
|
||||
|
||||
API Changes
|
||||
* Extend the public API with the function of mbedtls_net_poll() to allow user
|
||||
applications to wait for a network context to become ready before reading
|
||||
or writing.
|
||||
* Add function mbedtls_ssl_check_pending() to the public API to allow
|
||||
a check for whether more more data is pending to be processed in the
|
||||
internal message buffers.
|
||||
This function is necessary to determine when it is safe to idle on the
|
||||
underlying transport in case event-driven IO is used.
|
||||
|
||||
Bugfix
|
||||
* Fix a spurious uninitialized variable warning in cmac.c. Fix independently
|
||||
contributed by Brian J Murray and David Brown.
|
||||
* Add missing dependencies in test suites that led to build failures
|
||||
in configurations that omit certain hashes or public-key algorithms.
|
||||
Fixes #1040.
|
||||
* Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks.
|
||||
#1353
|
||||
* Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
|
||||
MBEDTLS_VERSION_FEATURES in some test suites. Contributed by
|
||||
Deomid Ryabkov. Fixes #1299, #1475.
|
||||
* Fix the Makefile build process for building shared libraries on Mac OS X.
|
||||
Fixed by mnacamura.
|
||||
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
|
||||
unable to parse keys which had only the optional parameters field of the
|
||||
ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
|
||||
* Return the plaintext data more quickly on unpadded CBC decryption, as
|
||||
stated in the mbedtls_cipher_update() documentation. Contributed by
|
||||
Andy Leiserson.
|
||||
* Fix overriding and ignoring return values when parsing and writing to
|
||||
a file in pk_sign program. Found by kevlut in #1142.
|
||||
* Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
|
||||
where data needs to be fetched from the underlying transport in order
|
||||
to make progress. Previously, this error code was also occasionally
|
||||
returned when unexpected messages were being discarded, ignoring that
|
||||
further messages could potentially already be pending to be processed
|
||||
in the internal buffers; these cases led to deadlocks when event-driven
|
||||
I/O was used. Found and reported by Hubert Mis in #772.
|
||||
* Fix buffer length assertions in the ssl_parse_certificate_request()
|
||||
function which leads to a potential one byte overread of the message
|
||||
buffer.
|
||||
* Fix invalid buffer sizes passed to zlib during record compression and
|
||||
decompression.
|
||||
* Fix the soversion of libmbedcrypto to match the soversion of the
|
||||
maintained 2.7 branch. The soversion was increased in Mbed TLS
|
||||
version 2.7.1 to reflect breaking changes in that release, but the
|
||||
increment was missed in 2.8.0 and later releases outside of the 2.7 branch.
|
||||
|
||||
Changes
|
||||
* Remove some redundant code in bignum.c. Contributed by Alexey Skalozub.
|
||||
* Support cmake builds where Mbed TLS is a subproject. Fix contributed
|
||||
independently by Matthieu Volat and Arne Schwabe.
|
||||
* Improve testing in configurations that omit certain hashes or
|
||||
public-key algorithms. Includes contributions by Gert van Dijk.
|
||||
* Improve negative testing of X.509 parsing.
|
||||
* Do not define global mutexes around readdir() and gmtime() in
|
||||
configurations where the feature is disabled. Found and fixed by Gergely
|
||||
Budai.
|
||||
* Harden the function mbedtls_ssl_config_free() against misuse, so that it
|
||||
doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and
|
||||
instead incorrectly manipulates the configuration structure directly.
|
||||
Found and fix submitted by junyeonLEE in #1220.
|
||||
* Provide an empty implementation of mbedtls_pkcs5_pbes2() when
|
||||
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
|
||||
without PBES2. Fixed by Marcos Del Sol Vives.
|
||||
* Add the order of the base point as N in the mbedtls_ecp_group structure
|
||||
for Curve25519 (other curves had it already). Contributed by Nicholas
|
||||
Wilson #481
|
||||
* Improve the documentation of mbedtls_net_accept(). Contributed by Ivan
|
||||
Krylov.
|
||||
* Improve the documentation of mbedtls_ssl_write(). Suggested by
|
||||
Paul Sokolovsky in #1356.
|
||||
* Add an option in the Makefile to support ar utilities where the operation
|
||||
letter must not be prefixed by '-', such as LLVM. Found and fixed by
|
||||
Alex Hixon.
|
||||
* Allow configuring the shared library extension by setting the DLEXT
|
||||
environment variable when using the project makefiles.
|
||||
* Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution
|
||||
by Alexey Skalozub in #405.
|
||||
* In the SSL module, when f_send, f_recv or f_recv_timeout report
|
||||
transmitting more than the required length, return an error. Raised by
|
||||
Sam O'Connor in #1245.
|
||||
* Improve robustness of mbedtls_ssl_derive_keys against the use of
|
||||
HMAC functions with non-HMAC ciphersuites. Independently contributed
|
||||
by Jiayuan Chen in #1377. Fixes #1437.
|
||||
* Improve security of RSA key generation by including criteria from
|
||||
FIPS 186-4. Contributed by Jethro Beekman. #1380
|
||||
* Declare functions in header files even when an alternative implementation
|
||||
of the corresponding module is activated by defining the corresponding
|
||||
MBEDTLS_XXX_ALT macro. This means that alternative implementations do
|
||||
not need to copy the declarations, and ensures that they will have the
|
||||
same API.
|
||||
* Add platform setup and teardown calls in test suites.
|
||||
|
||||
= mbed TLS 2.8.0 branch released 2018-03-16
|
||||
|
||||
Default behavior changes
|
||||
* The truncated HMAC extension now conforms to RFC 6066. This means
|
||||
that when both sides of a TLS connection negotiate the truncated
|
||||
HMAC extension, Mbed TLS can now interoperate with other
|
||||
compliant implementations, but this breaks interoperability with
|
||||
prior versions of Mbed TLS. To restore the old behavior, enable
|
||||
the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in
|
||||
config.h. Found by Andreas Walz (ivESK, Offenburg University of
|
||||
Applied Sciences).
|
||||
|
||||
Security
|
||||
* Fix implementation of the truncated HMAC extension. The previous
|
||||
implementation allowed an offline 2^80 brute force attack on the
|
||||
HMAC key of a single, uninterrupted connection (with no
|
||||
resumption of the session).
|
||||
* Verify results of RSA private key operations to defend
|
||||
against Bellcore glitch attack.
|
||||
* Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
|
||||
a crash on invalid input.
|
||||
* Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
|
||||
crash on invalid input.
|
||||
* Fix CRL parsing to reject CRLs containing unsupported critical
|
||||
extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
|
||||
|
||||
Features
|
||||
* Extend PKCS#8 interface by introducing support for the entire SHA
|
||||
algorithms family when encrypting private keys using PKCS#5 v2.0.
|
||||
This allows reading encrypted PEM files produced by software that
|
||||
uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli,
|
||||
OpenVPN Inc. Fixes #1339
|
||||
* Add support for public keys encoded in PKCS#1 format. #1122
|
||||
|
||||
New deprecations
|
||||
* Deprecate support for record compression (configuration option
|
||||
MBEDTLS_ZLIB_SUPPORT).
|
||||
|
||||
Bugfix
|
||||
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
||||
Fixes #1358.
|
||||
* Fix test_suite_pk to work on 64-bit ILP32 systems. #849
|
||||
* Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
|
||||
with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
|
||||
In the context of SSL, this resulted in handshake failure. Reported by
|
||||
daniel in the Mbed TLS forum. #1351
|
||||
* Fix Windows x64 builds with the included mbedTLS.sln file. #1347
|
||||
* Fix setting version TLSv1 as minimal version, even if TLS 1
|
||||
is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
|
||||
and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
|
||||
* Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
|
||||
only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and
|
||||
Nick Wilson on issue #355
|
||||
* In test_suite_pk, pass valid parameters when testing for hash length
|
||||
overflow. #1179
|
||||
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
|
||||
by Guido Vranken. #639
|
||||
* Log correct number of ciphersuites used in Client Hello message. #918
|
||||
* Fix X509 CRT parsing that would potentially accept an invalid tag when
|
||||
parsing the subject alternative names.
|
||||
* Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
|
||||
that could cause a key exchange to fail on valid data.
|
||||
* Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
|
||||
could cause a key exchange to fail on valid data.
|
||||
* Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under
|
||||
MBEDTLS_DEPRECATED_REMOVED. #1388
|
||||
* Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
|
||||
Found through fuzz testing.
|
||||
|
||||
Changes
|
||||
* Fix tag lengths and value ranges in the documentation of CCM encryption.
|
||||
Contributed by Mathieu Briand.
|
||||
* Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky.
|
||||
* Remove support for the library reference configuration for picocoin.
|
||||
* MD functions deprecated in 2.7.0 are no longer inline, to provide
|
||||
a migration path for those depending on the library's ABI.
|
||||
* Clarify the documentation of mbedtls_ssl_setup.
|
||||
* Use (void) when defining functions with no parameters. Contributed by
|
||||
Joris Aerts. #678
|
||||
|
||||
= mbed TLS 2.7.0 branch released 2018-02-03
|
||||
|
||||
Security
|
||||
* Fix a heap corruption issue in the implementation of the truncated HMAC
|
||||
extension. When the truncated HMAC extension is enabled and CBC is used,
|
||||
sending a malicious application packet could be used to selectively corrupt
|
||||
6 bytes on the peer's heap, which could potentially lead to crash or remote
|
||||
code execution. The issue could be triggered remotely from either side in
|
||||
both TLS and DTLS. CVE-2018-0488
|
||||
* Fix a buffer overflow in RSA-PSS verification when the hash was too large
|
||||
for the key size, which could potentially lead to crash or remote code
|
||||
execution. Found by Seth Terashima, Qualcomm Product Security Initiative,
|
||||
Qualcomm Technologies Inc. CVE-2018-0487
|
||||
* Fix buffer overflow in RSA-PSS verification when the unmasked data is all
|
||||
zeros.
|
||||
* Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
||||
64 KiB to the address of the SSL buffer and causing a wrap around.
|
||||
* Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by
|
||||
default enabled) maximum fragment length extension is disabled in the
|
||||
config and the application data buffer passed to mbedtls_ssl_write
|
||||
is larger than the internal message buffer (16384 bytes by default), the
|
||||
latter overflows. The exploitability of this issue depends on whether the
|
||||
application layer can be forced into sending such large packets. The issue
|
||||
was independently reported by Tim Nordell via e-mail and by Florin Petriuc
|
||||
and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022.
|
||||
Fixes #707.
|
||||
* Add a provision to prevent compiler optimizations breaking the time
|
||||
constancy of mbedtls_ssl_safer_memcmp().
|
||||
* Ensure that buffers are cleared after use if they contain sensitive data.
|
||||
Changes were introduced in multiple places in the library.
|
||||
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
||||
being leaked to memory after release.
|
||||
* Fix dhm_check_range() failing to detect trivial subgroups and potentially
|
||||
leaking 1 bit of the private key. Reported by prashantkspatil.
|
||||
* Make mbedtls_mpi_read_binary() constant-time with respect to the input
|
||||
data. Previously, trailing zero bytes were detected and omitted for the
|
||||
sake of saving memory, but potentially leading to slight timing
|
||||
differences. Reported by Marco Macchetti, Kudelski Group.
|
||||
* Wipe stack buffer temporarily holding EC private exponent
|
||||
after keypair generation.
|
||||
* Fix a potential heap buffer over-read in ALPN extension parsing
|
||||
(server-side). Could result in application crash, but only if an ALPN
|
||||
name larger than 16 bytes had been configured on the server.
|
||||
* Change default choice of DHE parameters from untrustworthy RFC 5114
|
||||
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
|
||||
manner.
|
||||
|
||||
Features
|
||||
* Allow comments in test data files.
|
||||
* The selftest program can execute a subset of the tests based on command
|
||||
line arguments.
|
||||
* New unit tests for timing. Improve the self-test to be more robust
|
||||
when run on a heavily-loaded machine.
|
||||
* Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT,
|
||||
MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs.
|
||||
* Add support for alternative implementations of GCM, selected by the
|
||||
configuration flag MBEDTLS_GCM_ALT.
|
||||
* Add support for alternative implementations for ECDSA, controlled by new
|
||||
configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
|
||||
MBEDTLS_ECDSDA_GENKEY_AT in config.h.
|
||||
The following functions from the ECDSA module can be replaced
|
||||
with alternative implementation:
|
||||
mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
|
||||
* Add support for alternative implementation of ECDH, controlled by the
|
||||
new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and
|
||||
MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h.
|
||||
The following functions from the ECDH module can be replaced
|
||||
with an alternative implementation:
|
||||
mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared().
|
||||
* Add support for alternative implementation of ECJPAKE, controlled by
|
||||
the new configuration flag MBEDTLS_ECJPAKE_ALT.
|
||||
* Add mechanism to provide alternative implementation of the DHM module.
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
independent setup and export of RSA contexts. Most notably,
|
||||
mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting
|
||||
up RSA contexts from partial key material and having them completed to the
|
||||
needs of the implementation automatically. This allows to setup private RSA
|
||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
* The following functions in the message digest modules (MD2, MD4, MD5,
|
||||
SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
|
||||
The new functions change the return type from void to int to allow
|
||||
returning error codes when using MBEDTLS_<MODULE>_ALT.
|
||||
mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret()
|
||||
mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret()
|
||||
mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret()
|
||||
mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process()
|
||||
|
||||
New deprecations
|
||||
* Deprecate usage of RSA primitives with non-matching key-type
|
||||
(e.g. signing with a public key).
|
||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||
Users are advised to use the extended RSA API instead.
|
||||
* Deprecate usage of message digest functions that return void
|
||||
(mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update,
|
||||
mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
|
||||
any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
|
||||
that can return an error code.
|
||||
* Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
|
||||
parameters from RFC 3526 or the newly added parameters from RFC 7919.
|
||||
* Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc.
|
||||
Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN
|
||||
etc.
|
||||
* Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters
|
||||
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
|
||||
accepting DHM parameters in binary form, matching the new constants.
|
||||
|
||||
Bugfix
|
||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||
as recommended in RFC 6347 Section 4.1.2.7.
|
||||
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
||||
Found by projectgus and Jethro Beekman, #836.
|
||||
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
||||
* Parse signature algorithm extension when renegotiating. Previously,
|
||||
renegotiated handshakes would only accept signatures using SHA-1
|
||||
regardless of the peer's preferences, or fail if SHA-1 was disabled.
|
||||
* Fix leap year calculation in x509_date_is_valid() to ensure that invalid
|
||||
dates on leap years with 100 and 400 intervals are handled correctly. Found
|
||||
by Nicholas Wilson. #694
|
||||
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
|
||||
accepted. Generating these signatures required the private key.
|
||||
* Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
|
||||
Found independently by Florian in the mbed TLS forum and by Mishamax.
|
||||
#878, #1019.
|
||||
* Fix variable used before assignment compilation warnings with IAR
|
||||
toolchain. Found by gkerrien38.
|
||||
* Fix unchecked return codes from AES, DES and 3DES functions in
|
||||
pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
|
||||
If a call to one of the functions of the cryptographic primitive modules
|
||||
failed, the error may not be noticed by the function
|
||||
mbedtls_pem_read_buffer() causing it to return invalid values. Found by
|
||||
Guido Vranken. #756
|
||||
* Include configuration file in md.h, to fix compilation warnings.
|
||||
Reported by aaronmdjones in #1001
|
||||
* Correct extraction of signature-type from PK instance in X.509 CRT and CSR
|
||||
writing routines that prevented these functions to work with alternative
|
||||
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
|
||||
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
|
||||
non-v3 CRT's.
|
||||
* Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
|
||||
* Fix net_would_block() to avoid modification by errno through fcntl() call.
|
||||
Found by nkolban. Fixes #845.
|
||||
* Fix handling of handshake messages in mbedtls_ssl_read() in case
|
||||
MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp.
|
||||
* Add a check for invalid private parameters in mbedtls_ecdsa_sign().
|
||||
Reported by Yolan Romailler.
|
||||
* Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
|
||||
* Fix incorrect unit in benchmark output. #850
|
||||
* Add size-checks for record and handshake message content, securing
|
||||
fragile yet non-exploitable code-paths.
|
||||
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
||||
MilenkoMitrovic, #1104
|
||||
* Fix mbedtls_timing_alarm(0) on Unix and MinGW.
|
||||
* Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1.
|
||||
* Fix possible memory leaks in mbedtls_gcm_self_test().
|
||||
* Added missing return code checks in mbedtls_aes_self_test().
|
||||
* Fix issues in RSA key generation program programs/x509/rsa_genkey and the
|
||||
RSA test suite where the failure of CTR DRBG initialization lead to
|
||||
freeing an RSA context and several MPI's without proper initialization
|
||||
beforehand.
|
||||
* Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue.
|
||||
* Fix programs/pkey/dh_server.c so that it actually works with dh_client.c.
|
||||
Found and fixed by Martijn de Milliano.
|
||||
* Fix an issue in the cipher decryption with the mode
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding.
|
||||
Note, this padding mode is not used by the TLS protocol. Found and fixed by
|
||||
Micha Kraus.
|
||||
* Fix the entropy.c module to not call mbedtls_sha256_starts() or
|
||||
mbedtls_sha512_starts() in the mbedtls_entropy_init() function.
|
||||
* Fix the entropy.c module to ensure that mbedtls_sha256_init() or
|
||||
mbedtls_sha512_init() is called before operating on the relevant context
|
||||
structure. Do not assume that zeroizing a context is a correct way to
|
||||
reset it. Found independently by ccli8 on Github.
|
||||
* In mbedtls_entropy_free(), properly free the message digest context.
|
||||
* Fix status handshake status message in programs/ssl/dtls_client.c. Found
|
||||
and fixed by muddog.
|
||||
|
||||
Changes
|
||||
* Extend cert_write example program by options to set the certificate version
|
||||
and the message digest. Further, allow enabling/disabling of authority
|
||||
identifier, subject identifier and basic constraints extensions.
|
||||
* Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In
|
||||
particular, don't require P,Q if neither CRT nor blinding are
|
||||
used. Reported and fix proposed independently by satur9nine and sliai
|
||||
on GitHub.
|
||||
* Only run AES-192 self-test if AES-192 is available. Fixes #963.
|
||||
* Tighten the RSA PKCS#1 v1.5 signature verification code and remove the
|
||||
undeclared dependency of the RSA module on the ASN.1 module.
|
||||
* Update all internal usage of deprecated message digest functions to the
|
||||
new ones with return codes. In particular, this modifies the
|
||||
mbedtls_md_info_t structure. Propagate errors from these functions
|
||||
everywhere except some locations in the ssl_tls.c module.
|
||||
* Improve CTR_DRBG error handling by propagating underlying AES errors.
|
||||
* Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
|
||||
modules where the software implementation can be replaced by a hardware
|
||||
implementation.
|
||||
* Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4
|
||||
throughout the library.
|
||||
|
||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
|
||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||
(default: 8) intermediates, even when it was not trusted. Could be
|
||||
triggered remotely on both sides. (With auth_mode set to required
|
||||
(default), the handshake was correctly aborted.)
|
||||
(default: 8) intermediates, even when it was not trusted. This could be
|
||||
triggered remotely from either side. (With authmode set to 'required'
|
||||
(the default), the handshake was correctly aborted).
|
||||
* Reliably wipe sensitive data after use in the AES example applications
|
||||
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||
Found by Laurent Simon.
|
||||
|
||||
Features
|
||||
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
||||
and the context struct mbedtls_platform_context to perform
|
||||
platform-specific setup and teardown operations. The macro
|
||||
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
||||
by the user in a platform_alt.h file. This new APIs are required in some
|
||||
embedded environments that have hardware acceleration support.
|
||||
by the user in a platform_alt.h file. These new functions are required in
|
||||
some embedded environments to provide a means of initialising underlying
|
||||
cryptographic acceleration hardware.
|
||||
|
||||
API Changes
|
||||
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
||||
API consistent with mbed TLS 2.5.0. Specifically removed the inline
|
||||
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
|
||||
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
|
||||
Found by James Cowgill.
|
||||
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
|
||||
by James Cowgill. #978
|
||||
* Certificate verification functions now set flags to -1 in case the full
|
||||
chain was not verified due to an internal error (including in the verify
|
||||
callback) or chain length limitations.
|
||||
* With authmode set to optional, handshake is now aborted if the
|
||||
* With authmode set to optional, the TLS handshake is now aborted if the
|
||||
verification of the peer's certificate failed due to an overlong chain or
|
||||
a fatal error in the vrfy callback.
|
||||
a fatal error in the verify callback.
|
||||
|
||||
Bugfix
|
||||
* Add a check if iv_len is zero, and return an error if it is zero. reported
|
||||
by roberto. #716
|
||||
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
|
||||
Reported by roberto. #716
|
||||
* Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
||||
always be implemented by pthread support. Fix for #696
|
||||
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
|
||||
In case of failure, when an error occures, goto cleanup.
|
||||
Found by redplait #590
|
||||
always be implemented by pthread support. #696
|
||||
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
|
||||
in the case of an error. Found by redplait. #590
|
||||
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
||||
Reported and fix suggested by guidovranken in #740
|
||||
Reported and fix suggested by guidovranken. #740
|
||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||
compilation when using ARM Compiler 6.
|
||||
* Fix a potential integer overflow in the version verification for DER
|
||||
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
|
||||
encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
|
||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||
KNOX Security, Samsung Research America
|
||||
* Fix potential integer overflow in the version verification for DER
|
||||
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
||||
encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
|
||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||
KNOX Security, Samsung Research America
|
||||
* Fix a potential integer overflow in the version verification for DER
|
||||
encoded X509 certificates. The overflow would enable maliciously
|
||||
encoded X.509 certificates. The overflow could enable maliciously
|
||||
constructed certificates to bypass the certificate verification check.
|
||||
* Fix a call to the libc function time() to call the platform abstraction
|
||||
function mbedtls_time() instead. Found by wairua. #666
|
||||
* Avoid shadowing of time and index functions through mbed TLS function
|
||||
arguments. Found by inestlerode. #557.
|
||||
|
||||
Changes
|
||||
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
||||
64-bit division. #708
|
||||
64-bit division. This is useful on embedded platforms where 64-bit division
|
||||
created a dependency on external libraries. #708
|
||||
* Removed mutexes from ECP hardware accelerator code. Now all hardware
|
||||
accelerator code in the library leaves concurrency handling to the
|
||||
platform. Reported by Steven Cooreman. #863
|
||||
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
|
||||
config-no-entropy.h to reduce the RAM footprint.
|
||||
* Added a test script that can be hooked into git that verifies commits
|
||||
before they are pushed.
|
||||
* Improve documentation of PKCS1 decryption functions.
|
||||
|
||||
= mbed TLS 2.5.1 released 2017-06-21
|
||||
|
||||
@ -105,8 +551,7 @@ Bugfix
|
||||
Previous behaviour was to keep processing data even after the alert has
|
||||
been sent.
|
||||
* Accept empty trusted CA chain in authentication mode
|
||||
MBEDTLS_SSL_VERIFY_OPTIONAL.
|
||||
Found by jethrogb. #864
|
||||
MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864
|
||||
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
|
||||
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
||||
reflect bad EC curves within verification result.
|
||||
@ -1308,7 +1753,7 @@ Features
|
||||
issuer_key_identifier, etc)
|
||||
* Optional blinding for RSA, DHM and EC
|
||||
* Support for multiple active certificate / key pairs in SSL servers for
|
||||
the same host (Not to be confused with SNI!)
|
||||
the same host (Not to be confused with SNI!)
|
||||
|
||||
Changes
|
||||
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
|
||||
@ -1539,7 +1984,7 @@ Changes
|
||||
PKCS#8 private key formats
|
||||
* Added mechanism to provide alternative implementations for all
|
||||
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
|
||||
config.h)
|
||||
config.h)
|
||||
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
|
||||
old PBKDF2 module
|
||||
|
||||
@ -1551,7 +1996,7 @@ Bugfix
|
||||
* x509parse_crt() now better handles PEM error situations
|
||||
* ssl_parse_certificate() now calls x509parse_crt_der() directly
|
||||
instead of the x509parse_crt() wrapper that can also parse PEM
|
||||
certificates
|
||||
certificates
|
||||
* x509parse_crtpath() is now reentrant and uses more portable stat()
|
||||
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
|
||||
* Fixed values for 2-key Triple DES in cipher layer
|
||||
@ -1709,7 +2154,7 @@ Bugfix
|
||||
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
|
||||
#52)
|
||||
* Handle encryption with private key and decryption with public key as per
|
||||
RFC 2313
|
||||
RFC 2313
|
||||
* Handle empty certificate subject names
|
||||
* Prevent reading over buffer boundaries on X509 certificate parsing
|
||||
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
||||
@ -1740,7 +2185,7 @@ Bugfix
|
||||
* x509parse_crt() now better handles PEM error situations
|
||||
* ssl_parse_certificate() now calls x509parse_crt_der() directly
|
||||
instead of the x509parse_crt() wrapper that can also parse PEM
|
||||
certificates
|
||||
certificates
|
||||
* Fixed values for 2-key Triple DES in cipher layer
|
||||
* ssl_write_certificate_request() can handle empty ca_chain
|
||||
|
||||
@ -1821,16 +2266,16 @@ Bugfix
|
||||
Features
|
||||
* Added ssl_session_reset() to allow better multi-connection pools of
|
||||
SSL contexts without needing to set all non-connection-specific
|
||||
data and pointers again. Adapted ssl_server to use this functionality.
|
||||
data and pointers again. Adapted ssl_server to use this functionality.
|
||||
* Added ssl_set_max_version() to allow clients to offer a lower maximum
|
||||
supported version to a server to help buggy server implementations.
|
||||
(Closes ticket #36)
|
||||
(Closes ticket #36)
|
||||
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
|
||||
introspection functions (Closes ticket #40)
|
||||
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
|
||||
* Added a generic entropy accumulator that provides support for adding
|
||||
custom entropy sources and added some generic and platform dependent
|
||||
entropy sources
|
||||
entropy sources
|
||||
|
||||
Changes
|
||||
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
|
||||
@ -1963,7 +2408,7 @@ Bugfixes
|
||||
* Corrected parsing of UTCTime dates before 1990 and
|
||||
after 1950
|
||||
* Support more exotic OID's when parsing certificates
|
||||
(found by Mads Kiilerich)
|
||||
(found by Mads Kiilerich)
|
||||
* Support more exotic name representations when parsing
|
||||
certificates (found by Mads Kiilerich)
|
||||
* Replaced the expired test certificates
|
||||
@ -1993,7 +2438,7 @@ Note: Most of these features have been donated by Fox-IT
|
||||
status, objects and configuration
|
||||
+ Added verification callback on certificate chain
|
||||
verification to allow external blacklisting
|
||||
+ Additional example programs to show usage
|
||||
+ Additional example programs to show usage
|
||||
* Added support for PKCS#11 through the use of the
|
||||
libpkcs11-helper library
|
||||
|
||||
|
8
Makefile
8
Makefile
@ -24,12 +24,12 @@ ifndef WINDOWS
|
||||
install: no_test
|
||||
mkdir -p $(DESTDIR)/include/mbedtls
|
||||
cp -r include/mbedtls $(DESTDIR)/include
|
||||
|
||||
|
||||
mkdir -p $(DESTDIR)/lib
|
||||
cp -RP library/libmbedtls.* $(DESTDIR)/lib
|
||||
cp -RP library/libmbedx509.* $(DESTDIR)/lib
|
||||
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
|
||||
|
||||
|
||||
mkdir -p $(DESTDIR)/bin
|
||||
for p in programs/*/* ; do \
|
||||
if [ -x $$p ] && [ ! -d $$p ] ; \
|
||||
@ -44,7 +44,7 @@ uninstall:
|
||||
rm -f $(DESTDIR)/lib/libmbedtls.*
|
||||
rm -f $(DESTDIR)/lib/libmbedx509.*
|
||||
rm -f $(DESTDIR)/lib/libmbedcrypto.*
|
||||
|
||||
|
||||
for p in programs/*/* ; do \
|
||||
if [ -x $$p ] && [ ! -d $$p ] ; \
|
||||
then \
|
||||
@ -103,7 +103,7 @@ lcov:
|
||||
|
||||
apidoc:
|
||||
mkdir -p apidoc
|
||||
doxygen doxygen/mbedtls.doxyfile
|
||||
cd doxygen && doxygen mbedtls.doxyfile
|
||||
|
||||
apidoc_clean:
|
||||
rm -rf apidoc
|
||||
|
113
README.md
113
README.md
@ -1,37 +1,37 @@
|
||||
README for mbed TLS
|
||||
README for Mbed TLS
|
||||
===================
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
|
||||
Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
|
||||
|
||||
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
|
||||
|
||||
Compiling
|
||||
---------
|
||||
|
||||
There are currently four active build systems used within mbed TLS releases:
|
||||
There are currently four active build systems used within Mbed TLS releases:
|
||||
|
||||
- yotta
|
||||
- Make
|
||||
- GNU Make
|
||||
- CMake
|
||||
- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
|
||||
- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
|
||||
|
||||
The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
||||
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
||||
|
||||
Yotta, as a build system, is slightly different from the other build systems:
|
||||
|
||||
- it provides a minimalistic configuration file by default
|
||||
- depending on the yotta target, features of mbed OS may be used in examples and tests
|
||||
- depending on the yotta target, features of Mbed OS may be used in examples and tests
|
||||
|
||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
|
||||
|
||||
### Yotta
|
||||
|
||||
[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
|
||||
[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
|
||||
|
||||
Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with:
|
||||
Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
|
||||
|
||||
yotta install mbedtls
|
||||
|
||||
@ -39,24 +39,26 @@ and build it with:
|
||||
|
||||
yotta build
|
||||
|
||||
If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
|
||||
If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
|
||||
|
||||
yotta/create-module.sh
|
||||
|
||||
This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
|
||||
This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
|
||||
|
||||
cd yotta/module
|
||||
yotta build
|
||||
|
||||
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
|
||||
|
||||
For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
|
||||
For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
|
||||
|
||||
### Make
|
||||
|
||||
We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform.
|
||||
We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools.
|
||||
|
||||
In order to build from the source code using Make, just enter at the command line:
|
||||
We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake.
|
||||
|
||||
In order to build from the source code using GNU Make, just enter at the command line:
|
||||
|
||||
make
|
||||
|
||||
@ -74,17 +76,20 @@ You'll still be able to run a much smaller set of tests with:
|
||||
|
||||
In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
|
||||
|
||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
|
||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
|
||||
|
||||
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
||||
Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
|
||||
|
||||
In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb).
|
||||
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
||||
|
||||
In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb).
|
||||
|
||||
### CMake
|
||||
|
||||
In order to build the source using CMake, just enter at the command line:
|
||||
In order to build the source using CMake in a separate directory (recommended), just enter at the command line:
|
||||
|
||||
cmake .
|
||||
mkdir /path/to/build_dir && cd /path/to/build_dir
|
||||
cmake /path/to/mbedtls_source
|
||||
make
|
||||
|
||||
In order to run the tests, enter:
|
||||
@ -93,7 +98,7 @@ In order to run the tests, enter:
|
||||
|
||||
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
|
||||
|
||||
cmake -DENABLE_TESTING=Off .
|
||||
cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
|
||||
|
||||
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
|
||||
|
||||
@ -101,31 +106,59 @@ If you disabled the test suites, but kept the programs enabled, you can still ru
|
||||
|
||||
To configure CMake for building shared libraries, use:
|
||||
|
||||
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
||||
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source
|
||||
|
||||
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
|
||||
|
||||
- Release. This generates the default code without any unnecessary information in the binary files.
|
||||
- Debug. This generates debug information and disables optimization of the code.
|
||||
- Coverage. This generates code coverage information in addition to debug information.
|
||||
- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
|
||||
- ASanDbg. Same as ASan but slower, with debug information and better stack traces.
|
||||
- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
|
||||
- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
|
||||
- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
|
||||
- `Release`. This generates the default code without any unnecessary information in the binary files.
|
||||
- `Debug`. This generates debug information and disables optimization of the code.
|
||||
- `Coverage`. This generates code coverage information in addition to debug information.
|
||||
- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
|
||||
- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces.
|
||||
- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
|
||||
- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
|
||||
- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
|
||||
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line:
|
||||
|
||||
cmake -D CMAKE_BUILD_TYPE=Debug .
|
||||
cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source
|
||||
|
||||
To list other available CMake options, use:
|
||||
|
||||
cmake -LH
|
||||
|
||||
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find):
|
||||
Note that, with CMake, you can't adjust the compiler or its flags after the
|
||||
initial invocation of cmake. This means that `CC=your_cc make` and `make
|
||||
CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
|
||||
These variables need to be adjusted when invoking cmake for the first time,
|
||||
for example:
|
||||
|
||||
CC=your_cc cmake /path/to/mbedtls_source
|
||||
|
||||
If you already invoked cmake and want to change those settings, you need to
|
||||
remove the build directory and create it again.
|
||||
|
||||
Note that it is possible to build in-place; this will however overwrite the
|
||||
provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to
|
||||
prevent `git status` from showing them as modified). In order to do so, from
|
||||
the Mbed TLS source directory, use:
|
||||
|
||||
cmake .
|
||||
make
|
||||
|
||||
If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the
|
||||
CMake cache. This can be done with the following command using GNU find:
|
||||
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
|
||||
|
||||
You can now make the desired change:
|
||||
|
||||
CC=your_cc cmake .
|
||||
make
|
||||
|
||||
Regarding variables, also note that if you set CFLAGS when invoking cmake,
|
||||
your value of CFLAGS doesn't override the content provided by cmake (depending
|
||||
on the build mode as seen above), it's merely prepended to it.
|
||||
|
||||
### Microsoft Visual Studio
|
||||
|
||||
@ -141,7 +174,7 @@ We've included example programs for a lot of different features and uses in `pro
|
||||
Tests
|
||||
-----
|
||||
|
||||
mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
|
||||
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
|
||||
|
||||
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
|
||||
|
||||
@ -156,14 +189,14 @@ Configurations
|
||||
|
||||
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
|
||||
|
||||
Porting mbed TLS
|
||||
Porting Mbed TLS
|
||||
----------------
|
||||
|
||||
mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
|
||||
Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
|
||||
|
||||
- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
|
||||
- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
|
||||
- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
|
||||
- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
|
||||
- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
|
||||
- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
|
||||
|
||||
Contributing
|
||||
------------
|
||||
@ -174,12 +207,12 @@ We gratefully accept bug reports and contributions from the community. There are
|
||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
|
||||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||
|
||||
To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
|
||||
To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||
|
||||
### Making a Contribution
|
||||
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
3. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
|
||||
|
||||
|
@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of
|
||||
them, you can pick one of the following methods:
|
||||
|
||||
1. Replace the default file include/mbedtls/config.h with the chosen one.
|
||||
(Depending on your compiler, you may need to ajust the line with
|
||||
(Depending on your compiler, you may need to adjust the line with
|
||||
#include "mbedtls/check_config.h" then.)
|
||||
|
||||
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
|
||||
|
@ -1,6 +1,9 @@
|
||||
/*
|
||||
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
|
||||
/**
|
||||
* \file config-ccm-psk-tls1_2.h
|
||||
*
|
||||
* \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,6 +1,9 @@
|
||||
/*
|
||||
* Minimal configuration for TLS 1.1 (RFC 4346)
|
||||
/**
|
||||
* \file config-mini-tls1_1.h
|
||||
*
|
||||
* \brief Minimal configuration for TLS 1.1 (RFC 4346)
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* Minimal configuration of features that do not require an entropy source
|
||||
* \file config-no-entropy.h
|
||||
*
|
||||
* \brief Minimal configuration of features that do not require an entropy source
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -79,6 +82,7 @@
|
||||
#define MBEDTLS_X509_USE_C
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
#define MBEDTLS_X509_CRL_PARSE_C
|
||||
//#define MBEDTLS_CMAC_C
|
||||
|
||||
/* Miscellaneous options */
|
||||
#define MBEDTLS_AES_ROM_TABLES
|
||||
|
@ -1,71 +0,0 @@
|
||||
/*
|
||||
* Reduced configuration used by Picocoin.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* Reduced configuration used by Picocoin.
|
||||
*
|
||||
* See README.txt for usage instructions.
|
||||
*
|
||||
* Distinguishing features:
|
||||
* - no SSL/TLS;
|
||||
* - no X.509;
|
||||
* - ECDSA/PK and some other chosen crypto bits.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_H
|
||||
#define MBEDTLS_CONFIG_H
|
||||
|
||||
/* System support */
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
#define MBEDTLS_HAVE_TIME
|
||||
|
||||
/* mbed TLS feature support */
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
#define MBEDTLS_ECDSA_DETERMINISTIC
|
||||
#define MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
#define MBEDTLS_ERROR_STRERROR_DUMMY
|
||||
#define MBEDTLS_FS_IO
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AESNI_C
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#define MBEDTLS_BASE64_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PADLOCK_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_RIPEMD160_C
|
||||
#define MBEDTLS_SHA1_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
@ -1,6 +1,9 @@
|
||||
/*
|
||||
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
|
||||
/**
|
||||
* \file config-suite-b.h
|
||||
*
|
||||
* \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,6 +1,9 @@
|
||||
/*
|
||||
* Minimal configuration for using TLS as part of Thread
|
||||
/**
|
||||
* \file config-thread.h
|
||||
*
|
||||
* \brief Minimal configuration for using TLS as part of Thread
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* Encryption/decryption module documentation file.
|
||||
* \file doc_encdec.h
|
||||
*
|
||||
* \brief Encryption/decryption module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* Hashing module documentation file.
|
||||
* \file doc_hashing.h
|
||||
*
|
||||
* \brief Hashing module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* Main page documentation file.
|
||||
* \file doc_mainpage.h
|
||||
*
|
||||
* \brief Main page documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
@ -21,7 +24,7 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.5.1 source code documentation
|
||||
* @mainpage mbed TLS v2.10.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* Random number generator (RNG) module documentation file.
|
||||
* \file doc_rng.h
|
||||
*
|
||||
* \brief Random number generator (RNG) module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* SSL/TLS communication module documentation file.
|
||||
* \file doc_ssltls.h
|
||||
*
|
||||
* \brief SSL/TLS communication module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* TCP/IP communication module documentation file.
|
||||
* \file doc_tcpip.h
|
||||
*
|
||||
* \brief TCP/IP communication module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -1,6 +1,9 @@
|
||||
/**
|
||||
* @file
|
||||
* X.509 module documentation file.
|
||||
* \file doc_x509.h
|
||||
*
|
||||
* \brief X.509 module documentation file.
|
||||
*/
|
||||
/*
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
||||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.5.1"
|
||||
PROJECT_NAME = "mbed TLS v2.10.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
@ -54,7 +54,7 @@ PROJECT_LOGO =
|
||||
# If a relative path is entered, it will be relative to the location
|
||||
# where doxygen was started. If left blank the current directory will be used.
|
||||
|
||||
OUTPUT_DIRECTORY = apidoc/
|
||||
OUTPUT_DIRECTORY = ../apidoc/
|
||||
|
||||
# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
|
||||
# 4096 sub-directories (in 2 levels) under the output directory of each output
|
||||
@ -165,7 +165,7 @@ SHORT_NAMES = NO
|
||||
# comments will behave just like regular Qt-style comments
|
||||
# (thus requiring an explicit @brief command for a brief description.)
|
||||
|
||||
JAVADOC_AUTOBRIEF = YES
|
||||
JAVADOC_AUTOBRIEF = NO
|
||||
|
||||
# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
|
||||
# interpret the first line (until the first dot) of a Qt-style
|
||||
@ -664,7 +664,7 @@ WARN_LOGFILE =
|
||||
# directories like "/usr/src/myproject". Separate the files or directories
|
||||
# with spaces.
|
||||
|
||||
INPUT = .
|
||||
INPUT = ..
|
||||
|
||||
# This tag can be used to specify the character encoding of the source files
|
||||
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
|
||||
@ -696,13 +696,13 @@ RECURSIVE = YES
|
||||
# Note that relative paths are relative to the directory from which doxygen is
|
||||
# run.
|
||||
|
||||
EXCLUDE = configs yotta/module
|
||||
EXCLUDE = ../configs ../yotta/module
|
||||
|
||||
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
|
||||
# directories that are symbolic links (a Unix file system feature) are excluded
|
||||
# from the input.
|
||||
|
||||
EXCLUDE_SYMLINKS = NO
|
||||
EXCLUDE_SYMLINKS = YES
|
||||
|
||||
# If the value of the INPUT tag contains directories, you can use the
|
||||
# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
|
||||
|
@ -9,3 +9,8 @@ if(INSTALL_MBEDTLS_HEADERS)
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
|
||||
|
||||
endif(INSTALL_MBEDTLS_HEADERS)
|
||||
|
||||
# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
|
||||
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
link_to_source(mbedtls)
|
||||
endif()
|
||||
|
@ -1,9 +1,21 @@
|
||||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief AES block cipher
|
||||
* \brief This file contains AES definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Advanced Encryption Standard (AES) specifies a FIPS-approved
|
||||
* cryptographic algorithm that can be used to protect electronic
|
||||
* data.
|
||||
*
|
||||
* The AES algorithm is a symmetric block cipher that can
|
||||
* encrypt and decrypt information. For more information, see
|
||||
* <em>FIPS Publication 197: Advanced Encryption Standard</em> and
|
||||
* <em>ISO/IEC 18033-2:2006: Information technology -- Security
|
||||
* techniques -- Encryption algorithms -- Part 2: Asymmetric
|
||||
* ciphers</em>.
|
||||
*/
|
||||
|
||||
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,8 +30,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AES_H
|
||||
#define MBEDTLS_AES_H
|
||||
|
||||
@ -33,88 +46,121 @@
|
||||
#include <stdint.h>
|
||||
|
||||
/* padlock.c and aesni.c rely on these values! */
|
||||
#define MBEDTLS_AES_ENCRYPT 1
|
||||
#define MBEDTLS_AES_DECRYPT 0
|
||||
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
|
||||
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
|
||||
|
||||
/* Error codes in range 0x0020-0x0022 */
|
||||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
/* Error codes in range 0x0021-0x0025 */
|
||||
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
|
||||
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
|
||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief AES context structure
|
||||
*
|
||||
* \note buf is able to hold 32 extra bytes, which can be used:
|
||||
* - for alignment purposes if VIA padlock is used, and/or
|
||||
* - to simplify key expansion in the 256-bit case by
|
||||
* generating an extra round key
|
||||
* \brief The AES context-type definition.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int nr; /*!< number of rounds */
|
||||
uint32_t *rk; /*!< AES round keys */
|
||||
uint32_t buf[68]; /*!< unaligned data */
|
||||
int nr; /*!< The number of rounds. */
|
||||
uint32_t *rk; /*!< AES round keys. */
|
||||
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
|
||||
hold 32 extra Bytes, which can be used for
|
||||
one of the following purposes:
|
||||
<ul><li>Alignment if VIA padlock is
|
||||
used.</li>
|
||||
<li>Simplifying key expansion in the 256-bit
|
||||
case by generating an extra round key.
|
||||
</li></ul> */
|
||||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize AES context
|
||||
* \brief This function initializes the specified AES context.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The AES context to initialize.
|
||||
*/
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear AES context
|
||||
* \brief This function releases and clears the specified AES context.
|
||||
*
|
||||
* \param ctx AES context to be cleared
|
||||
* \param ctx The AES context to clear.
|
||||
*/
|
||||
void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (encryption)
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (decryption)
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The AES context to which the key should be bound.
|
||||
* \param key The decryption key.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES-ECB block encryption/decryption
|
||||
* \brief This function performs an AES single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
* It performs the operation defined in the \p mode parameter
|
||||
* (encrypt or decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
|
||||
* mbedtls_aes_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
@ -123,26 +169,41 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief AES-CBC buffer encryption/decryption
|
||||
* Length should be a multiple of the block
|
||||
* size (16 bytes)
|
||||
* \brief This function performs an AES-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aes_init(), and either
|
||||
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the AES block size of 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
@ -154,29 +215,38 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief AES-CFB128 buffer encryption/decryption.
|
||||
* \brief This function performs an AES-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv_off offset in IV (updated after use)
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
@ -187,28 +257,36 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief AES-CFB8 buffer encryption/decryption.
|
||||
* \brief This function performs an AES-CFB8 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined
|
||||
* in the \p input parameter.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
* Due to the nature of CFB, you must use the same key schedule for
|
||||
* both encryption and decryption operations. Therefore, you must
|
||||
* use the context initialized with mbedtls_aes_setkey_enc() for
|
||||
* both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
|
||||
* #MBEDTLS_AES_DECRYPT
|
||||
* \param length The length of the input data.
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
@ -220,26 +298,74 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief AES-CTR buffer encryption/decryption
|
||||
* \brief This function performs an AES-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aes_setkey_enc()
|
||||
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream-block for resuming. Is overwritten
|
||||
* by the function.
|
||||
* \param input The input data stream
|
||||
* \param output The output data stream
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an AES block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The AES context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
@ -251,30 +377,30 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
/**
|
||||
* \brief Internal AES block encryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_ENCRYPT_ALT)
|
||||
* \brief Internal AES block encryption function. This is only
|
||||
* exposed to allow overriding it using
|
||||
* \c MBEDTLS_AES_ENCRYPT_ALT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input The plaintext block.
|
||||
* \param output The output (ciphertext) block.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal AES block decryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_DECRYPT_ALT)
|
||||
* \brief Internal AES block decryption function. This is only
|
||||
* exposed to allow overriding it using see
|
||||
* \c MBEDTLS_AES_DECRYPT_ALT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input The ciphertext block.
|
||||
* \param output The output (plaintext) block.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
@ -290,11 +416,11 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
* \brief Deprecated internal AES block encryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
* \param ctx The AES context to use for encryption.
|
||||
* \param input Plaintext block.
|
||||
* \param output Output (ciphertext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
@ -304,11 +430,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
* \brief Deprecated internal AES block decryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
* \param ctx The AES context to use for decryption.
|
||||
* \param input Ciphertext block.
|
||||
* \param output Output (plaintext) block.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
@ -317,22 +443,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file aesni.h
|
||||
*
|
||||
* \brief AES-NI for hardware AES acceleration on some Intel processors
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -3,6 +3,10 @@
|
||||
*
|
||||
* \brief The ARCFOUR stream cipher
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -19,6 +23,7 @@
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_ARC4_H
|
||||
#define MBEDTLS_ARC4_H
|
||||
@ -31,16 +36,22 @@
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ARC4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief ARC4 context structure
|
||||
* \brief ARC4 context structure
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
@ -50,10 +61,19 @@ typedef struct
|
||||
}
|
||||
mbedtls_arc4_context;
|
||||
|
||||
#else /* MBEDTLS_ARC4_ALT */
|
||||
#include "arc4_alt.h"
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be initialized
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
|
||||
|
||||
@ -61,6 +81,11 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
|
||||
* \brief Clear ARC4 context
|
||||
*
|
||||
* \param ctx ARC4 context to be cleared
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
|
||||
|
||||
@ -70,6 +95,11 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
|
||||
* \param ctx ARC4 context to be setup
|
||||
* \param key the secret key
|
||||
* \param keylen length of the key, in bytes
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
||||
unsigned int keylen );
|
||||
@ -83,26 +113,24 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
|
||||
* \param output buffer for the output data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_ARC4_ALT */
|
||||
#include "arc4_alt.h"
|
||||
#endif /* MBEDTLS_ARC4_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_arc4_self_test( int verbose );
|
||||
|
||||
|
331
include/mbedtls/aria.h
Normal file
331
include/mbedtls/aria.h
Normal file
@ -0,0 +1,331 @@
|
||||
/**
|
||||
* \file aria.h
|
||||
*
|
||||
* \brief ARIA block cipher
|
||||
*
|
||||
* The ARIA algorithm is a symmetric block cipher that can encrypt and
|
||||
* decrypt information. It is defined by the Korean Agency for
|
||||
* Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
|
||||
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
|
||||
* and also described by the IETF in <em>RFC 5794</em>.
|
||||
*/
|
||||
/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ARIA_H
|
||||
#define MBEDTLS_ARIA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
|
||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
|
||||
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
|
||||
|
||||
#if !defined(MBEDTLS_ARIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The ARIA context-type definition.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
|
||||
/*! The ARIA round keys. */
|
||||
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
|
||||
}
|
||||
mbedtls_aria_context;
|
||||
|
||||
#else /* MBEDTLS_ARIA_ALT */
|
||||
#include "aria_alt.h"
|
||||
#endif /* MBEDTLS_ARIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief This function initializes the specified ARIA context.
|
||||
*
|
||||
* It must be the first API called before using
|
||||
* the context.
|
||||
*
|
||||
* \param ctx The ARIA context to initialize.
|
||||
*/
|
||||
void mbedtls_aria_init( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ARIA context.
|
||||
*
|
||||
* \param ctx The ARIA context to clear.
|
||||
*/
|
||||
void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the encryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The size of data passed in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function sets the decryption key.
|
||||
*
|
||||
* \param ctx The ARIA context to which the key should be bound.
|
||||
* \param key The decryption key.
|
||||
* \param keybits The size of data passed. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief This function performs an ARIA single-block encryption or
|
||||
* decryption operation.
|
||||
*
|
||||
* It performs encryption or decryption (depending on whether
|
||||
* the key was set for encryption on decryption) on the input
|
||||
* data buffer defined in the \p input parameter.
|
||||
*
|
||||
* mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
|
||||
* mbedtls_aria_setkey_dec() must be called before the first
|
||||
* call to this API with the same context.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param input The 16-Byte buffer holding the input data.
|
||||
* \param output The 16-Byte buffer holding the output data.
|
||||
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
|
||||
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CBC encryption or decryption operation
|
||||
* on full blocks.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer defined in
|
||||
* the \p input parameter.
|
||||
*
|
||||
* It can be called as many times as needed, until all the input
|
||||
* data is processed. mbedtls_aria_init(), and either
|
||||
* mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
|
||||
* before the first call to this API with the same context.
|
||||
*
|
||||
* \note This function operates on aligned blocks, that is, the input size
|
||||
* must be a multiple of the ARIA block size of 16 Bytes.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the IV, you should
|
||||
* either save it manually or use the cipher module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* \param length The length of the input data in Bytes. This must be a
|
||||
* multiple of the block size (16 Bytes).
|
||||
* \param iv Initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CFB128 encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* It performs the operation defined in the \p mode
|
||||
* parameter (encrypt or decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
|
||||
* regardless of whether you are performing an encryption or decryption
|
||||
* operation, that is, regardless of the \p mode parameter. This is
|
||||
* because CFB mode uses the same key schedule for encryption and
|
||||
* decryption.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the same function again on the next
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If you need to retain the contents of the
|
||||
* IV, you must either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
|
||||
* #MBEDTLS_ARIA_DECRYPT.
|
||||
* \param length The length of the input data.
|
||||
* \param iv_off The offset in IV (updated after use).
|
||||
* \param iv The initialization vector (updated after use).
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief This function performs an ARIA-CTR encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* This function performs the operation defined in the \p mode
|
||||
* parameter (encrypt/decrypt), on the input data buffer
|
||||
* defined in the \p input parameter.
|
||||
*
|
||||
* Due to the nature of CTR, you must use the same key schedule
|
||||
* for both encryption and decryption operations. Therefore, you
|
||||
* must use the context initialized with mbedtls_aria_setkey_enc()
|
||||
* for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that an ARIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx The ARIA context to use for encryption or decryption.
|
||||
* \param length The length of the input data.
|
||||
* \param nc_off The offset in the current \p stream_block, for
|
||||
* resuming within the current cipher stream. The
|
||||
* offset pointer should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream block for resuming. This is
|
||||
* overwritten by the function.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_aria_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* aria.h */
|
@ -2,7 +2,8 @@
|
||||
* \file asn1.h
|
||||
*
|
||||
* \brief Generic ASN.1 parsing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -59,7 +60,7 @@
|
||||
|
||||
/**
|
||||
* \name DER constants
|
||||
* These constants comply with DER encoded the ANS1 type tags.
|
||||
* These constants comply with the DER encoded ASN.1 type tags.
|
||||
* DER encoding uses hexadecimal representation.
|
||||
* An example DER sequence is:\n
|
||||
* - 0x02 -- tag indicating INTEGER
|
||||
@ -87,6 +88,21 @@
|
||||
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
||||
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
||||
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||
|
||||
/*
|
||||
* Bit masks for each of the components of an ASN.1 tag as specified in
|
||||
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
|
||||
* paragraph 8.1.2.2:
|
||||
*
|
||||
* Bit 8 7 6 5 1
|
||||
* +-------+-----+------------+
|
||||
* | Class | P/C | Tag number |
|
||||
* +-------+-----+------------+
|
||||
*/
|
||||
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
||||
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup asn1_module */
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file asn1write.h
|
||||
*
|
||||
* \brief ASN.1 buffer writing functionality
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file base64.h
|
||||
*
|
||||
* \brief RFC 1521 base64 encoding/decoding
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,8 +1,9 @@
|
||||
/**
|
||||
* \file bignum.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -70,7 +71,7 @@
|
||||
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
|
||||
* ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
|
||||
*
|
||||
* Note: Calculations can results temporarily in larger MPIs. So the number
|
||||
* Note: Calculations can temporarily result in larger MPIs. So the number
|
||||
* of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
|
||||
*/
|
||||
#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
|
||||
@ -203,6 +204,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X );
|
||||
/**
|
||||
* \brief Enlarge to the specified number of limbs
|
||||
*
|
||||
* This function does nothing if the MPI is already large enough.
|
||||
*
|
||||
* \param X MPI to grow
|
||||
* \param nblimbs The target number of limbs
|
||||
*
|
||||
@ -214,19 +217,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
|
||||
/**
|
||||
* \brief Resize down, keeping at least the specified number of limbs
|
||||
*
|
||||
* If \c X is smaller than \c nblimbs, it is resized up
|
||||
* instead.
|
||||
*
|
||||
* \param X MPI to shrink
|
||||
* \param nblimbs The minimum number of limbs to keep
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* (this can only happen when resizing up).
|
||||
*/
|
||||
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
|
||||
|
||||
/**
|
||||
* \brief Copy the contents of Y into X
|
||||
*
|
||||
* \param X Destination MPI
|
||||
* \param Y Source MPI
|
||||
* \param X Destination MPI. It is enlarged if necessary.
|
||||
* \param Y Source MPI.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
@ -683,6 +690,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
*
|
||||
* \note The bytes obtained from the PRNG are interpreted
|
||||
* as a big-endian representation of an MPI; this can
|
||||
* be relevant in applications like deterministic ECDSA.
|
||||
*/
|
||||
int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file blowfish.h
|
||||
*
|
||||
* \brief Blowfish block cipher
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -40,16 +41,17 @@
|
||||
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BLOWFISH_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief Blowfish context structure
|
||||
*/
|
||||
@ -60,6 +62,10 @@ typedef struct
|
||||
}
|
||||
mbedtls_blowfish_context;
|
||||
|
||||
#else /* MBEDTLS_BLOWFISH_ALT */
|
||||
#include "blowfish_alt.h"
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize Blowfish context
|
||||
*
|
||||
@ -168,7 +174,46 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
||||
/**
|
||||
* \brief Blowfish-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**64
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 4 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 4 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**32 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a Blowfish block is 8 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx Blowfish context
|
||||
* \param length The length of the data
|
||||
@ -196,8 +241,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_BLOWFISH_ALT */
|
||||
#include "blowfish_alt.h"
|
||||
#endif /* MBEDTLS_BLOWFISH_ALT */
|
||||
|
||||
#endif /* blowfish.h */
|
||||
|
@ -1,8 +1,9 @@
|
||||
/**
|
||||
* \file bn_mul.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -520,7 +521,7 @@
|
||||
"swi r3, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "r3", "r4" "r5", "r6", "r7", "r8", \
|
||||
: "r3", "r4", "r5", "r6", "r7", "r8", \
|
||||
"r9", "r10", "r11", "r12", "r13" \
|
||||
);
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file camellia.h
|
||||
*
|
||||
* \brief Camellia block cipher
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -37,15 +38,16 @@
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CAMELLIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief CAMELLIA context structure
|
||||
*/
|
||||
@ -56,6 +58,10 @@ typedef struct
|
||||
}
|
||||
mbedtls_camellia_context;
|
||||
|
||||
#else /* MBEDTLS_CAMELLIA_ALT */
|
||||
#include "camellia_alt.h"
|
||||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize CAMELLIA context
|
||||
*
|
||||
@ -181,12 +187,54 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
||||
/**
|
||||
* \brief CAMELLIA-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
|
||||
*
|
||||
* \warning You must never reuse a nonce value with the same key. Doing so
|
||||
* would void the encryption for the two messages encrypted with
|
||||
* the same nonce and key.
|
||||
*
|
||||
* There are two common strategies for managing nonces with CTR:
|
||||
*
|
||||
* 1. You can handle everything as a single message processed over
|
||||
* successive calls to this function. In that case, you want to
|
||||
* set \p nonce_counter and \p nc_off to 0 for the first call, and
|
||||
* then preserve the values of \p nonce_counter, \p nc_off and \p
|
||||
* stream_block across calls to this function as they will be
|
||||
* updated by this function.
|
||||
*
|
||||
* With this strategy, you must not encrypt more than 2**128
|
||||
* blocks of data with the same key.
|
||||
*
|
||||
* 2. You can encrypt separate messages by dividing the \p
|
||||
* nonce_counter buffer in two areas: the first one used for a
|
||||
* per-message nonce, handled by yourself, and the second one
|
||||
* updated by this function internally.
|
||||
*
|
||||
* For example, you might reserve the first 12 bytes for the
|
||||
* per-message nonce, and the last 4 bytes for internal use. In that
|
||||
* case, before calling this function on a new message you need to
|
||||
* set the first 12 bytes of \p nonce_counter to your chosen nonce
|
||||
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
|
||||
* stream_block to be ignored). That way, you can encrypt at most
|
||||
* 2**96 messages of up to 2**32 blocks each with the same key.
|
||||
*
|
||||
* The per-message nonce (or information sufficient to reconstruct
|
||||
* it) needs to be communicated with the ciphertext and must be unique.
|
||||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter. An alternative is to generate random nonces, but this
|
||||
* limits the number of messages that can be securely encrypted:
|
||||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* that a CAMELLIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
* content must not be written to insecure storage and should be
|
||||
* securely discarded as soon as it's no longer needed.
|
||||
*
|
||||
* \param ctx CAMELLIA context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
@ -209,18 +257,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_CAMELLIA_ALT */
|
||||
#include "camellia_alt.h"
|
||||
#endif /* MBEDTLS_CAMELLIA_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
@ -1,9 +1,22 @@
|
||||
/**
|
||||
* \file ccm.h
|
||||
*
|
||||
* \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
|
||||
* \brief This file provides an API for the CCM authenticated encryption
|
||||
* mode for block ciphers.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
*
|
||||
* Input to CCM includes the following elements:
|
||||
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
|
||||
* <li>Associated data (Adata) - data that is authenticated but not
|
||||
* encrypted, For example, a header.</li>
|
||||
* <li>Nonce - A unique value that is assigned to the payload and the
|
||||
* associated data.</li></ul>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,46 +31,60 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CCM_H
|
||||
#define MBEDTLS_CCM_H
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
|
||||
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CCM_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief CCM context structure
|
||||
* \brief The CCM context-type definition. The CCM context is passed
|
||||
* to the APIs called.
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
}
|
||||
mbedtls_ccm_context;
|
||||
|
||||
#else /* MBEDTLS_CCM_ALT */
|
||||
#include "ccm_alt.h"
|
||||
#endif /* MBEDTLS_CCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize CCM context (just makes references valid)
|
||||
* Makes the context ready for mbedtls_ccm_setkey() or
|
||||
* mbedtls_ccm_free().
|
||||
* \brief This function initializes the specified CCM context,
|
||||
* to make references valid, and prepare the context
|
||||
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
|
||||
*
|
||||
* \param ctx CCM context to initialize
|
||||
* \param ctx The CCM context to initialize.
|
||||
*/
|
||||
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CCM initialization (encryption and decryption)
|
||||
* \brief This function initializes the CCM context set in the
|
||||
* \p ctx parameter and sets the encryption key.
|
||||
*
|
||||
* \param ctx CCM context to be initialized
|
||||
* \param cipher cipher to use (a 128-bit block cipher)
|
||||
* \param key encryption key
|
||||
* \param keybits key size in bits (must be acceptable by the cipher)
|
||||
* \param ctx The CCM context to initialize.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
@ -65,36 +92,39 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief Free a CCM context and underlying cipher sub-context
|
||||
* \brief This function releases and clears the specified CCM context
|
||||
* and underlying cipher sub-context.
|
||||
*
|
||||
* \param ctx CCM context to free
|
||||
* \param ctx The CCM context to clear.
|
||||
*/
|
||||
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CCM buffer encryption
|
||||
* \brief This function encrypts a buffer using CCM.
|
||||
*
|
||||
* \param ctx CCM context
|
||||
* \param length length of the input data in bytes
|
||||
* \param iv nonce (initialization vector)
|
||||
* \param iv_len length of IV in bytes
|
||||
* must be 2, 3, 4, 5, 6, 7 or 8
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data in bytes
|
||||
* must be less than 2^16 - 2^8
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* must be at least 'length' bytes wide
|
||||
* \param tag buffer for holding the tag
|
||||
* \param tag_len length of the tag to generate in bytes
|
||||
* must be 4, 6, 8, 10, 14 or 16
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To get the tag
|
||||
* concatenated with the output as in the CCM spec, use
|
||||
* tag = output + length and make sure the output buffer is
|
||||
* at least length + tag_len wide.
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
|
||||
* \param add The additional data field.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
@ -103,21 +133,26 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief CCM buffer authenticated decryption
|
||||
* \brief This function performs a CCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \param ctx CCM context
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param tag buffer holding the tag
|
||||
* \param tag_len length of the tag
|
||||
* \param ctx The CCM context to use for decryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector.
|
||||
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
|
||||
* \param add The additional data field.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag in Bytes.
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return 0 if successful and authenticated,
|
||||
* MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
|
||||
* \return \c 0 on success. This indicates that the message is authentic.
|
||||
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return A cipher-specific error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
@ -125,11 +160,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CCM checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ccm_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file certs.h
|
||||
*
|
||||
* \brief Sample certificates and DHM parameters for testing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file check_config.h
|
||||
*
|
||||
* \brief Consistency checks for configuration options
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -77,6 +78,10 @@
|
||||
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C) && \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
|
||||
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -4,7 +4,8 @@
|
||||
* \brief Cipher wrappers.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,10 +1,13 @@
|
||||
/**
|
||||
* \file cmac.h
|
||||
*
|
||||
* \brief Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication
|
||||
* \brief This file contains CMAC definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2015-2016, ARM Limited, All Rights Reserved
|
||||
* The Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -19,8 +22,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
@ -30,106 +34,132 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_AES_BLOCK_SIZE 16
|
||||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CMAC_ALT)
|
||||
|
||||
/**
|
||||
* CMAC context structure - Contains internal state information only
|
||||
* The CMAC context structure.
|
||||
*/
|
||||
struct mbedtls_cmac_context_t
|
||||
{
|
||||
/** Internal state of the CMAC algorithm */
|
||||
/** The internal state of the CMAC algorithm. */
|
||||
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Unprocessed data - either data that was not block aligned and is still
|
||||
* pending to be processed, or the final block */
|
||||
* pending processing, or the final block. */
|
||||
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Length of data pending to be processed */
|
||||
/** The length of data pending processing. */
|
||||
size_t unprocessed_len;
|
||||
};
|
||||
|
||||
#else /* !MBEDTLS_CMAC_ALT */
|
||||
#include "cmac_alt.h"
|
||||
#endif /* !MBEDTLS_CMAC_ALT */
|
||||
|
||||
/**
|
||||
* \brief Set the CMAC key and prepare to authenticate the input
|
||||
* data.
|
||||
* Should be called with an initialized cipher context.
|
||||
* \brief This function sets the CMAC key, and prepares to authenticate
|
||||
* the input data.
|
||||
* Must be called with an initialized cipher context.
|
||||
*
|
||||
* \param ctx Cipher context. This should be a cipher context,
|
||||
* initialized to be one of the following types:
|
||||
* MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
|
||||
* MBEDTLS_CIPHER_AES_256_ECB or
|
||||
* MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||
* \param key CMAC key
|
||||
* \param keybits length of the CMAC key in bits
|
||||
* (must be acceptable by the cipher)
|
||||
* \param ctx The cipher context used for the CMAC operation, initialized
|
||||
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
|
||||
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
|
||||
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
|
||||
* \param key The CMAC key.
|
||||
* \param keybits The length of the CMAC key in bits.
|
||||
* Must be supported by the cipher.
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key, size_t keybits );
|
||||
|
||||
/**
|
||||
* \brief Generic CMAC process buffer.
|
||||
* Called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing CMAC
|
||||
* computation.
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* It is called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
|
||||
* Can be called repeatedly.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output CMAC.
|
||||
* Called after mbedtls_cipher_cmac_update().
|
||||
* Usually followed by mbedtls_cipher_cmac_reset(), then
|
||||
* mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free().
|
||||
* \brief This function finishes the CMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param output Generic CMAC checksum result
|
||||
* It is called after mbedtls_cipher_cmac_update().
|
||||
* It can be followed by mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
* \param output The output buffer for the CMAC checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_cipher_cmac_finish() and before
|
||||
* mbedtls_cipher_cmac_update().
|
||||
* \brief This function prepares the authentication of another
|
||||
* message with the same key as the previous CMAC
|
||||
* operation.
|
||||
*
|
||||
* \param ctx CMAC context to be reset
|
||||
* It is called after mbedtls_cipher_cmac_finish()
|
||||
* and before mbedtls_cipher_cmac_update().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The cipher context used for the CMAC operation.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_CMAC( cmac key, input buffer )
|
||||
* \brief This function calculates the full generic CMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* \param cipher_info message digest info
|
||||
* \param key CMAC key
|
||||
* \param keylen length of the CMAC key in bits
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic CMAC-result
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* The CMAC result is calculated as
|
||||
* output = generic CMAC(cmac key, input buffer).
|
||||
*
|
||||
*
|
||||
* \param cipher_info The cipher information.
|
||||
* \param key The CMAC key.
|
||||
* \param keylen The length of the CMAC key in bits.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The buffer for the generic CMAC result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
const unsigned char *key, size_t keylen,
|
||||
@ -138,16 +168,21 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief AES-CMAC-128-PRF
|
||||
* Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615
|
||||
* \brief This function implements the AES-CMAC-PRF-128 pseudorandom
|
||||
* function, as defined in
|
||||
* <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
|
||||
* Message Authentication Code-Pseudo-Random Function-128
|
||||
* (AES-CMAC-PRF-128) Algorithm for the Internet Key
|
||||
* Exchange Protocol (IKE).</em>
|
||||
*
|
||||
* \param key PRF key
|
||||
* \param key_len PRF key length in bytes
|
||||
* \param input buffer holding the input data
|
||||
* \param in_len length of the input data in bytes
|
||||
* \param output buffer holding the generated pseudorandom output (16 bytes)
|
||||
* \param key The key to use.
|
||||
* \param key_len The key length in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param in_len The length of the input data in Bytes.
|
||||
* \param output The buffer holding the generated 16 Bytes of
|
||||
* pseudorandom output.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
||||
const unsigned char *input, size_t in_len,
|
||||
@ -156,9 +191,10 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CMAC checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_cmac_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
|
@ -5,7 +5,8 @@
|
||||
* for the PolarSSL naming conventions.
|
||||
*
|
||||
* \deprecated Use the new names directly instead
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -6,7 +6,8 @@
|
||||
* This set of compile-time options may be used to enable
|
||||
* or disable features selectively, and reduce the global
|
||||
* memory footprint.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -47,10 +48,14 @@
|
||||
* Requires support for asm() in compiler.
|
||||
*
|
||||
* Used in:
|
||||
* library/aria.c
|
||||
* library/timing.c
|
||||
* library/padlock.c
|
||||
* include/mbedtls/bn_mul.h
|
||||
*
|
||||
* Required by:
|
||||
* MBEDTLS_AESNI_C
|
||||
* MBEDTLS_PADLOCK_C
|
||||
*
|
||||
* Comment to disable the use of assembly code.
|
||||
*/
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
@ -261,20 +266,34 @@
|
||||
*
|
||||
* Uncomment a macro to enable alternate implementation of the corresponding
|
||||
* module.
|
||||
*
|
||||
* \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
|
||||
* use constitutes a security risk. If possible, we recommend
|
||||
* avoiding dependencies on them, and considering stronger message
|
||||
* digests and ciphers instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_ALT
|
||||
//#define MBEDTLS_ARC4_ALT
|
||||
//#define MBEDTLS_ARIA_ALT
|
||||
//#define MBEDTLS_BLOWFISH_ALT
|
||||
//#define MBEDTLS_CAMELLIA_ALT
|
||||
//#define MBEDTLS_CCM_ALT
|
||||
//#define MBEDTLS_CMAC_ALT
|
||||
//#define MBEDTLS_DES_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
//#define MBEDTLS_DHM_ALT
|
||||
//#define MBEDTLS_ECJPAKE_ALT
|
||||
//#define MBEDTLS_GCM_ALT
|
||||
//#define MBEDTLS_MD2_ALT
|
||||
//#define MBEDTLS_MD4_ALT
|
||||
//#define MBEDTLS_MD5_ALT
|
||||
//#define MBEDTLS_RIPEMD160_ALT
|
||||
//#define MBEDTLS_RSA_ALT
|
||||
//#define MBEDTLS_SHA1_ALT
|
||||
//#define MBEDTLS_SHA256_ALT
|
||||
//#define MBEDTLS_SHA512_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
|
||||
/*
|
||||
* When replacing the elliptic curve module, pleace consider, that it is
|
||||
* implemented with two .c files:
|
||||
@ -314,6 +333,12 @@
|
||||
*
|
||||
* Uncomment a macro to enable alternate implementation of the corresponding
|
||||
* function.
|
||||
*
|
||||
* \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
|
||||
* constitutes a security risk. If possible, we recommend avoiding
|
||||
* dependencies on them, and considering stronger message digests
|
||||
* and ciphers instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD2_PROCESS_ALT
|
||||
//#define MBEDTLS_MD4_PROCESS_ALT
|
||||
@ -329,6 +354,11 @@
|
||||
//#define MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
//#define MBEDTLS_AES_ENCRYPT_ALT
|
||||
//#define MBEDTLS_AES_DECRYPT_ALT
|
||||
//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
|
||||
//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
|
||||
//#define MBEDTLS_ECDSA_VERIFY_ALT
|
||||
//#define MBEDTLS_ECDSA_SIGN_ALT
|
||||
//#define MBEDTLS_ECDSA_GENKEY_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_INTERNAL_ALT
|
||||
@ -416,12 +446,45 @@
|
||||
/**
|
||||
* \def MBEDTLS_AES_ROM_TABLES
|
||||
*
|
||||
* Store the AES tables in ROM.
|
||||
* Use precomputed AES tables stored in ROM.
|
||||
*
|
||||
* Uncomment this macro to use precomputed AES tables stored in ROM.
|
||||
* Comment this macro to generate AES tables in RAM at runtime.
|
||||
*
|
||||
* Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
|
||||
* (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
|
||||
* initialization time before the first AES operation can be performed.
|
||||
* It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
|
||||
* MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
|
||||
* performance if ROM access is slower than RAM access.
|
||||
*
|
||||
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
|
||||
*
|
||||
* Uncomment this macro to store the AES tables in ROM.
|
||||
*/
|
||||
//#define MBEDTLS_AES_ROM_TABLES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_AES_FEWER_TABLES
|
||||
*
|
||||
* Use less ROM/RAM for AES tables.
|
||||
*
|
||||
* Uncommenting this macro omits 75% of the AES tables from
|
||||
* ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
|
||||
* by computing their values on the fly during operations
|
||||
* (the tables are entry-wise rotations of one another).
|
||||
*
|
||||
* Tradeoff: Uncommenting this reduces the RAM / ROM footprint
|
||||
* by ~6kb but at the cost of more arithmetic operations during
|
||||
* runtime. Specifically, one has to compare 4 accesses within
|
||||
* different tables to 4 accesses with additional arithmetic
|
||||
* operations within the same table. The performance gain/loss
|
||||
* depends on the system and memory details.
|
||||
*
|
||||
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_FEWER_TABLES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||
*
|
||||
@ -513,6 +576,9 @@
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
*
|
||||
* Uncomment this macro to enable weak ciphersuites
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
|
||||
|
||||
@ -549,6 +615,7 @@
|
||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_NIST_OPTIM
|
||||
@ -635,6 +702,13 @@
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
|
||||
@ -734,6 +808,13 @@
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
|
||||
@ -1025,7 +1106,8 @@
|
||||
/**
|
||||
* \def MBEDTLS_RSA_NO_CRT
|
||||
*
|
||||
* Do not use the Chinese Remainder Theorem for the RSA private operation.
|
||||
* Do not use the Chinese Remainder Theorem
|
||||
* for the RSA private operation.
|
||||
*
|
||||
* Uncomment this macro to disable the use of CRT in RSA.
|
||||
*
|
||||
@ -1172,6 +1254,13 @@
|
||||
* misuse/misunderstand.
|
||||
*
|
||||
* Comment this to disable support for renegotiation.
|
||||
*
|
||||
* \note Even if this option is disabled, both client and server are aware
|
||||
* of the Renegotiation Indication Extension (RFC 5746) used to
|
||||
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
|
||||
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
|
||||
* configuration of this extension).
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SSL_RENEGOTIATION
|
||||
|
||||
@ -1380,6 +1469,30 @@
|
||||
*/
|
||||
#define MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
*
|
||||
* Fallback to old (pre-2.7), non-conforming implementation of the truncated
|
||||
* HMAC extension which also truncates the HMAC key. Note that this option is
|
||||
* only meant for a transitory upgrade period and is likely to be removed in
|
||||
* a future version of the library.
|
||||
*
|
||||
* \warning The old implementation is non-compliant and has a security weakness
|
||||
* (2^80 brute force attack on the HMAC key used for a single,
|
||||
* uninterrupted connection). This should only be enabled temporarily
|
||||
* when (1) the use of truncated HMAC is essential in order to save
|
||||
* bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
|
||||
* the fixed implementation yet (pre-2.7).
|
||||
*
|
||||
* \deprecated This option is deprecated and will likely be removed in a
|
||||
* future version of Mbed TLS.
|
||||
*
|
||||
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_THREADING_ALT
|
||||
*
|
||||
@ -1486,6 +1599,9 @@
|
||||
*
|
||||
* \note Currently compression can't be used with DTLS.
|
||||
*
|
||||
* \deprecated This feature is deprecated and will be removed
|
||||
* in the next major revision of the library.
|
||||
*
|
||||
* Used in: library/ssl_tls.c
|
||||
* library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
@ -1524,7 +1640,7 @@
|
||||
* Enable the AES block cipher.
|
||||
*
|
||||
* Module: library/aes.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
* library/pem.c
|
||||
* library/ctr_drbg.c
|
||||
*
|
||||
@ -1599,7 +1715,7 @@
|
||||
* Enable the ARCFOUR stream cipher.
|
||||
*
|
||||
* Module: library/arc4.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
@ -1613,6 +1729,11 @@
|
||||
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* \warning ARC4 is considered a weak cipher and its use constitutes a
|
||||
* security risk. If possible, we recommend avoidng dependencies on
|
||||
* it, and considering stronger ciphers instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_ARC4_C
|
||||
|
||||
@ -1666,6 +1787,7 @@
|
||||
* library/ecp.c
|
||||
* library/ecdsa.c
|
||||
* library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
|
||||
@ -1687,7 +1809,7 @@
|
||||
* Enable the Camellia block cipher.
|
||||
*
|
||||
* Module: library/camellia.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
@ -1736,6 +1858,58 @@
|
||||
*/
|
||||
#define MBEDTLS_CAMELLIA_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ARIA_C
|
||||
*
|
||||
* Enable the ARIA block cipher.
|
||||
*
|
||||
* Module: library/aria.c
|
||||
* Caller: library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
*
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
*/
|
||||
//#define MBEDTLS_ARIA_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CCM_C
|
||||
*
|
||||
@ -1822,7 +1996,7 @@
|
||||
*
|
||||
* Module: library/des.c
|
||||
* Caller: library/pem.c
|
||||
* library/ssl_tls.c
|
||||
* library/cipher.c
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
@ -1838,6 +2012,9 @@
|
||||
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers instead.
|
||||
*/
|
||||
#define MBEDTLS_DES_C
|
||||
|
||||
@ -1852,6 +2029,13 @@
|
||||
*
|
||||
* This module is used by the following key exchanges:
|
||||
* DHE-RSA, DHE-PSK
|
||||
*
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_DHM_C
|
||||
|
||||
@ -2017,6 +2201,11 @@
|
||||
* Caller:
|
||||
*
|
||||
* Uncomment to enable support for (rare) MD2-signed X.509 certs.
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD2_C
|
||||
|
||||
@ -2029,6 +2218,11 @@
|
||||
* Caller:
|
||||
*
|
||||
* Uncomment to enable support for (rare) MD4-signed X.509 certs.
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD4_C
|
||||
|
||||
@ -2042,8 +2236,15 @@
|
||||
* library/pem.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for SSL/TLS and X.509.
|
||||
* PEM_PARSE uses MD5 for decrypting encrypted keys.
|
||||
* This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
|
||||
* depending on the handshake parameters. Further, it is used for checking
|
||||
* MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
|
||||
* encrypted keys.
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_MD5_C
|
||||
|
||||
@ -2279,6 +2480,7 @@
|
||||
* Enable the RSA public-key cryptosystem.
|
||||
*
|
||||
* Module: library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
* library/ssl_tls.c
|
||||
@ -2305,6 +2507,11 @@
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SHA1_C
|
||||
|
||||
@ -2693,8 +2900,13 @@
|
||||
* Allow SHA-1 in the default TLS configuration for certificate signing.
|
||||
* Without this build-time option, SHA-1 support must be activated explicitly
|
||||
* through mbedtls_ssl_conf_cert_profile. Turning on this option is not
|
||||
* recommended because of it is possible to generte SHA-1 collisions, however
|
||||
* recommended because of it is possible to generate SHA-1 collisions, however
|
||||
* this may be safe for legacy infrastructure where additional controls apply.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||
|
||||
@ -2705,10 +2917,36 @@
|
||||
* The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
|
||||
* default. At the time of writing, there is no practical attack on the use
|
||||
* of SHA-1 in handshake signatures, hence this option is turned on by default
|
||||
* for compatibility with existing peers.
|
||||
* to preserve compatibility with existing peers, but the general
|
||||
* warning applies nonetheless:
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* mbedtls_platform_zeroize() is a widely used function across the library to
|
||||
* zero a block of memory. The implementation is expected to be secure in the
|
||||
* sense that it has been written to prevent the compiler from removing calls
|
||||
* to mbedtls_platform_zeroize() as part of redundant code elimination
|
||||
* optimizations. However, it is difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
|
||||
* versions of the C language standards do not provide a secure implementation
|
||||
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
|
||||
* configure their own implementation of mbedtls_platform_zeroize(), for
|
||||
* example by using directives specific to their compiler, features from newer
|
||||
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
|
||||
* their system (e.g explicit_bzero() in BSD).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
|
@ -1,9 +1,18 @@
|
||||
/**
|
||||
* \file ctr_drbg.h
|
||||
*
|
||||
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
|
||||
* \brief This file contains CTR_DRBG definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* CTR_DRBG is a standardized way of building a PRNG from a block-cipher
|
||||
* in counter mode operation, as defined in <em>NIST SP 800-90A:
|
||||
* Recommendation for Random Number Generation Using Deterministic Random
|
||||
* Bit Generators</em>.
|
||||
*
|
||||
* The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying
|
||||
* block cipher.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,8 +27,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CTR_DRBG_H
|
||||
#define MBEDTLS_CTR_DRBG_H
|
||||
|
||||
@ -30,78 +40,95 @@
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< The requested random buffer length is too big. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< The input (entropy + additional data) is too large. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */
|
||||
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
|
||||
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
|
||||
/**< The seed length (counter + AES key) */
|
||||
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
|
||||
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
|
||||
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
|
||||
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* Either change them in config.h or define them using the compiler command
|
||||
* line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
|
||||
/**< The amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#else
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
|
||||
/**< Amount of entropy used per seed by default:
|
||||
* <ul><li>48 with SHA-512.</li>
|
||||
* <li>32 with SHA-256.</li></ul>
|
||||
*/
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
|
||||
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
|
||||
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
|
||||
/**< The interval before reseed is performed by default. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
|
||||
/**< The maximum number of additional input Bytes. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
|
||||
/**< The maximum number of requested Bytes per call. */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
|
||||
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
|
||||
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
|
||||
/**< The maximum size of seed or reseed buffer. */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
|
||||
#define MBEDTLS_CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0
|
||||
/**< Prediction resistance is disabled. */
|
||||
#define MBEDTLS_CTR_DRBG_PR_ON 1
|
||||
/**< Prediction resistance is enabled. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG context structure
|
||||
* \brief The CTR_DRBG context structure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char counter[16]; /*!< counter (V) */
|
||||
int reseed_counter; /*!< reseed counter */
|
||||
int prediction_resistance; /*!< enable prediction resistance (Automatic
|
||||
reseed before every random generation) */
|
||||
size_t entropy_len; /*!< amount of entropy grabbed on each
|
||||
(re)seed */
|
||||
int reseed_interval; /*!< reseed interval */
|
||||
unsigned char counter[16]; /*!< The counter (V). */
|
||||
int reseed_counter; /*!< The reseed counter. */
|
||||
int prediction_resistance; /*!< This determines whether prediction
|
||||
resistance is enabled, that is
|
||||
whether to systematically reseed before
|
||||
each random generation. */
|
||||
size_t entropy_len; /*!< The amount of entropy grabbed on each
|
||||
seed or reseed operation. */
|
||||
int reseed_interval; /*!< The reseed interval. */
|
||||
|
||||
mbedtls_aes_context aes_ctx; /*!< AES context */
|
||||
mbedtls_aes_context aes_ctx; /*!< The AES context. */
|
||||
|
||||
/*
|
||||
* Callbacks (Entropy)
|
||||
*/
|
||||
int (*f_entropy)(void *, unsigned char *, size_t);
|
||||
/*!< The entropy callback function. */
|
||||
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
void *p_entropy; /*!< The context for the entropy function. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
@ -110,31 +137,32 @@ typedef struct
|
||||
mbedtls_ctr_drbg_context;
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG context initialization
|
||||
* Makes the context ready for mbedtls_ctr_drbg_seed() or
|
||||
* mbedtls_ctr_drbg_free().
|
||||
* \brief This function initializes the CTR_DRBG context,
|
||||
* and prepares it for mbedtls_ctr_drbg_seed()
|
||||
* or mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be initialized
|
||||
* \param ctx The CTR_DRBG context to initialize.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG initial seeding
|
||||
* Seed and setup entropy source for future reseeds.
|
||||
* \brief This function seeds and sets up the CTR_DRBG
|
||||
* entropy source for future reseeds.
|
||||
*
|
||||
* Note: Personalization data can be provided in addition to the more generic
|
||||
* entropy source to make this instantiation as unique as possible.
|
||||
* \note Personalization data can be provided in addition to the more generic
|
||||
* entropy source, to make this instantiation as unique as possible.
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be seeded
|
||||
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
|
||||
* length)
|
||||
* \param p_entropy Entropy context
|
||||
* \param custom Personalization data (Device specific identifiers)
|
||||
* (Can be NULL)
|
||||
* \param len Length of personalization data
|
||||
* \param ctx The CTR_DRBG context to seed.
|
||||
* \param f_entropy The entropy callback, taking as arguments the
|
||||
* \p p_entropy context, the buffer to fill, and the
|
||||
length of the buffer.
|
||||
* \param p_entropy The entropy context.
|
||||
* \param custom Personalization data, that is device-specific
|
||||
identifiers. Can be NULL.
|
||||
* \param len The length of the personalization data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
@ -143,138 +171,150 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Clear CTR_CRBG context data
|
||||
* \brief This function clears CTR_CRBG context data.
|
||||
*
|
||||
* \param ctx CTR_DRBG context to clear
|
||||
* \param ctx The CTR_DRBG context to clear.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Enable / disable prediction resistance (Default: Off)
|
||||
* \brief This function turns prediction resistance on or off.
|
||||
* The default value is off.
|
||||
*
|
||||
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
|
||||
* Only use this if you have ample supply of good entropy!
|
||||
* \note If enabled, entropy is gathered at the beginning of
|
||||
* every call to mbedtls_ctr_drbg_random_with_add().
|
||||
* Only use this if your entropy source has sufficient
|
||||
* throughput.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param resistance MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
|
||||
int resistance );
|
||||
|
||||
/**
|
||||
* \brief Set the amount of entropy grabbed on each (re)seed
|
||||
* (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
|
||||
* \brief This function sets the amount of entropy grabbed on each
|
||||
* seed or reseed. The default value is
|
||||
* #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param len Amount of entropy to grab
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param len The amount of entropy to grab.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Set the reseed interval
|
||||
* (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
|
||||
* \brief This function sets the reseed interval.
|
||||
* The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param interval Reseed interval
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param interval The reseed interval.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
||||
int interval );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG reseeding (extracts data from entropy source)
|
||||
* \brief This function reseeds the CTR_DRBG context, that is
|
||||
* extracts data from the entropy source.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to add to state (Can be NULL)
|
||||
* \param len Length of additional data
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional Additional data to add to the state. Can be NULL.
|
||||
* \param len The length of the additional data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG update state
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to update state with
|
||||
* \param add_len Length of additional data
|
||||
* \note If \p add_len is greater than
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
|
||||
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
|
||||
* The remaining Bytes are silently discarded.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* \param add_len Length of \p additional data.
|
||||
*
|
||||
* \note If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
|
||||
* only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
|
||||
* the remaining ones are silently discarded.
|
||||
*/
|
||||
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random with additional update input
|
||||
* \brief This function updates a CTR_DRBG instance with additional
|
||||
* data and uses it to generate random data.
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param additional Additional data to update with (Can be NULL)
|
||||
* \param add_len Length of additional data
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
* \param additional Additional data to update. Can be NULL.
|
||||
* \param add_len The length of the additional data.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random
|
||||
* \brief This function uses CTR_DRBG to generate random data.
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
* \note The function automatically reseeds if the reseed counter is exceeded.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
* \param output_len The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_random( void *p_rng,
|
||||
unsigned char *output, size_t output_len );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
* \brief This function writes a seed file.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param path Name of the file
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance
|
||||
* \brief This function reads and updates a seed file. The seed
|
||||
* is added to this instance.
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param path Name of the file
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param path The name of the file.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
|
||||
* MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
|
||||
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The CTR_DRBG checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ctr_drbg_self_test( int verbose );
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file debug.h
|
||||
*
|
||||
* \brief Functions for controlling and providing debug output from the library.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -3,6 +3,11 @@
|
||||
*
|
||||
* \brief DES block cipher
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -19,6 +24,7 @@
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_DES_H
|
||||
#define MBEDTLS_DES_H
|
||||
@ -36,19 +42,24 @@
|
||||
#define MBEDTLS_DES_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
||||
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_DES_KEY_SIZE 8
|
||||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief DES context structure
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
@ -65,10 +76,18 @@ typedef struct
|
||||
}
|
||||
mbedtls_des3_context;
|
||||
|
||||
#else /* MBEDTLS_DES_ALT */
|
||||
#include "des_alt.h"
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize DES context
|
||||
*
|
||||
* \param ctx DES context to be initialized
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_init( mbedtls_des_context *ctx );
|
||||
|
||||
@ -76,6 +95,10 @@ void mbedtls_des_init( mbedtls_des_context *ctx );
|
||||
* \brief Clear DES context
|
||||
*
|
||||
* \param ctx DES context to be cleared
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_free( mbedtls_des_context *ctx );
|
||||
|
||||
@ -100,6 +123,10 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
||||
* a parity bit to allow verification.
|
||||
*
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
@ -112,6 +139,10 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 is parity was ok, 1 if parity was not correct.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
@ -121,6 +152,10 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0 if no weak key was found, 1 if a weak key was identified.
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
@ -131,6 +166,10 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
@ -141,6 +180,10 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
|
||||
* \param key 8-byte secret key
|
||||
*
|
||||
* \return 0
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
|
||||
@ -196,6 +239,10 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
||||
* \param output 64-bit output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||
const unsigned char input[8],
|
||||
@ -219,6 +266,10 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
||||
int mode,
|
||||
@ -277,20 +328,13 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
||||
*
|
||||
* \param SK Round keys
|
||||
* \param key Base key
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
* security risk. We recommend considering stronger ciphers
|
||||
* instead.
|
||||
*/
|
||||
void mbedtls_des_setkey( uint32_t SK[32],
|
||||
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DES_ALT */
|
||||
#include "des_alt.h"
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,9 +1,19 @@
|
||||
/**
|
||||
* \file ecdh.h
|
||||
*
|
||||
* \brief Elliptic curve Diffie-Hellman
|
||||
* \brief This file contains ECDH definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
|
||||
* key agreement protocol allowing two parties to establish a shared
|
||||
* secret over an insecure channel. Each party must have an
|
||||
* elliptic-curve public–private key pair.
|
||||
*
|
||||
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
|
||||
* Pair-Wise Key Establishment Schemes Using Discrete Logarithm
|
||||
* Cryptography</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,8 +28,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDH_H
|
||||
#define MBEDTLS_ECDH_H
|
||||
|
||||
@ -30,52 +41,59 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* When importing from an EC key, select if it is our key or the peer's key
|
||||
* Defines the source of the imported EC key.
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECDH_OURS,
|
||||
MBEDTLS_ECDH_THEIRS,
|
||||
MBEDTLS_ECDH_OURS, /**< Our key. */
|
||||
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
|
||||
} mbedtls_ecdh_side;
|
||||
|
||||
/**
|
||||
* \brief ECDH context structure
|
||||
*
|
||||
* \warning Performing multiple operations concurrently on the same
|
||||
* ECDSA context is not supported; objects of this type
|
||||
* should not be shared between multiple threads.
|
||||
* \brief The ECDH context structure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_ecp_group grp; /*!< elliptic curve used */
|
||||
mbedtls_mpi d; /*!< our secret value (private key) */
|
||||
mbedtls_ecp_point Q; /*!< our public value (public key) */
|
||||
mbedtls_ecp_point Qp; /*!< peer's public value (public key) */
|
||||
mbedtls_mpi z; /*!< shared secret */
|
||||
int point_format; /*!< format for point export in TLS */
|
||||
mbedtls_ecp_point Vi; /*!< blinding value (for later) */
|
||||
mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */
|
||||
mbedtls_mpi _d; /*!< previous d (for later) */
|
||||
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
||||
mbedtls_mpi d; /*!< The private key. */
|
||||
mbedtls_ecp_point Q; /*!< The public key. */
|
||||
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
||||
mbedtls_mpi z; /*!< The shared secret. */
|
||||
int point_format; /*!< The format of point export in TLS messages. */
|
||||
mbedtls_ecp_point Vi; /*!< The blinding value. */
|
||||
mbedtls_ecp_point Vf; /*!< The unblinding value. */
|
||||
mbedtls_mpi _d; /*!< The previous \p d. */
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
int restart_enabled; /*!< enable restartalbe EC computations? */
|
||||
mbedtls_ecp_restart_ctx rs; /*!< restart context for EC computations */
|
||||
int restart_enabled; /*!< The flag for restartable mode. */
|
||||
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
||||
#endif
|
||||
}
|
||||
mbedtls_ecdh_context;
|
||||
|
||||
/**
|
||||
* \brief Generate a public key.
|
||||
* Raw function that only does the core computation.
|
||||
* \brief This function generates an ECDH keypair on an elliptic
|
||||
* curve.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param d Destination MPI (secret exponent, aka private key)
|
||||
* \param Q Destination point (public key)
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This function performs the first of two core computations
|
||||
* implemented during the ECDH key exchange. The second core
|
||||
* computation is performed by mbedtls_ecdh_compute_shared().
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param d The destination MPI (private key).
|
||||
* \param Q The destination point (public key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
@ -83,24 +101,30 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Compute shared secret
|
||||
* Raw function that only does the core computation.
|
||||
* \brief This function computes the shared secret.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param z Destination MPI (shared secret)
|
||||
* \param Q Public key from other party
|
||||
* \param d Our secret exponent (private key)
|
||||
* \param f_rng RNG function (see notes)
|
||||
* \param p_rng RNG parameter
|
||||
* This function performs the second of two core computations
|
||||
* implemented during the ECDH key exchange. The first core
|
||||
* computation is performed by mbedtls_ecdh_gen_public().
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \see ecp.h
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param z The destination MPI (shared secret).
|
||||
* \param Q The public key from another party.
|
||||
* \param d Our secret exponent (private key).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or
|
||||
* \c MBEDTLS_MPI_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*
|
||||
* \note If f_rng is not NULL, it is used to implement
|
||||
* countermeasures against potential elaborate timing
|
||||
* attacks, see \c mbedtls_ecp_mul() for details.
|
||||
*/
|
||||
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
||||
@ -108,35 +132,42 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Initialize context
|
||||
* \brief This function initializes an ECDH context.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
* \param ctx The ECDH context to initialize.
|
||||
*/
|
||||
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free context
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx Context to free
|
||||
* \param ctx The context to free.
|
||||
*/
|
||||
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate a public key and a TLS ServerKeyExchange payload.
|
||||
* (First function used by a TLS server for ECDHE.)
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ServerKeyExchange payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of chars written
|
||||
* \param buf destination buffer
|
||||
* \param blen length of buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \note This function assumes that ctx->grp has already been
|
||||
* properly set (for example using mbedtls_ecp_group_load).
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
@ -145,46 +176,67 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Parse and procress a TLS ServerKeyExhange payload.
|
||||
* (First function used by a TLS client for ECDHE.)
|
||||
* \brief This function parses and processes a TLS ServerKeyExhange
|
||||
* payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param buf pointer to start of input buffer
|
||||
* \param end one past end of buffer
|
||||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
*/
|
||||
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief Setup an ECDH context from an EC key.
|
||||
* (Used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH: import ECDH parameters
|
||||
* from a certificate's EC key information.)
|
||||
* \brief This function sets up an ECDH context from an EC key.
|
||||
*
|
||||
* \param ctx ECDH context to set
|
||||
* \param key EC key to use
|
||||
* \param side Is it our key (1) or the peer's key (0) ?
|
||||
* It is used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key: 1: Our key, or
|
||||
* 0: The key of the peer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
*/
|
||||
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
mbedtls_ecdh_side side );
|
||||
|
||||
/**
|
||||
* \brief Generate a public key and a TLS ClientKeyExchange payload.
|
||||
* (Second function used by a TLS client for ECDH(E).)
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ClientKeyExchange payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of bytes actually written
|
||||
* \param buf destination buffer
|
||||
* \param blen size of destination buffer
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
@ -193,31 +245,46 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Parse and process a TLS ClientKeyExchange payload.
|
||||
* (Second function used by a TLS server for ECDH(E).)
|
||||
* \brief This function parses and processes a TLS ClientKeyExchange
|
||||
* payload.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param buf start of input buffer
|
||||
* \param blen length of input buffer
|
||||
* This is the second function used by a TLS server for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief Derive and export the shared secret.
|
||||
* (Last function used by both TLS client en servers.)
|
||||
* \brief This function derives and exports the shared secret.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param olen number of bytes written
|
||||
* \param buf destination buffer
|
||||
* \param blen buffer length
|
||||
* \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared()
|
||||
* \param p_rng RNG parameter
|
||||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
* \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
@ -227,16 +294,16 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Enable restartable EC computations for this context.
|
||||
* (Default: disabled.)
|
||||
* \brief This function enables restartable EC computations for this
|
||||
* context. (Default: disabled.)
|
||||
*
|
||||
* \sa \c mbedtls_ecp_set_max_ops()
|
||||
* \see \c mbedtls_ecp_set_max_ops()
|
||||
*
|
||||
* \note It is not possible to safely disable restartable
|
||||
* computations once enabled, except by free-ing the context,
|
||||
* which cancels possible in-progress operations.
|
||||
*
|
||||
* \param ctx ECDH context
|
||||
* \param ctx The ECDH context.
|
||||
*/
|
||||
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
@ -1,9 +1,17 @@
|
||||
/**
|
||||
* \file ecdsa.h
|
||||
*
|
||||
* \brief Elliptic curve DSA
|
||||
* \brief This file contains ECDSA definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
|
||||
* <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* SEC1 Elliptic Curve Cryptography</em>.
|
||||
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
|
||||
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,8 +26,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDSA_H
|
||||
#define MBEDTLS_ECDSA_H
|
||||
|
||||
@ -27,7 +36,7 @@
|
||||
#include "md.h"
|
||||
|
||||
/*
|
||||
* RFC 4492 page 20:
|
||||
* RFC-4492 page 20:
|
||||
*
|
||||
* Ecdsa-Sig-Value ::= SEQUENCE {
|
||||
* r INTEGER,
|
||||
@ -43,7 +52,7 @@
|
||||
#if MBEDTLS_ECP_MAX_BYTES > 124
|
||||
#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
|
||||
#endif
|
||||
/** Maximum size of an ECDSA signature in bytes */
|
||||
/** The maximal size of an ECDSA signature in Bytes. */
|
||||
#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
|
||||
|
||||
#ifdef __cplusplus
|
||||
@ -51,7 +60,7 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief ECDSA context structure
|
||||
* \brief The ECDSA context structure.
|
||||
*
|
||||
* \warning Performing multiple operations concurrently on the same
|
||||
* ECDSA context is not supported; objects of this type
|
||||
@ -105,25 +114,31 @@ typedef void mbedtls_ecdsa_restart_ctx;
|
||||
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
/**
|
||||
* \brief Compute ECDSA signature of a previously hashed message
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note The deterministic version is usually prefered.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param r First output integer
|
||||
* \param s Second output integer
|
||||
* \param d Private signing key
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \note The deterministic version is usually preferred.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX
|
||||
* or \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
@ -131,23 +146,32 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/**
|
||||
* \brief Compute ECDSA signature of a previously hashed message,
|
||||
* deterministic version (RFC 6979).
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message, deterministic version.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param r First output integer
|
||||
* \param s Second output integer
|
||||
* \param d Private signing key
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param md_alg MD algorithm used to hash the message
|
||||
* For more information, see <em>RFC-6979: Deterministic
|
||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
* \param d The private signing key.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
@ -155,55 +179,74 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief Verify ECDSA signature of a previously hashed message
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param buf Message hash
|
||||
* \param blen Length of buf
|
||||
* \param Q Public key to use for verification
|
||||
* \param r First integer of the signature
|
||||
* \param s Second integer of the signature
|
||||
* \brief This function verifies the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.4 step 3.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_VERIFY_FAILED if signature is invalid
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param Q The public key to use for verification.
|
||||
* \param r The first integer of the signature.
|
||||
* \param s The second integer of the signature.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
|
||||
* is invalid.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
|
||||
|
||||
/**
|
||||
* \brief Compute ECDSA signature and write it to buffer,
|
||||
* serialized as defined in RFC 4492 page 20.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
* to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* \note The deterministic version (RFC 6979) is used if
|
||||
* MBEDTLS_ECDSA_DETERMINISTIC is defined.
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param md_alg Algorithm that was used to hash the message
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
* \param slen Length of the signature written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \note The deterministic version is used if
|
||||
* #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
|
||||
* information, see <em>RFC-6979: Deterministic Usage
|
||||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note The "sig" buffer must be at least as large as twice the
|
||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||
* MBEDTLS_ERR_ASN1_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
@ -212,24 +255,29 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_ecdsa_write_signature()
|
||||
* \brief This function computes the ECDSA signature and writes it
|
||||
* to a buffer, in a restartable way.
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_ecdsa_write_signature()
|
||||
* but can return early and restart according to the limit
|
||||
* \see \c mbedtls_ecdsa_write_signature()
|
||||
*
|
||||
* \note This function is like \c mbedtls_ecdsa_write_signature()
|
||||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param md_alg Algorithm that was used to hash the message
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
* \param slen Length of the signature written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param rs_ctx Restart context
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
* \param rs_ctx The restart context.
|
||||
*
|
||||
* \return See \c mbedtls_ecdsa_write_signature(), or
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
@ -248,31 +296,44 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Compute ECDSA signature and write it to buffer,
|
||||
* serialized as defined in RFC 4492 page 20.
|
||||
* Deterministic version, RFC 6979.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
* \brief This function computes an ECDSA signature and writes
|
||||
* it to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA)
|
||||
* and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
* \param slen Length of the signature written
|
||||
* \param md_alg MD algorithm used to hash the message
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
*
|
||||
* \note The "sig" buffer must be at least as large as twice the
|
||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if a
|
||||
* 256-bit curve is used. A buffer length of
|
||||
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.3 step 5.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||
* MBEDTLS_ERR_ASN1_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
||||
* Mbed TLS version 2.0 and later.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
@ -283,44 +344,57 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
* \brief Read and verify an ECDSA signature
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Size of hash
|
||||
* \param sig Signature to read and verify
|
||||
* \param slen Size of sig
|
||||
* \brief This function reads and verifies an ECDSA signature.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* prescribed by SEC1 4.1.4 step 3.
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than siglen,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
const unsigned char *sig, size_t slen );
|
||||
|
||||
/**
|
||||
* \brief Restartable version of \c mbedtls_ecdsa_read_signature()
|
||||
* \brief This function reads and verifies an ECDSA signature,
|
||||
* in a restartable way.
|
||||
*
|
||||
* \note Performs the same job as \c mbedtls_ecdsa_read_signature()
|
||||
* but can return early and restart according to the limit
|
||||
* \see \c mbedtls_ecdsa_read_signature()
|
||||
*
|
||||
* \note This function is like \c mbedtls_ecdsa_read_signature()
|
||||
* but it can return early and restart according to the limit
|
||||
* set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Size of hash
|
||||
* \param sig Signature to read and verify
|
||||
* \param slen Size of sig
|
||||
* \param rs_ctx Restart context
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
* \param rs_ctx The restart context
|
||||
*
|
||||
* \return See \c mbedtls_ecdsa_read_signature(), or
|
||||
* MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
||||
* operations was reached: see \c mbedtls_ecp_set_max_ops().
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
@ -329,40 +403,46 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
|
||||
mbedtls_ecdsa_restart_ctx *rs_ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate an ECDSA keypair on the given curve
|
||||
* \brief This function generates an ECDSA keypair on the given curve.
|
||||
*
|
||||
* \param ctx ECDSA context in which the keypair should be stored
|
||||
* \param gid Group (elliptic curve) to use. One of the various
|
||||
* MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \see ecp.h
|
||||
*
|
||||
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Set an ECDSA context from an EC key pair
|
||||
* \brief This function sets an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \param ctx ECDSA context to set
|
||||
* \param key EC key to use
|
||||
* \see ecp.h
|
||||
*
|
||||
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
|
||||
* \param ctx The ECDSA context to set.
|
||||
* \param key The EC key to use.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief Initialize context
|
||||
* \brief This function initializes an ECDSA context.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
* \param ctx The ECDSA context to initialize.
|
||||
*/
|
||||
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free context
|
||||
* \brief This function frees an ECDSA context.
|
||||
*
|
||||
* \param ctx Context to free
|
||||
* \param ctx The ECDSA context to free.
|
||||
*/
|
||||
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ecjpake.h
|
||||
*
|
||||
* \brief Elliptic curve J-PAKE
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -55,6 +56,7 @@ typedef enum {
|
||||
MBEDTLS_ECJPAKE_SERVER, /**< Server */
|
||||
} mbedtls_ecjpake_role;
|
||||
|
||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
/**
|
||||
* EC J-PAKE context structure.
|
||||
*
|
||||
@ -85,6 +87,10 @@ typedef struct
|
||||
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
|
||||
} mbedtls_ecjpake_context;
|
||||
|
||||
#else /* MBEDTLS_ECJPAKE_ALT */
|
||||
#include "ecjpake_alt.h"
|
||||
#endif /* MBEDTLS_ECJPAKE_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* (just makes it ready for setup() or free()).
|
||||
@ -222,17 +228,22 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
||||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_ecjpake_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* ecjpake.h */
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -3,7 +3,8 @@
|
||||
*
|
||||
* \brief Function declarations for alternative implementation of elliptic curve
|
||||
* point arithmetic.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -47,7 +48,7 @@
|
||||
* [6] Digital Signature Standard (DSS), FIPS 186-4.
|
||||
* <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
|
||||
*
|
||||
* [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
|
||||
* [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
|
||||
* Security (TLS), RFC 4492.
|
||||
* <https://tools.ietf.org/search/rfc4492>
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file entropy.h
|
||||
*
|
||||
* \brief Entropy accumulator implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -121,6 +122,7 @@ mbedtls_entropy_source_state;
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int accumulator_started;
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_context accumulator;
|
||||
#else
|
||||
@ -164,7 +166,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
|
||||
* \param threshold Minimum required from source before entropy is released
|
||||
* ( with mbedtls_entropy_func() ) (in bytes)
|
||||
* \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
|
||||
* MBEDTSL_ENTROPY_SOURCE_WEAK.
|
||||
* MBEDTLS_ENTROPY_SOURCE_WEAK.
|
||||
* At least one strong source needs to be added.
|
||||
* Weaker sources (such as the cycle counter) can be used as
|
||||
* a complement.
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file entropy_poll.h
|
||||
*
|
||||
* \brief Platform-specific and custom entropy polling functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file error.h
|
||||
*
|
||||
* \brief Error to string translation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -49,23 +50,33 @@
|
||||
*
|
||||
* Module Nr Codes assigned
|
||||
* MPI 7 0x0002-0x0010
|
||||
* GCM 2 0x0012-0x0014
|
||||
* BLOWFISH 2 0x0016-0x0018
|
||||
* GCM 3 0x0012-0x0014 0x0013-0x0013
|
||||
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
|
||||
* THREADING 3 0x001A-0x001E
|
||||
* AES 2 0x0020-0x0022
|
||||
* CAMELLIA 2 0x0024-0x0026
|
||||
* XTEA 1 0x0028-0x0028
|
||||
* AES 5 0x0020-0x0022 0x0021-0x0025
|
||||
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
|
||||
* XTEA 2 0x0028-0x0028 0x0029-0x0029
|
||||
* BASE64 2 0x002A-0x002C
|
||||
* OID 1 0x002E-0x002E 0x000B-0x000B
|
||||
* PADLOCK 1 0x0030-0x0030
|
||||
* DES 1 0x0032-0x0032
|
||||
* DES 2 0x0032-0x0032 0x0033-0x0033
|
||||
* CTR_DBRG 4 0x0034-0x003A
|
||||
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F
|
||||
* NET 11 0x0042-0x0052 0x0043-0x0045
|
||||
* ARIA 4 0x0058-0x005E
|
||||
* ASN1 7 0x0060-0x006C
|
||||
* CMAC 1 0x007A-0x007A
|
||||
* PBKDF2 1 0x007C-0x007C
|
||||
* HMAC_DRBG 4 0x0003-0x0009
|
||||
* CCM 2 0x000D-0x000F
|
||||
* HMAC_DRBG 4 0x0003-0x0009
|
||||
* CCM 3 0x000D-0x0011
|
||||
* ARC4 1 0x0019-0x0019
|
||||
* MD2 1 0x002B-0x002B
|
||||
* MD4 1 0x002D-0x002D
|
||||
* MD5 1 0x002F-0x002F
|
||||
* RIPEMD160 1 0x0031-0x0031
|
||||
* SHA1 1 0x0035-0x0035
|
||||
* SHA256 1 0x0037-0x0037
|
||||
* SHA512 1 0x0039-0x0039
|
||||
*
|
||||
* High-level module nr (3 bits - 0x0...-0x7...)
|
||||
* Name ID Nr of Errors
|
||||
@ -73,12 +84,12 @@
|
||||
* PKCS#12 1 4 (Started from top)
|
||||
* X509 2 20
|
||||
* PKCS5 2 4 (Started from top)
|
||||
* DHM 3 9
|
||||
* PK 3 14 (Started from top)
|
||||
* RSA 4 9
|
||||
* ECP 4 9 (Started from top)
|
||||
* MD 5 4
|
||||
* CIPHER 6 6
|
||||
* DHM 3 11
|
||||
* PK 3 15 (Started from top)
|
||||
* RSA 4 11
|
||||
* ECP 4 10 (Started from top)
|
||||
* MD 5 5
|
||||
* CIPHER 6 8
|
||||
* SSL 6 17 (Started from top)
|
||||
* SSL 7 31
|
||||
*
|
||||
|
@ -1,9 +1,18 @@
|
||||
/**
|
||||
* \file gcm.h
|
||||
*
|
||||
* \brief Galois/Counter mode for 128-bit block ciphers
|
||||
* \brief This file contains GCM definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
*
|
||||
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
|
||||
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,8 +27,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_GCM_H
|
||||
#define MBEDTLS_GCM_H
|
||||
|
||||
@ -31,46 +41,64 @@
|
||||
#define MBEDTLS_GCM_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
|
||||
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_GCM_ALT)
|
||||
|
||||
/**
|
||||
* \brief GCM context structure
|
||||
* \brief The GCM context structure.
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
|
||||
uint64_t HL[16]; /*!< Precalculated HTable */
|
||||
uint64_t HH[16]; /*!< Precalculated HTable */
|
||||
uint64_t len; /*!< Total data length */
|
||||
uint64_t add_len; /*!< Total add length */
|
||||
unsigned char base_ectr[16];/*!< First ECTR for tag */
|
||||
unsigned char y[16]; /*!< Y working value */
|
||||
unsigned char buf[16]; /*!< buf working value */
|
||||
int mode; /*!< Encrypt or Decrypt */
|
||||
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
|
||||
uint64_t HL[16]; /*!< Precalculated HTable low. */
|
||||
uint64_t HH[16]; /*!< Precalculated HTable high. */
|
||||
uint64_t len; /*!< The total length of the encrypted data. */
|
||||
uint64_t add_len; /*!< The total length of the additional data. */
|
||||
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
|
||||
unsigned char y[16]; /*!< The Y working value. */
|
||||
unsigned char buf[16]; /*!< The buf working value. */
|
||||
int mode; /*!< The operation to perform:
|
||||
#MBEDTLS_GCM_ENCRYPT or
|
||||
#MBEDTLS_GCM_DECRYPT. */
|
||||
}
|
||||
mbedtls_gcm_context;
|
||||
|
||||
#else /* !MBEDTLS_GCM_ALT */
|
||||
#include "gcm_alt.h"
|
||||
#endif /* !MBEDTLS_GCM_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize GCM context (just makes references valid)
|
||||
* Makes the context ready for mbedtls_gcm_setkey() or
|
||||
* mbedtls_gcm_free().
|
||||
* \brief This function initializes the specified GCM context,
|
||||
* to make references valid, and prepares the context
|
||||
* for mbedtls_gcm_setkey() or mbedtls_gcm_free().
|
||||
*
|
||||
* \param ctx GCM context to initialize
|
||||
* The function does not bind the GCM context to a particular
|
||||
* cipher, nor set the key. For this purpose, use
|
||||
* mbedtls_gcm_setkey().
|
||||
*
|
||||
* \param ctx The GCM context to initialize.
|
||||
*/
|
||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief GCM initialization (encryption)
|
||||
* \brief This function associates a GCM context with a
|
||||
* cipher algorithm and a key.
|
||||
*
|
||||
* \param ctx GCM context to be initialized
|
||||
* \param cipher cipher to use (a 128-bit block cipher)
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
* \param ctx The GCM context to initialize.
|
||||
* \param cipher The 128-bit block cipher to use.
|
||||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. Valid options are:
|
||||
* <ul><li>128 bits</li>
|
||||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
@ -78,26 +106,28 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief GCM buffer encryption/decryption using a block cipher
|
||||
* \brief This function performs GCM encryption or decryption of a buffer.
|
||||
*
|
||||
* \note On encryption, the output buffer can be the same as the input buffer.
|
||||
* On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* behind the input buffer.
|
||||
* \note For encryption, the output buffer can be the same as the
|
||||
* input buffer. For decryption, the output buffer cannot be
|
||||
* the same as input buffer. If the buffers overlap, the output
|
||||
* buffer must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param tag_len length of the tag to generate
|
||||
* \param tag buffer for holding the tag
|
||||
* \param ctx The GCM context to use for encryption or decryption.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
* \param tag_len The length of the tag to generate.
|
||||
* \param tag The buffer for holding the tag.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
@ -112,25 +142,27 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag );
|
||||
|
||||
/**
|
||||
* \brief GCM buffer authenticated decryption using a block cipher
|
||||
* \brief This function performs a GCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* behind the input buffer.
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data
|
||||
* \param add_len length of additional data
|
||||
* \param tag buffer holding the tag
|
||||
* \param tag_len length of the tag
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple
|
||||
* of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
* \param add_len The length of the additional data.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return 0 if successful and authenticated,
|
||||
* MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
|
||||
* \return 0 if successful and authenticated.
|
||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
@ -144,16 +176,20 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM stream start function
|
||||
* \brief This function starts a GCM encryption or decryption
|
||||
* operation.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
|
||||
* \param iv initialization vector
|
||||
* \param iv_len length of IV
|
||||
* \param add additional data (or NULL if length is 0)
|
||||
* \param add_len length of additional data
|
||||
* \param ctx The GCM context.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or NULL
|
||||
* if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0,
|
||||
* \p add is NULL.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
@ -163,21 +199,25 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM update function. Encrypts/decrypts using the
|
||||
* given GCM context. Expects input to be a multiple of 16
|
||||
* bytes! Only the last call before mbedtls_gcm_finish() can be less
|
||||
* than 16 bytes!
|
||||
* \brief This function feeds an input buffer into an ongoing GCM
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* \note On decryption, the output buffer cannot be the same as input buffer.
|
||||
* If buffers overlap, the output buffer must trail at least 8 bytes
|
||||
* behind the input buffer.
|
||||
* ` The function expects input to be a multiple of 16
|
||||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param length length of the input data
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer for holding the output data
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
@ -185,31 +225,36 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Generic GCM finalisation function. Wraps up the GCM stream
|
||||
* and generates the tag. The tag can have a maximum length of
|
||||
* 16 bytes.
|
||||
* \brief This function finishes the GCM operation and generates
|
||||
* the authentication tag.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param tag buffer for holding the tag
|
||||
* \param tag_len length of the tag to generate (must be at least 4)
|
||||
* It wraps up the GCM stream, and generates the
|
||||
* tag. The tag can have a maximum length of 16 Bytes.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
* \param ctx The GCM context.
|
||||
* \param tag The buffer for holding the tag.
|
||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Free a GCM context and underlying cipher sub-context
|
||||
* \brief This function clears a GCM context and the underlying
|
||||
* cipher sub-context.
|
||||
*
|
||||
* \param ctx GCM context to free
|
||||
* \param ctx The GCM context to clear.
|
||||
*/
|
||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The GCM checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_gcm_self_test( int verbose );
|
||||
|
||||
@ -217,4 +262,5 @@ int mbedtls_gcm_self_test( int verbose );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* gcm.h */
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file havege.h
|
||||
*
|
||||
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file hmac_drbg.h
|
||||
*
|
||||
* \brief HMAC_DRBG (NIST SP 800-90A)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,11 +1,12 @@
|
||||
/**
|
||||
/**
|
||||
* \file md.h
|
||||
*
|
||||
* \brief Generic message digest wrapper
|
||||
* \brief This file contains the generic message-digest wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -20,33 +21,49 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_MD_H
|
||||
#define MBEDTLS_MD_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
|
||||
#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Supported message digests.
|
||||
*
|
||||
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
|
||||
* their use constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_MD_NONE=0,
|
||||
MBEDTLS_MD_MD2,
|
||||
MBEDTLS_MD_MD4,
|
||||
MBEDTLS_MD_MD5,
|
||||
MBEDTLS_MD_SHA1,
|
||||
MBEDTLS_MD_SHA224,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_SHA512,
|
||||
MBEDTLS_MD_RIPEMD160,
|
||||
MBEDTLS_MD_NONE=0, /**< None. */
|
||||
MBEDTLS_MD_MD2, /**< The MD2 message digest. */
|
||||
MBEDTLS_MD_MD4, /**< The MD4 message digest. */
|
||||
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
|
||||
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
|
||||
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
|
||||
MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
|
||||
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
|
||||
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
|
||||
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
|
||||
} mbedtls_md_type_t;
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
@ -56,65 +73,79 @@ typedef enum {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Opaque struct defined in md_internal.h
|
||||
* Opaque struct defined in md_internal.h.
|
||||
*/
|
||||
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
|
||||
|
||||
/**
|
||||
* Generic message digest context.
|
||||
* The generic message-digest context.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Information about the associated message digest */
|
||||
/** Information about the associated message digest. */
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
/** Digest-specific context */
|
||||
/** The digest-specific context. */
|
||||
void *md_ctx;
|
||||
|
||||
/** HMAC part of the context */
|
||||
/** The HMAC part of the context. */
|
||||
void *hmac_ctx;
|
||||
} mbedtls_md_context_t;
|
||||
|
||||
/**
|
||||
* \brief Returns the list of digests supported by the generic digest module.
|
||||
* \brief This function returns the list of digests supported by the
|
||||
* generic digest module.
|
||||
*
|
||||
* \return a statically allocated array of digests, the last entry
|
||||
* is 0.
|
||||
* \return A statically allocated array of digests. Each element
|
||||
* in the returned list is an integer belonging to the
|
||||
* message-digest enumeration #mbedtls_md_type_t.
|
||||
* The last entry is 0.
|
||||
*/
|
||||
const int *mbedtls_md_list( void );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest name.
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest name.
|
||||
*
|
||||
* \param md_name Name of the digest to search for.
|
||||
* \param md_name The name of the digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_name or
|
||||
* NULL if not found.
|
||||
* \return The message-digest information associated with \p md_name.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest type.
|
||||
* \brief This function returns the message-digest information
|
||||
* associated with the given digest type.
|
||||
*
|
||||
* \param md_type type of digest to search for.
|
||||
* \param md_type The type of digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_type or
|
||||
* NULL if not found.
|
||||
* \return The message-digest information associated with \p md_type.
|
||||
* \return NULL if the associated message-digest information is not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a md_context (as NONE)
|
||||
* This should always be called first.
|
||||
* Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
|
||||
* \brief This function initializes a message-digest context without
|
||||
* binding it to a particular message-digest algorithm.
|
||||
*
|
||||
* This function should always be called first. It prepares the
|
||||
* context for mbedtls_md_setup() for binding it to a
|
||||
* message-digest algorithm.
|
||||
*/
|
||||
void mbedtls_md_init( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the internal structures of ctx.
|
||||
* Can be called at any time after mbedtls_md_init().
|
||||
* Mandatory once mbedtls_md_setup() has been called.
|
||||
* \brief This function clears the internal structure of \p ctx and
|
||||
* frees any embedded internal structure, but does not free
|
||||
* \p ctx itself.
|
||||
*
|
||||
* If you have called mbedtls_md_setup() on \p ctx, you must
|
||||
* call mbedtls_md_free() when you are no longer using the
|
||||
* context.
|
||||
* Calling this function if you have previously
|
||||
* called mbedtls_md_init() and nothing else is optional.
|
||||
* You must not call this function if you have not called
|
||||
* mbedtls_md_init().
|
||||
*/
|
||||
void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
||||
|
||||
@ -125,220 +156,300 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* It should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md_setup() in 2.0.0
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
* \brief This function selects the message digest algorithm to use,
|
||||
* and allocates internal structures.
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
* \param hmac 0 to save some memory if HMAC will not be used,
|
||||
* non-zero is HMAC is going to be used with this context.
|
||||
* It should be called after mbedtls_md_init() or
|
||||
* mbedtls_md_free(). Makes it necessary to call
|
||||
* mbedtls_md_free() later.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
* \param ctx The context to set up.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
|
||||
* or non-zero: HMAC is used with this context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
/**
|
||||
* \brief Clone the state of an MD context
|
||||
* \brief This function clones the state of an message-digest
|
||||
* context.
|
||||
*
|
||||
* \note The two contexts must have been setup to the same type
|
||||
* (cloning from SHA-256 to SHA-512 make no sense).
|
||||
* \note You must call mbedtls_md_setup() on \c dst before calling
|
||||
* this function.
|
||||
*
|
||||
* \warning Only clones the MD state, not the HMAC state! (for now)
|
||||
* \note The two contexts must have the same type,
|
||||
* for example, both are SHA-256.
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
* \warning This function clones the message-digest state, not the
|
||||
* HMAC state.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
|
||||
* \param dst The destination context.
|
||||
* \param src The context to be cloned.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
||||
/**
|
||||
* \brief Returns the size of the message digest output.
|
||||
* \brief This function extracts the message-digest size from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return size of the message digest output in bytes.
|
||||
* \return The size of the message-digest output in Bytes.
|
||||
*/
|
||||
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the type of the message digest output.
|
||||
* \brief This function extracts the message-digest type from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return type of the message digest output.
|
||||
* \return The type of the message digest.
|
||||
*/
|
||||
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the name of the message digest output.
|
||||
* \brief This function extracts the message-digest name from the
|
||||
* message-digest information structure.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
*
|
||||
* \return name of the message digest output.
|
||||
* \return The name of the message digest.
|
||||
*/
|
||||
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Prepare the context to digest a new message.
|
||||
* Generally called after mbedtls_md_setup() or mbedtls_md_finish().
|
||||
* Followed by mbedtls_md_update().
|
||||
* \brief This function starts a message-digest computation.
|
||||
*
|
||||
* \param ctx generic message digest context.
|
||||
* You must call this function after setting up the context
|
||||
* with mbedtls_md_setup(), and before passing data with
|
||||
* mbedtls_md_update().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest process buffer
|
||||
* Called between mbedtls_md_starts() and mbedtls_md_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* message-digest computation.
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param input buffer holding the datal
|
||||
* \param ilen length of the input data
|
||||
* You must call mbedtls_md_starts() before calling this
|
||||
* function. You may call this function multiple times.
|
||||
* Afterwards, call mbedtls_md_finish().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest final digest
|
||||
* Called after mbedtls_md_update().
|
||||
* Usually followed by mbedtls_md_free() or mbedtls_md_starts().
|
||||
* \brief This function finishes the digest operation,
|
||||
* and writes the result to the output buffer.
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param output Generic message digest checksum result
|
||||
* Call this function after a call to mbedtls_md_starts(),
|
||||
* followed by any number of calls to mbedtls_md_update().
|
||||
* Afterwards, you may either clear the context with
|
||||
* mbedtls_md_free(), or call mbedtls_md_starts() to reuse
|
||||
* the context for another digest operation with the same
|
||||
* algorithm.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The generic message-digest context.
|
||||
* \param output The buffer for the generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Output = message_digest( input buffer )
|
||||
* \brief This function calculates the message-digest of a buffer,
|
||||
* with respect to a configurable message-digest algorithm
|
||||
* in a single call.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic message digest checksum result
|
||||
* The result is calculated as
|
||||
* Output = message_digest(input buffer).
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Output = message_digest( file contents )
|
||||
* \brief This function calculates the message-digest checksum
|
||||
* result of the contents of the provided file.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param path input file name
|
||||
* \param output generic message digest checksum result
|
||||
* The result is calculated as
|
||||
* Output = message_digest(file contents).
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param path The input file name.
|
||||
* \param output The generic message-digest checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
|
||||
* the file pointed by \p path.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
*/
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Set HMAC key and prepare to authenticate a new message.
|
||||
* Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
|
||||
* \brief This function sets the HMAC key and prepares to
|
||||
* authenticate a new message.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
* Call this function after mbedtls_md_setup(), to use
|
||||
* the MD context for an HMAC calculation, then call
|
||||
* mbedtls_md_hmac_update() to provide the input data, and
|
||||
* mbedtls_md_hmac_finish() to get the HMAC value.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC key in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
||||
/**
|
||||
* \brief Generic HMAC process buffer.
|
||||
* Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* and mbedtls_md_hmac_finish().
|
||||
* May be called repeatedly.
|
||||
* \brief This function feeds an input buffer into an ongoing HMAC
|
||||
* computation.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* before calling this function.
|
||||
* You may call this function multiple times to pass the
|
||||
* input piecewise.
|
||||
* Afterwards, call mbedtls_md_hmac_finish().
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output HMAC.
|
||||
* Called after mbedtls_md_hmac_update().
|
||||
* Usually followed by mbedtls_md_hmac_reset(),
|
||||
* mbedtls_md_hmac_starts(), or mbedtls_md_free().
|
||||
* \brief This function finishes the HMAC operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param output Generic HMAC checksum result
|
||||
* Call this function after mbedtls_md_hmac_starts() and
|
||||
* mbedtls_md_hmac_update() to get the HMAC value. Afterwards
|
||||
* you may either call mbedtls_md_free() to clear the context,
|
||||
* or call mbedtls_md_hmac_reset() to reuse the context with
|
||||
* the same HMAC key.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
* \param output The generic HMAC checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_md_hmac_finish() and before
|
||||
* mbedtls_md_hmac_update().
|
||||
* \brief This function prepares to authenticate a new message with
|
||||
* the same key as the previous HMAC operation.
|
||||
*
|
||||
* \param ctx HMAC context to be reset
|
||||
* You may call this function after mbedtls_md_hmac_finish().
|
||||
* Afterwards call mbedtls_md_hmac_update() to pass the new
|
||||
* input.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \param ctx The message digest context containing an embedded HMAC
|
||||
* context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_HMAC( hmac key, input buffer )
|
||||
* \brief This function calculates the full generic HMAC
|
||||
* on the input buffer with the provided key.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic HMAC-result
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* The HMAC result is calculated as
|
||||
* output = generic HMAC(hmac key, input buffer).
|
||||
*
|
||||
* \param md_info The information structure of the message-digest algorithm
|
||||
* to use.
|
||||
* \param key The HMAC secret key.
|
||||
* \param keylen The length of the HMAC secret key in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The generic HMAC result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
|
@ -3,6 +3,11 @@
|
||||
*
|
||||
* \brief MD2 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -19,6 +24,7 @@
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD2_H
|
||||
#define MBEDTLS_MD2_H
|
||||
@ -31,16 +37,23 @@
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD2 context structure
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
@ -51,10 +64,19 @@ typedef struct
|
||||
}
|
||||
mbedtls_md2_context;
|
||||
|
||||
#else /* MBEDTLS_MD2_ALT */
|
||||
#include "md2_alt.h"
|
||||
#endif /* MBEDTLS_MD2_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_init( mbedtls_md2_context *ctx );
|
||||
|
||||
@ -62,6 +84,11 @@ void mbedtls_md2_init( mbedtls_md2_context *ctx );
|
||||
* \brief Clear MD2 context
|
||||
*
|
||||
* \param ctx MD2 context to be cleared
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_free( mbedtls_md2_context *ctx );
|
||||
|
||||
@ -70,6 +97,11 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx );
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
||||
const mbedtls_md2_context *src );
|
||||
@ -78,57 +110,190 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst,
|
||||
* \brief MD2 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_starts( mbedtls_md2_context *ctx );
|
||||
int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD2 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
|
||||
|
||||
#else /* MBEDTLS_MD2_ALT */
|
||||
#include "md2_alt.h"
|
||||
#endif /* MBEDTLS_MD2_ALT */
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD2 context
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md2_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD2( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md2_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD2 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md2_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -3,6 +3,11 @@
|
||||
*
|
||||
* \brief MD4 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message digests
|
||||
* instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -19,6 +24,7 @@
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_MD4_H
|
||||
#define MBEDTLS_MD4_H
|
||||
@ -32,16 +38,23 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD4 context structure
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
@ -51,10 +64,19 @@ typedef struct
|
||||
}
|
||||
mbedtls_md4_context;
|
||||
|
||||
#else /* MBEDTLS_MD4_ALT */
|
||||
#include "md4_alt.h"
|
||||
#endif /* MBEDTLS_MD4_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_init( mbedtls_md4_context *ctx );
|
||||
|
||||
@ -62,6 +84,11 @@ void mbedtls_md4_init( mbedtls_md4_context *ctx );
|
||||
* \brief Clear MD4 context
|
||||
*
|
||||
* \param ctx MD4 context to be cleared
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_free( mbedtls_md4_context *ctx );
|
||||
|
||||
@ -70,6 +97,11 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx );
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
||||
const mbedtls_md4_context *src );
|
||||
@ -78,57 +110,195 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst,
|
||||
* \brief MD4 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*/
|
||||
void mbedtls_md4_starts( mbedtls_md4_context *ctx );
|
||||
int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD4 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
|
||||
|
||||
#else /* MBEDTLS_MD4_ALT */
|
||||
#include "md4_alt.h"
|
||||
#endif /* MBEDTLS_MD4_ALT */
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD4 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md4_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD4( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md4_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD4 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md4_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -3,6 +3,11 @@
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -32,16 +37,23 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
@ -51,10 +63,19 @@ typedef struct
|
||||
}
|
||||
mbedtls_md5_context;
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_init( mbedtls_md5_context *ctx );
|
||||
|
||||
@ -62,6 +83,11 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx );
|
||||
* \brief Clear MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be cleared
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_free( mbedtls_md5_context *ctx );
|
||||
|
||||
@ -70,6 +96,11 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx );
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
||||
const mbedtls_md5_context *src );
|
||||
@ -78,54 +109,193 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst,
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_starts( mbedtls_md5_context *ctx );
|
||||
int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
|
||||
int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
|
||||
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
int mbedtls_md5_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md5_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
int mbedtls_md5_self_test( int verbose );
|
||||
|
||||
|
@ -6,7 +6,8 @@
|
||||
* \warning This in an internal header. Do not include directly.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -58,17 +59,17 @@ struct mbedtls_md_info_t
|
||||
int block_size;
|
||||
|
||||
/** Digest initialisation function */
|
||||
void (*starts_func)( void *ctx );
|
||||
int (*starts_func)( void *ctx );
|
||||
|
||||
/** Digest update function */
|
||||
void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
|
||||
int (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/** Digest finalisation function */
|
||||
void (*finish_func)( void *ctx, unsigned char *output );
|
||||
int (*finish_func)( void *ctx, unsigned char *output );
|
||||
|
||||
/** Generic digest function */
|
||||
void (*digest_func)( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
int (*digest_func)( const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
@ -80,7 +81,7 @@ struct mbedtls_md_info_t
|
||||
void (*clone_func)( void *dst, const void *src );
|
||||
|
||||
/** Internal use only */
|
||||
void (*process_func)( void *ctx, const unsigned char *input );
|
||||
int (*process_func)( void *ctx, const unsigned char *input );
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file memory_buffer_alloc.h
|
||||
*
|
||||
* \brief Buffer-based memory allocator
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -3,6 +3,9 @@
|
||||
*
|
||||
* \brief Deprecated header file that includes mbedtls/net_sockets.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -19,8 +22,6 @@
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file net_sockets.h
|
||||
*
|
||||
* \brief Network communication functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -45,12 +46,17 @@
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
|
||||
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
|
||||
#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */
|
||||
#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
|
||||
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
|
||||
|
||||
#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */
|
||||
#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@ -117,9 +123,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
|
||||
*
|
||||
* \param bind_ctx Relevant socket
|
||||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address
|
||||
* \param client_ip Will contain the client IP address, can be NULL
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written
|
||||
* \param ip_len Will receive the size of the client IP written,
|
||||
* can be NULL if client_ip is null
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
@ -131,6 +138,29 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len );
|
||||
|
||||
/**
|
||||
* \brief Check and wait for the context to be ready for read/write
|
||||
*
|
||||
* \param ctx Socket to check
|
||||
* \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
|
||||
* MBEDTLS_NET_POLL_WRITE specifying the events
|
||||
* to wait for:
|
||||
* - If MBEDTLS_NET_POLL_READ is set, the function
|
||||
* will return as soon as the net context is available
|
||||
* for reading.
|
||||
* - If MBEDTLS_NET_POLL_WRITE is set, the function
|
||||
* will return as soon as the net context is available
|
||||
* for writing.
|
||||
* \param timeout Maximal amount of time to wait before returning,
|
||||
* in milliseconds. If \c timeout is zero, the
|
||||
* function returns immediately. If \c timeout is
|
||||
* -1u, the function blocks potentially indefinitely.
|
||||
*
|
||||
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
|
||||
* on success or timeout, or a negative return code otherwise.
|
||||
*/
|
||||
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Set the socket blocking
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file oid.h
|
||||
*
|
||||
* \brief Object Identifier (OID) database
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -227,6 +228,14 @@
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
*/
|
||||
@ -513,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate hmac algorithm OID into md_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_hmac place to store message hmac algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/**
|
||||
|
@ -3,7 +3,8 @@
|
||||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
|
||||
* processors
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file pem.h
|
||||
*
|
||||
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file pk.h
|
||||
*
|
||||
* \brief Public Key abstraction layer
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -62,7 +63,8 @@
|
||||
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
|
||||
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
|
||||
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
|
||||
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@ -293,8 +295,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than sig_len,
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
@ -350,10 +352,10 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
|
||||
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
|
||||
* used for this type of signatures,
|
||||
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
|
||||
* valid but its actual length is less than sig_len,
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
|
@ -1,8 +1,9 @@
|
||||
/**
|
||||
* \file pk.h
|
||||
* \file pk_internal.h
|
||||
*
|
||||
* \brief Public Key abstraction layer: wrapper functions
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -4,7 +4,8 @@
|
||||
* \brief Wrapper for PKCS#11 library libpkcs11-helper
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file pkcs12.h
|
||||
*
|
||||
* \brief PKCS#12 Personal Information Exchange Syntax
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -4,7 +4,8 @@
|
||||
* \brief PKCS#5 functions
|
||||
*
|
||||
* \author Mathias Olsson <mathias@kompetensum.com>
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,9 +1,19 @@
|
||||
/**
|
||||
* \file platform.h
|
||||
*
|
||||
* \brief mbed TLS Platform abstraction layer
|
||||
* \brief This file contains the definitions and functions of the
|
||||
* Mbed TLS platform abstraction layer.
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* The platform abstraction layer removes the need for the library
|
||||
* to directly link to standard C library functions or operating
|
||||
* system services, making the library easier to port and embed.
|
||||
* Application developers and users of the library can provide their own
|
||||
* implementations of these functions, or implementations specific to
|
||||
* their platform, which can be statically linked to the library or
|
||||
* dynamically configured at runtime.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,7 +28,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_H
|
||||
#define MBEDTLS_PLATFORM_H
|
||||
@ -51,34 +61,34 @@ extern "C" {
|
||||
#include <time.h>
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(_WIN32)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
|
||||
#else
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
@ -101,7 +111,7 @@ extern "C" {
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free
|
||||
* The function pointers for calloc and free.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
@ -115,12 +125,13 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size );
|
||||
extern void (*mbedtls_free)( void *ptr );
|
||||
|
||||
/**
|
||||
* \brief Set your own memory implementation function pointers
|
||||
* \brief This function dynamically sets the memory-management
|
||||
* functions used by the library, during runtime.
|
||||
*
|
||||
* \param calloc_func the calloc function implementation
|
||||
* \param free_func the free function implementation
|
||||
* \param calloc_func The \c calloc function implementation.
|
||||
* \param free_func The \c free function implementation.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
||||
void (*free_func)( void * ) );
|
||||
@ -139,11 +150,13 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
||||
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own fprintf function pointer
|
||||
* \brief This function dynamically configures the fprintf
|
||||
* function that is called when the
|
||||
* mbedtls_fprintf() function is invoked by the library.
|
||||
*
|
||||
* \param fprintf_func the fprintf function implementation
|
||||
* \param fprintf_func The \c fprintf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0.
|
||||
*/
|
||||
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
|
||||
... ) );
|
||||
@ -162,11 +175,13 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char
|
||||
extern int (*mbedtls_printf)( const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own printf function pointer
|
||||
* \brief This function dynamically configures the snprintf
|
||||
* function that is called when the mbedtls_snprintf()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param printf_func the printf function implementation
|
||||
* \param printf_func The \c printf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
|
||||
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
@ -195,11 +210,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
|
||||
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own snprintf function pointer
|
||||
* \brief This function allows configuring a custom
|
||||
* \c snprintf function pointer.
|
||||
*
|
||||
* \param snprintf_func the snprintf function implementation
|
||||
* \param snprintf_func The \c snprintf function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
const char * format, ... ) );
|
||||
@ -207,7 +223,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
|
||||
@ -218,11 +234,13 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
extern void (*mbedtls_exit)( int status );
|
||||
|
||||
/**
|
||||
* \brief Set your own exit function pointer
|
||||
* \brief This function dynamically configures the exit
|
||||
* function that is called when the mbedtls_exit()
|
||||
* function is invoked by the library.
|
||||
*
|
||||
* \param exit_func the exit function implementation
|
||||
* \param exit_func The \c exit function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#else
|
||||
@ -265,12 +283,13 @@ extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
|
||||
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
|
||||
|
||||
/**
|
||||
* \brief Set your own seed file writing/reading functions
|
||||
* \brief This function allows configuring custom seed file writing and
|
||||
* reading functions.
|
||||
*
|
||||
* \param nv_seed_read_func the seed reading function implementation
|
||||
* \param nv_seed_write_func the seed writing function implementation
|
||||
* \param nv_seed_read_func The seed reading function implementation.
|
||||
* \param nv_seed_write_func The seed writing function implementation.
|
||||
*
|
||||
* \return 0
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
@ -291,13 +310,13 @@ int mbedtls_platform_set_nv_seed(
|
||||
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
|
||||
|
||||
/**
|
||||
* \brief Platform context structure
|
||||
* \brief The platform context structure.
|
||||
*
|
||||
* \note This structure may be used to assist platform-specific
|
||||
* setup/teardown operations.
|
||||
* setup or teardown operations.
|
||||
*/
|
||||
typedef struct {
|
||||
char dummy; /**< Placeholder member as empty structs are not portable */
|
||||
char dummy; /**< A placeholder member, as empty structs are not portable. */
|
||||
}
|
||||
mbedtls_platform_context;
|
||||
|
||||
@ -306,33 +325,34 @@ mbedtls_platform_context;
|
||||
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
|
||||
/**
|
||||
* \brief Perform any platform initialisation operations
|
||||
* \brief This function performs any platform-specific initialization
|
||||
* operations.
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
* \note This function should be called before any other library functions.
|
||||
*
|
||||
* \return 0 if successful
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* \note This function is intended to allow platform specific initialisation,
|
||||
* and should be called before any other library functions. Its
|
||||
* implementation is platform specific, and by default, unless platform
|
||||
* specific code is provided, it does nothing.
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* platform.
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
|
||||
/**
|
||||
* \brief Perform any platform teardown operations
|
||||
* \brief This function performs any platform teardown operations.
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
* \note This function should be called after every other Mbed TLS module
|
||||
* has been correctly freed using the appropriate free function.
|
||||
*
|
||||
* \note This function should be called after every other mbed TLS module has
|
||||
* been correctly freed using the appropriate free function.
|
||||
* Its implementation is platform specific, and by default, unless
|
||||
* platform specific code is provided, it does nothing.
|
||||
* Its implementation is platform-specific, and unless
|
||||
* platform-specific code is provided, it does nothing.
|
||||
*
|
||||
* \note The usage and necessity of this function is dependent on the platform.
|
||||
*
|
||||
* \param ctx The platform context.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* platform.
|
||||
*/
|
||||
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file platform_time.h
|
||||
*
|
||||
* \brief mbed TLS Platform time abstraction
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
62
include/mbedtls/platform_util.h
Normal file
62
include/mbedtls/platform_util.h
Normal file
@ -0,0 +1,62 @@
|
||||
/**
|
||||
* \file platform_util.h
|
||||
*
|
||||
* \brief Common and shared functions used by multiple modules in the Mbed TLS
|
||||
* library.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, Arm Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_UTIL_H
|
||||
#define MBEDTLS_PLATFORM_UTIL_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
* The function is meant to wipe the data contained in a buffer so
|
||||
* that it can no longer be recovered even if the program memory
|
||||
* is later compromised. Call this function on sensitive data
|
||||
* stored on the stack before returning from a function, and on
|
||||
* sensitive data stored on the heap before freeing the heap
|
||||
* object.
|
||||
*
|
||||
* It is extremely difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() are not removed by aggressive
|
||||
* compiler optimizations in a portable way. For this reason, Mbed
|
||||
* TLS provides the configuration option
|
||||
* MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
|
||||
* mbedtls_platform_zeroize() to use a suitable implementation for
|
||||
* their platform and needs
|
||||
*
|
||||
* \param buf Buffer to be zeroized
|
||||
* \param len Length of the buffer in bytes
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_zeroize( void *buf, size_t len );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_UTIL_H */
|
@ -2,7 +2,8 @@
|
||||
* \file ripemd160.h
|
||||
*
|
||||
* \brief RIPE MD-160 message digest
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -32,14 +33,16 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 context structure
|
||||
*/
|
||||
@ -51,6 +54,10 @@ typedef struct
|
||||
}
|
||||
mbedtls_ripemd160_context;
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize RIPEMD-160 context
|
||||
*
|
||||
@ -78,51 +85,137 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
|
||||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
|
||||
int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] );
|
||||
int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] );
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief RIPEMD-160 context setup
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
|
||||
mbedtls_ripemd160_context *ctx );
|
||||
|
||||
#else /* MBEDTLS_RIPEMD160_ALT */
|
||||
#include "ripemd160.h"
|
||||
#endif /* MBEDTLS_RIPEMD160_ALT */
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
|
||||
*
|
||||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ripemd160_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Output = RIPEMD-160( input buffer )
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[20] );
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
File diff suppressed because it is too large
Load Diff
226
include/mbedtls/rsa_internal.h
Normal file
226
include/mbedtls/rsa_internal.h
Normal file
@ -0,0 +1,226 @@
|
||||
/**
|
||||
* \file rsa_internal.h
|
||||
*
|
||||
* \brief Context-independent RSA helper functions
|
||||
*
|
||||
* This module declares some RSA-related helper functions useful when
|
||||
* implementing the RSA interface. These functions are provided in a separate
|
||||
* compilation unit in order to make it easy for designers of alternative RSA
|
||||
* implementations to use them in their own code, as it is conceived that the
|
||||
* functionality they provide will be necessary for most complete
|
||||
* implementations.
|
||||
*
|
||||
* End-users of Mbed TLS who are not providing their own alternative RSA
|
||||
* implementations should not use these functions directly, and should instead
|
||||
* use only the functions declared in rsa.h.
|
||||
*
|
||||
* The interface provided by this module will be maintained through LTS (Long
|
||||
* Term Support) branches of Mbed TLS, but may otherwise be subject to change,
|
||||
* and must be considered an internal interface of the library.
|
||||
*
|
||||
* There are two classes of helper functions:
|
||||
*
|
||||
* (1) Parameter-generating helpers. These are:
|
||||
* - mbedtls_rsa_deduce_primes
|
||||
* - mbedtls_rsa_deduce_private_exponent
|
||||
* - mbedtls_rsa_deduce_crt
|
||||
* Each of these functions takes a set of core RSA parameters and
|
||||
* generates some other, or CRT related parameters.
|
||||
*
|
||||
* (2) Parameter-checking helpers. These are:
|
||||
* - mbedtls_rsa_validate_params
|
||||
* - mbedtls_rsa_validate_crt
|
||||
* They take a set of core or CRT related RSA parameters and check their
|
||||
* validity.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_RSA_INTERNAL_H
|
||||
#define MBEDTLS_RSA_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* \brief Compute RSA prime moduli P, Q from public modulus N=PQ
|
||||
* and a pair of private and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ, with P, Q to be found
|
||||
* \param E RSA public exponent
|
||||
* \param D RSA private exponent
|
||||
* \param P Pointer to MPI holding first prime factor of N on success
|
||||
* \param Q Pointer to MPI holding second prime factor of N on success
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, P and Q constitute a
|
||||
* factorization of N.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note It is neither checked that P, Q are prime nor that
|
||||
* D, E are modular inverses wrt. P-1 and Q-1. For that,
|
||||
* use the helper function \c mbedtls_rsa_validate_params.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
|
||||
mbedtls_mpi const *D,
|
||||
mbedtls_mpi *P, mbedtls_mpi *Q );
|
||||
|
||||
/**
|
||||
* \brief Compute RSA private exponent from
|
||||
* prime moduli and public key.
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param E RSA public exponent
|
||||
* \param D Pointer to MPI holding the private exponent on success.
|
||||
*
|
||||
* \return
|
||||
* - 0 if successful. In this case, D is set to a simultaneous
|
||||
* modular inverse of E modulo both P-1 and Q-1.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P and Q are primes.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
|
||||
mbedtls_mpi const *Q,
|
||||
mbedtls_mpi const *E,
|
||||
mbedtls_mpi *D );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Generate RSA-CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param DP Output variable for D modulo P-1
|
||||
* \param DQ Output variable for D modulo Q-1
|
||||
* \param QP Output variable for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return 0 on success, non-zero error code otherwise.
|
||||
*
|
||||
* \note This function does not check whether P, Q are
|
||||
* prime and whether D is a valid private exponent.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, mbedtls_mpi *DP,
|
||||
mbedtls_mpi *DQ, mbedtls_mpi *QP );
|
||||
|
||||
|
||||
/**
|
||||
* \brief Check validity of core RSA parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param N RSA modulus N = PQ
|
||||
* \param P First prime factor of N
|
||||
* \param Q Second prime factor of N
|
||||
* \param D RSA private exponent
|
||||
* \param E RSA public exponent
|
||||
* \param f_rng PRNG to be used for primality check, or NULL
|
||||
* \param p_rng PRNG context for f_rng, or NULL
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied
|
||||
* if all relevant parameters are provided:
|
||||
* - P prime if f_rng != NULL (%)
|
||||
* - Q prime if f_rng != NULL (%)
|
||||
* - 1 < N = P * Q
|
||||
* - 1 < D, E < N
|
||||
* - D and E are modular inverses modulo P-1 and Q-1
|
||||
* (%) This is only done if MBEDTLS_GENPRIME is defined.
|
||||
* - A non-zero error code otherwise.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with
|
||||
* (-,P,-,-,-) and a PRNG amounts to a primality check for P.
|
||||
*/
|
||||
int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *Q, const mbedtls_mpi *D,
|
||||
const mbedtls_mpi *E,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check validity of RSA CRT parameters
|
||||
*
|
||||
* \note This is a 'static' helper function not operating on
|
||||
* an RSA context. Alternative implementations need not
|
||||
* overwrite it.
|
||||
*
|
||||
* \param P First prime factor of RSA modulus
|
||||
* \param Q Second prime factor of RSA modulus
|
||||
* \param D RSA private exponent
|
||||
* \param DP MPI to check for D modulo P-1
|
||||
* \param DQ MPI to check for D modulo P-1
|
||||
* \param QP MPI to check for the modular inverse of Q modulo P.
|
||||
*
|
||||
* \return
|
||||
* - 0 if the following conditions are satisfied:
|
||||
* - D = DP mod P-1 if P, D, DP != NULL
|
||||
* - Q = DQ mod P-1 if P, D, DQ != NULL
|
||||
* - QP = Q^-1 mod P if P, Q, QP != NULL
|
||||
* - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed,
|
||||
* potentially including \c MBEDTLS_ERR_MPI_XXX if some
|
||||
* MPI calculations failed.
|
||||
* - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient
|
||||
* data was provided to check DP, DQ or QP.
|
||||
*
|
||||
* \note The function can be used with a restricted set of arguments
|
||||
* to perform specific checks only. E.g., calling it with the
|
||||
* parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
|
||||
*/
|
||||
int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, const mbedtls_mpi *DP,
|
||||
const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* rsa_internal.h */
|
@ -1,9 +1,17 @@
|
||||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief SHA-1 cryptographic hash function
|
||||
* \brief This file contains SHA-1 definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
|
||||
* <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. We recommend considering stronger message
|
||||
* digests instead.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,7 +26,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA1_H
|
||||
#define MBEDTLS_SHA1_H
|
||||
@ -32,100 +40,280 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
* \brief The SHA-1 context structure.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[5]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[5]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
}
|
||||
mbedtls_sha1_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-1 context
|
||||
*
|
||||
* \param ctx SHA-1 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-1 context
|
||||
*
|
||||
* \param ctx SHA-1 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-1 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA1_ALT */
|
||||
#include "sha1_alt.h"
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
* \brief This function initializes a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief This function clears a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to clear.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-1 context.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param dst The SHA-1 context to clone to.
|
||||
* \param src The SHA-1 context to clone from.
|
||||
*
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-1 checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context to initialize.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing SHA-1
|
||||
* checksum calculation.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-1 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-1 context.
|
||||
* \param data The data block being processed.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*
|
||||
*/
|
||||
int mbedtls_sha1_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function calculates the SHA-1 checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-1 result is calculated as
|
||||
* output = SHA-1(input buffer).
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-1 checksum result.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief The SHA-1 checkup routine.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use
|
||||
* constitutes a security risk. We recommend considering
|
||||
* stronger message digests instead.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_sha1_self_test( int verbose );
|
||||
|
||||
|
@ -1,9 +1,13 @@
|
||||
/**
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief SHA-224 and SHA-256 cryptographic hash function
|
||||
* \brief This file contains SHA-224 and SHA-256 definitions and functions.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,7 +22,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA256_H
|
||||
#define MBEDTLS_SHA256_H
|
||||
@ -32,105 +36,232 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context structure
|
||||
* \brief The SHA-256 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-256 and for SHA-224
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha256_starts_ret().
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
int is224; /*!< 0 => SHA-256, else SHA-224 */
|
||||
uint32_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint32_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[64]; /*!< The data block being processed. */
|
||||
int is224; /*!< Determines which function to use:
|
||||
0: Use SHA-256, or 1: Use SHA-224. */
|
||||
}
|
||||
mbedtls_sha256_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-256 context
|
||||
*
|
||||
* \param ctx SHA-256 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-256 context
|
||||
*
|
||||
* \param ctx SHA-256 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-256 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
*/
|
||||
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 process buffer
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 final digest
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param output SHA-224/256 checksum result
|
||||
*/
|
||||
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA256_ALT */
|
||||
#include "sha256_alt.h"
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
/**
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to clear.
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-256 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-224 or SHA-256
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-256( input buffer )
|
||||
* \brief This function calculates the SHA-224 or SHA-256 checksum
|
||||
* of a buffer.
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-224/256 checksum result
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
*/
|
||||
void mbedtls_sha256( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[32], int is224 );
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The SHA-224 and SHA-256 checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
|
||||
|
@ -1,9 +1,12 @@
|
||||
/**
|
||||
* \file sha512.h
|
||||
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
|
||||
*
|
||||
* \brief SHA-384 and SHA-512 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
|
||||
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
@ -18,7 +21,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA512_H
|
||||
#define MBEDTLS_SHA512_H
|
||||
@ -32,108 +35,234 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context structure
|
||||
* \brief The SHA-512 context structure.
|
||||
*
|
||||
* The structure is used both for SHA-384 and for SHA-512
|
||||
* checksum calculations. The choice between these two is
|
||||
* made in the call to mbedtls_sha512_starts_ret().
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint64_t total[2]; /*!< number of bytes processed */
|
||||
uint64_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[128]; /*!< data block being processed */
|
||||
int is384; /*!< 0 => SHA-512, else SHA-384 */
|
||||
uint64_t total[2]; /*!< The number of Bytes processed. */
|
||||
uint64_t state[8]; /*!< The intermediate digest state. */
|
||||
unsigned char buffer[128]; /*!< The data block being processed. */
|
||||
int is384; /*!< Determines which function to use:
|
||||
0: Use SHA-512, or 1: Use SHA-384. */
|
||||
}
|
||||
mbedtls_sha512_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-512 context
|
||||
*
|
||||
* \param ctx SHA-512 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-512 context
|
||||
*
|
||||
* \param ctx SHA-512 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-512 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*/
|
||||
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 process buffer
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 final digest
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param output SHA-384/512 checksum result
|
||||
*/
|
||||
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA512_ALT */
|
||||
#include "sha512_alt.h"
|
||||
#endif /* MBEDTLS_SHA512_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-512( input buffer )
|
||||
* \brief This function initializes a SHA-512 context.
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
*/
|
||||
void mbedtls_sha512( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 );
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief This function clears a SHA-512 context.
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
* \param ctx The SHA-512 context to clear.
|
||||
*/
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-512 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
*/
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src );
|
||||
|
||||
/**
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function starts a SHA-384 or SHA-512 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
|
||||
*
|
||||
* \param ctx The SHA-512 context to initialize.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-512 checksum calculation.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
* the ongoing SHA-512 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_sha512_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function calculates the SHA-512 or SHA-384
|
||||
* checksum of a buffer.
|
||||
*
|
||||
* The function allocates the context, performs the
|
||||
* calculation, and frees the context.
|
||||
*
|
||||
* The SHA-512 result is calculated as
|
||||
* output = SHA-512(input buffer).
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
* \param is384 Determines which function to use:
|
||||
* 0: Use SHA-512, or 1: Use SHA-384.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
/**
|
||||
* \brief The SHA-384 or SHA-512 checkup routine.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_sha512_self_test( int verbose );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ssl.h
|
||||
*
|
||||
* \brief SSL/TLS functions.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -48,6 +49,15 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
|
||||
#endif
|
||||
|
||||
#include "zlib.h"
|
||||
#endif
|
||||
|
||||
@ -102,13 +112,14 @@
|
||||
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
|
||||
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
|
||||
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
|
||||
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */
|
||||
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */
|
||||
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
|
||||
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
|
||||
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
|
||||
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
|
||||
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
|
||||
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
||||
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
@ -672,10 +683,18 @@ struct mbedtls_ssl_config
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char *psk; /*!< pre-shared key */
|
||||
size_t psk_len; /*!< length of the pre-shared key */
|
||||
unsigned char *psk_identity; /*!< identity for PSK negotiation */
|
||||
size_t psk_identity_len;/*!< length of identity */
|
||||
unsigned char *psk; /*!< pre-shared key. This field should
|
||||
only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
size_t psk_len; /*!< length of the pre-shared key. This
|
||||
field should only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
unsigned char *psk_identity; /*!< identity for PSK negotiation. This
|
||||
field should only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
size_t psk_identity_len;/*!< length of identity. This field should
|
||||
only be set via
|
||||
mbedtls_ssl_conf_psk() */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
@ -927,14 +946,6 @@ extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
|
||||
extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
/**
|
||||
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
|
||||
*
|
||||
* \return a statically allocated array of ciphersuites, the last
|
||||
* entry is 0.
|
||||
*/
|
||||
const int *mbedtls_ssl_list_ciphersuites( void );
|
||||
|
||||
/**
|
||||
* \brief Return the name of the ciphersuite associated with the
|
||||
* given ID
|
||||
@ -970,8 +981,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
|
||||
* \note No copy of the configuration context is made, it can be
|
||||
* shared by many mbedtls_ssl_context structures.
|
||||
*
|
||||
* \warning Modifying the conf structure after it has been used in this
|
||||
* function is unsupported!
|
||||
* \warning The conf structure will be accessed during the session.
|
||||
* It must not be modified or freed as long as the session
|
||||
* is active.
|
||||
*
|
||||
* \warning This function must be called exactly once per context.
|
||||
* Calling mbedtls_ssl_setup again is not supported, even
|
||||
* if no session is active.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration to use
|
||||
@ -1586,7 +1602,7 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
|
||||
/**
|
||||
* \brief Set the data required to verify peer certificate
|
||||
*
|
||||
* \note See \c mbedtls_x509_verify() for notes regarding the
|
||||
* \note See \c mbedtls_x509_crt_verify() for notes regarding the
|
||||
* parameters ca_chain (maps to trust_ca for that function)
|
||||
* and ca_crl.
|
||||
*
|
||||
@ -1703,18 +1719,50 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values,
|
||||
* read as hexadecimal strings (server-side only)
|
||||
* (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
|
||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_P Diffie-Hellman-Merkle modulus
|
||||
* \param dhm_G Diffie-Hellman-Merkle generator
|
||||
*
|
||||
* \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin.
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
|
||||
MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
|
||||
const char *dhm_P,
|
||||
const char *dhm_G );
|
||||
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values
|
||||
* from big-endian binary presentations.
|
||||
* (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form
|
||||
* \param P_len Length of DHM modulus
|
||||
* \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form
|
||||
* \param G_len Length of DHM generator
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
|
||||
const unsigned char *dhm_P, size_t P_len,
|
||||
const unsigned char *dhm_G, size_t G_len );
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values,
|
||||
@ -1798,15 +1846,22 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set the hostname to check against the received server
|
||||
* certificate. It sets the ServerName TLS extension too,
|
||||
* if the extension is enabled.
|
||||
* (client-side only)
|
||||
* \brief Set or reset the hostname to check against the received
|
||||
* server certificate. It sets the ServerName TLS extension,
|
||||
* too, if that extension is enabled. (client-side only)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param hostname the server hostname
|
||||
* \param hostname the server hostname, may be NULL to clear hostname
|
||||
|
||||
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
|
||||
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
|
||||
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
|
||||
* too long input hostname.
|
||||
*
|
||||
* Hostname set to the one provided on success (cleared
|
||||
* when NULL). On allocation failure hostname is cleared.
|
||||
* On too long input failure, old hostname is unchanged.
|
||||
*/
|
||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
@ -2239,11 +2294,59 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
/**
|
||||
* \brief Return the number of data bytes available to read
|
||||
* \brief Check if there is data already read from the
|
||||
* underlying transport but not yet processed.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return how many bytes are available in the read buffer
|
||||
* \return 0 if nothing's pending, 1 otherwise.
|
||||
*
|
||||
* \note This is different in purpose and behaviour from
|
||||
* \c mbedtls_ssl_get_bytes_avail in that it considers
|
||||
* any kind of unprocessed data, not only unread
|
||||
* application data. If \c mbedtls_ssl_get_bytes
|
||||
* returns a non-zero value, this function will
|
||||
* also signal pending data, but the converse does
|
||||
* not hold. For example, in DTLS there might be
|
||||
* further records waiting to be processed from
|
||||
* the current underlying transport's datagram.
|
||||
*
|
||||
* \note If this function returns 1 (data pending), this
|
||||
* does not imply that a subsequent call to
|
||||
* \c mbedtls_ssl_read will provide any data;
|
||||
* e.g., the unprocessed data might turn out
|
||||
* to be an alert or a handshake message.
|
||||
*
|
||||
* \note This function is useful in the following situation:
|
||||
* If the SSL/TLS module successfully returns from an
|
||||
* operation - e.g. a handshake or an application record
|
||||
* read - and you're awaiting incoming data next, you
|
||||
* must not immediately idle on the underlying transport
|
||||
* to have data ready, but you need to check the value
|
||||
* of this function first. The reason is that the desired
|
||||
* data might already be read but not yet processed.
|
||||
* If, in contrast, a previous call to the SSL/TLS module
|
||||
* returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
|
||||
* to call this function, as the latter error code entails
|
||||
* that all internal data has been processed.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the number of application data bytes
|
||||
* remaining to be read from the current record.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return How many bytes are available in the application
|
||||
* data record read buffer.
|
||||
*
|
||||
* \note When working over a datagram transport, this is
|
||||
* useful to detect the current datagram's boundary
|
||||
* in case \c mbedtls_ssl_read has written the maximal
|
||||
* amount of data fitting into the input buffer.
|
||||
*
|
||||
*/
|
||||
size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
|
||||
|
||||
@ -2358,11 +2461,25 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
|
||||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
|
||||
* a specific SSL error code.
|
||||
*
|
||||
* If this function returns MBEDTLS_ERR_SSL_WANT_READ, the
|
||||
* handshake is unfinished and no further data is available
|
||||
* from the underlying transport. In this case, you must call
|
||||
* the function again at some later stage.
|
||||
*
|
||||
* \note Remarks regarding event-driven DTLS:
|
||||
* If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
|
||||
* from the underlying transport layer is currently being processed,
|
||||
* and it is safe to idle until the timer or the underlying transport
|
||||
* signal a new event. This is not true for a successful handshake,
|
||||
* in which case the datagram of the underlying transport that is
|
||||
* currently being processed might or might not contain further
|
||||
* DTLS records.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note If DTLS is in use, then you may choose to handle
|
||||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
|
||||
@ -2379,10 +2496,10 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
|
||||
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
@ -2406,10 +2523,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
|
||||
* value.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
@ -2421,20 +2538,20 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||
* \param buf buffer that will hold the data
|
||||
* \param len maximum number of bytes to read
|
||||
*
|
||||
* \return the number of bytes read, or
|
||||
* 0 for EOF, or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
|
||||
* another negative error code.
|
||||
* \return One of the following:
|
||||
* - 0 if the read end of the underlying transport was closed,
|
||||
* - the (positive) number of bytes read, or
|
||||
* - a negative error code on failure.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data
|
||||
* is available from the underlying transport. In this case,
|
||||
* the function needs to be called again at some later stage.
|
||||
*
|
||||
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending
|
||||
* but the underlying transport isn't available for writing. In this
|
||||
* case, the function needs to be called again at some later stage.
|
||||
*
|
||||
* When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* (which can only happen server-side), it means that a client
|
||||
* is initiating a new connection using the same source port.
|
||||
* You can either treat that as a connection close and wait
|
||||
@ -2447,6 +2564,28 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||
* again. WARNING: not validating the identity of the client
|
||||
* again, or not transmitting the new identity to the
|
||||
* application layer, would allow authentication bypass!
|
||||
*
|
||||
* \note If this function returns something other than a positive value
|
||||
* or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
|
||||
* you must stop using the SSL context for reading or writing,
|
||||
* and either free it or call \c mbedtls_ssl_session_reset() on it
|
||||
* before re-using it for a new connection; the current connection
|
||||
* must be closed.
|
||||
*
|
||||
* \note Remarks regarding event-driven DTLS:
|
||||
* - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
|
||||
* from the underlying transport layer is currently being processed,
|
||||
* and it is safe to idle until the timer or the underlying transport
|
||||
* signal a new event.
|
||||
* - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
|
||||
* initially available on the underlying transport, as this data may have
|
||||
* been only e.g. duplicated messages or a renegotiation request.
|
||||
* Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
|
||||
* when reacting to an incoming-data event from the underlying transport.
|
||||
* - On success, the datagram of the underlying transport that is currently
|
||||
* being processed may contain further DTLS records. You should call
|
||||
* \c mbedtls_ssl_check_pending to check for remaining records.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
|
||||
|
||||
@ -2467,15 +2606,17 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
|
||||
* or another negative error code.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* \note If this function returns something other than a positive value
|
||||
* or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||
* it must be called later with the *same* arguments,
|
||||
* until it returns a positive value.
|
||||
* until it returns a positive value. When the function returns
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
|
||||
* data in the output buffer, however this is not yet sent.
|
||||
*
|
||||
* \note If the requested length is greater than the maximum
|
||||
* fragment length (either the built-in limit or the one set
|
||||
@ -2498,10 +2639,10 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
||||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||
unsigned char level,
|
||||
@ -2514,10 +2655,10 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
|
||||
* the SSL context for reading or writing, and either free it or
|
||||
* call \c mbedtls_ssl_session_reset() on it before re-using it
|
||||
* for a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ssl_cache.h
|
||||
*
|
||||
* \brief SSL session cache implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ssl_ciphersuites.h
|
||||
*
|
||||
* \brief SSL Ciphersuites for mbed TLS
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -168,6 +169,45 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
||||
@ -266,7 +306,7 @@ typedef enum {
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
|
||||
#endif
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ssl_cookie.h
|
||||
*
|
||||
* \brief DTLS cookie callbacks implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -1,8 +1,9 @@
|
||||
/**
|
||||
* \file ssl_ticket.h
|
||||
* \file ssl_internal.h
|
||||
*
|
||||
* \brief Internal functions shared by the SSL modules
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -24,6 +25,7 @@
|
||||
#define MBEDTLS_SSL_INTERNAL_H
|
||||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "md5.h"
|
||||
@ -69,6 +71,9 @@
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
/* Determine maximum supported version */
|
||||
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
@ -146,13 +151,33 @@
|
||||
#define MBEDTLS_SSL_PADDING_ADD 0
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
|
||||
+ MBEDTLS_SSL_COMPRESSION_ADD \
|
||||
+ 29 /* counter + header + IV */ \
|
||||
+ MBEDTLS_SSL_MAC_ADD \
|
||||
+ MBEDTLS_SSL_PADDING_ADD \
|
||||
#define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
|
||||
+ MBEDTLS_SSL_COMPRESSION_ADD \
|
||||
+ MBEDTLS_MAX_IV_LENGTH \
|
||||
+ MBEDTLS_SSL_MAC_ADD \
|
||||
+ MBEDTLS_SSL_PADDING_ADD \
|
||||
)
|
||||
|
||||
/*
|
||||
* Check that we obey the standard's message size bounds
|
||||
*/
|
||||
|
||||
#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
|
||||
#error Bad configuration - record content too large.
|
||||
#endif
|
||||
|
||||
#if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048
|
||||
#error Bad configuration - protected record payload too large.
|
||||
#endif
|
||||
|
||||
/* Note: Even though the TLS record header is only 5 bytes
|
||||
long, we're internally using 8 bytes to store the
|
||||
implicit sequence number. */
|
||||
#define MBEDTLS_SSL_HEADER_LEN 13
|
||||
|
||||
#define MBEDTLS_SSL_BUFFER_LEN \
|
||||
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
|
||||
|
||||
/*
|
||||
* TLS extension flags (for extensions with outgoing ServerHello content
|
||||
* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
|
||||
@ -620,9 +645,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
||||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
const unsigned char *A = (const unsigned char *) a;
|
||||
const unsigned char *B = (const unsigned char *) b;
|
||||
unsigned char diff = 0;
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
diff |= A[i] ^ B[i];
|
||||
@ -630,6 +655,23 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t
|
||||
return( diff );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len );
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file ssl_ticket.h
|
||||
*
|
||||
* \brief TLS server ticket callbacks implementation
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file threading.h
|
||||
*
|
||||
* \brief Threading abstraction layer
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -95,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
|
||||
/*
|
||||
* Global mutexes
|
||||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
|
||||
#endif
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -1,8 +1,9 @@
|
||||
/**
|
||||
* \file timing.h
|
||||
*
|
||||
* \brief Portable interface to the CPU cycle counter
|
||||
*
|
||||
* \brief Portable interface to timeouts and to the CPU cycle counter
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -29,16 +30,16 @@
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief timer structure
|
||||
*/
|
||||
@ -57,6 +58,10 @@ typedef struct
|
||||
uint32_t fin_ms;
|
||||
} mbedtls_timing_delay_context;
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
extern volatile int mbedtls_timing_alarmed;
|
||||
|
||||
/**
|
||||
@ -65,6 +70,9 @@ extern volatile int mbedtls_timing_alarmed;
|
||||
* \warning This is only a best effort! Do not rely on this!
|
||||
* In particular, it is known to be unreliable on virtual
|
||||
* machines.
|
||||
*
|
||||
* \note This value starts at an unspecified origin and
|
||||
* may wrap around.
|
||||
*/
|
||||
unsigned long mbedtls_timing_hardclock( void );
|
||||
|
||||
@ -72,7 +80,18 @@ unsigned long mbedtls_timing_hardclock( void );
|
||||
* \brief Return the elapsed time in milliseconds
|
||||
*
|
||||
* \param val points to a timer structure
|
||||
* \param reset if set to 1, the timer is restarted
|
||||
* \param reset If 0, query the elapsed time. Otherwise (re)start the timer.
|
||||
*
|
||||
* \return Elapsed time since the previous reset in ms. When
|
||||
* restarting, this is always 0.
|
||||
*
|
||||
* \note To initialize a timer, call this function with reset=1.
|
||||
*
|
||||
* Determining the elapsed time and resetting the timer is not
|
||||
* atomic on all platforms, so after the sequence
|
||||
* `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
|
||||
* get_timer(0) }` the value time1+time2 is only approximately
|
||||
* the delay since the first reset.
|
||||
*/
|
||||
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
|
||||
|
||||
@ -80,6 +99,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int
|
||||
* \brief Setup an alarm clock
|
||||
*
|
||||
* \param seconds delay before the "mbedtls_timing_alarmed" flag is set
|
||||
* (must be >=0)
|
||||
*
|
||||
* \warning Only one alarm at a time is supported. In a threaded
|
||||
* context, this means one for the whole process, not one per
|
||||
@ -91,11 +111,15 @@ void mbedtls_set_alarm( int seconds );
|
||||
* \brief Set a pair of delays to watch
|
||||
* (See \c mbedtls_timing_get_delay().)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* \param data Pointer to timing data.
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
* \param int_ms First (intermediate) delay in milliseconds.
|
||||
* The effect if int_ms > fin_ms is unspecified.
|
||||
* \param fin_ms Second (final) delay in milliseconds.
|
||||
* Pass 0 to cancel the current delay.
|
||||
*
|
||||
* \note To set a single delay, either use \c mbedtls_timing_set_timer
|
||||
* directly or use this function with int_ms == fin_ms.
|
||||
*/
|
||||
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
||||
|
||||
@ -106,25 +130,13 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
*
|
||||
* \return -1 if cancelled (fin_ms = 0)
|
||||
* \return -1 if cancelled (fin_ms = 0),
|
||||
* 0 if none of the delays are passed,
|
||||
* 1 if only the intermediate delay is passed,
|
||||
* 2 if the final delay is passed.
|
||||
*/
|
||||
int mbedtls_timing_get_delay( void *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file version.h
|
||||
*
|
||||
* \brief Run-time version information
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -38,17 +39,17 @@
|
||||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 5
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
#define MBEDTLS_VERSION_MINOR 10
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02050100
|
||||
#define MBEDTLS_VERSION_STRING "2.5.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x020A0000
|
||||
#define MBEDTLS_VERSION_STRING "2.10.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.10.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file x509.h
|
||||
*
|
||||
* \brief X.509 generic defines and structures
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -247,12 +248,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
|
||||
* \note Intended usage is "if( is_past( valid_to ) ) ERROR".
|
||||
* Hence the return value of 1 if on internal errors.
|
||||
*
|
||||
* \param time mbedtls_x509_time to check
|
||||
* \param to mbedtls_x509_time to check
|
||||
*
|
||||
* \return 1 if the given time is in the past or an error occured,
|
||||
* 0 otherwise.
|
||||
*/
|
||||
int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
|
||||
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
|
||||
|
||||
/**
|
||||
* \brief Check a given mbedtls_x509_time against the system time
|
||||
@ -261,12 +262,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
|
||||
* \note Intended usage is "if( is_future( valid_from ) ) ERROR".
|
||||
* Hence the return value of 1 if on internal errors.
|
||||
*
|
||||
* \param time mbedtls_x509_time to check
|
||||
* \param from mbedtls_x509_time to check
|
||||
*
|
||||
* \return 1 if the given time is in the future or an error occured,
|
||||
* 0 otherwise.
|
||||
*/
|
||||
int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
|
||||
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
@ -295,7 +296,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50
|
||||
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
|
||||
void **sig_opts );
|
||||
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
||||
mbedtls_x509_time *time );
|
||||
mbedtls_x509_time *t );
|
||||
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
|
||||
mbedtls_x509_buf *serial );
|
||||
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file x509_crl.h
|
||||
*
|
||||
* \brief X.509 certificate revocation list parsing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file x509_crt.h
|
||||
*
|
||||
* \brief X.509 certificate parsing and writing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -343,7 +344,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
||||
* used to sign the certificate, CRL verification is skipped
|
||||
* silently, that is *without* setting any flag.
|
||||
*
|
||||
* \note The \c trust_ca list can contain two type of certificates:
|
||||
* \note The \c trust_ca list can contain two types of certificates:
|
||||
* (1) those of trusted root CAs, so that certificates
|
||||
* chaining up to those CAs will be trusted, and (2)
|
||||
* self-signed end-entity certificates to be trusted (for
|
||||
@ -468,21 +469,22 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
|
||||
|
||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
/**
|
||||
* \brief Check usage of certificate against extentedJeyUsage.
|
||||
* \brief Check usage of certificate against extendedKeyUsage.
|
||||
*
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
|
||||
* MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
|
||||
*
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
*
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
*/
|
||||
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
/**
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file x509_csr.h
|
||||
*
|
||||
* \brief X.509 certificate signing request parsing and writing
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -2,7 +2,8 @@
|
||||
* \file xtea.h
|
||||
*
|
||||
* \brief XTEA block cipher (32-bit)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
@ -36,15 +37,16 @@
|
||||
#define MBEDTLS_XTEA_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_XTEA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief XTEA context structure
|
||||
*/
|
||||
@ -54,6 +56,10 @@ typedef struct
|
||||
}
|
||||
mbedtls_xtea_context;
|
||||
|
||||
#else /* MBEDTLS_XTEA_ALT */
|
||||
#include "xtea_alt.h"
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
||||
/**
|
||||
* \brief Initialize XTEA context
|
||||
*
|
||||
@ -113,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
|
||||
unsigned char *output);
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_XTEA_ALT */
|
||||
#include "xtea_alt.h"
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
@ -6,6 +6,7 @@ set(src_crypto
|
||||
aes.c
|
||||
aesni.c
|
||||
arc4.c
|
||||
aria.c
|
||||
asn1parse.c
|
||||
asn1write.c
|
||||
base64.c
|
||||
@ -46,8 +47,10 @@ set(src_crypto
|
||||
pkparse.c
|
||||
pkwrite.c
|
||||
platform.c
|
||||
platform_util.c
|
||||
ripemd160.c
|
||||
rsa.c
|
||||
rsa_internal.c
|
||||
sha1.c
|
||||
sha256.c
|
||||
sha512.c
|
||||
@ -140,15 +143,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
||||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.10.0 SOVERSION 2)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.10.0 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.10.0 SOVERSION 10)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
@ -33,11 +33,14 @@ endif
|
||||
|
||||
SOEXT_TLS=so.10
|
||||
SOEXT_X509=so.0
|
||||
SOEXT_CRYPTO=so.0
|
||||
SOEXT_CRYPTO=so.2
|
||||
|
||||
DLEXT=so
|
||||
# OSX shared library extension:
|
||||
# DLEXT=dylib
|
||||
# Set DLEXT=dylib to compile as a shared library for Mac OS X
|
||||
DLEXT ?= so
|
||||
|
||||
# Set AR_DASH= (empty string) to use an ar implentation that does not accept
|
||||
# the - prefix for command line options (e.g. llvm-ar)
|
||||
AR_DASH ?= -
|
||||
|
||||
# Windows shared library extension:
|
||||
ifdef WINDOWS_BUILD
|
||||
@ -47,6 +50,7 @@ endif
|
||||
OBJS_CRYPTO= aes.o aesni.o arc4.o \
|
||||
asn1parse.o asn1write.o base64.o \
|
||||
bignum.o blowfish.o camellia.o \
|
||||
aria.o \
|
||||
ccm.o cipher.o cipher_wrap.o \
|
||||
cmac.o ctr_drbg.o des.o \
|
||||
dhm.o ecdh.o ecdsa.o \
|
||||
@ -59,10 +63,11 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
|
||||
padlock.o pem.o pk.o \
|
||||
pk_wrap.o pkcs12.o pkcs5.o \
|
||||
pkparse.o pkwrite.o platform.o \
|
||||
ripemd160.o rsa.o sha1.o \
|
||||
sha256.o sha512.o threading.o \
|
||||
timing.o version.o \
|
||||
version_features.o xtea.o
|
||||
platform_util.o ripemd160.o rsa_internal.o \
|
||||
rsa.o sha1.o sha256.o \
|
||||
sha512.o threading.o timing.o \
|
||||
version.o version_features.o \
|
||||
xtea.o
|
||||
|
||||
OBJS_X509= certs.o pkcs11.o x509.o \
|
||||
x509_create.o x509_crl.o x509_crt.o \
|
||||
@ -91,9 +96,9 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
|
||||
# tls
|
||||
libmbedtls.a: $(OBJS_TLS)
|
||||
echo " AR $@"
|
||||
$(AR) -rc $@ $(OBJS_TLS)
|
||||
$(AR) $(AR_DASH)rc $@ $(OBJS_TLS)
|
||||
echo " RL $@"
|
||||
$(AR) -s $@
|
||||
$(AR) $(AR_DASH)s $@
|
||||
|
||||
libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
|
||||
echo " LD $@"
|
||||
@ -103,9 +108,9 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS)
|
||||
echo " LN $@ -> $<"
|
||||
ln -sf $< $@
|
||||
|
||||
libmbedtls.dylib: $(OBJS_TLS)
|
||||
libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
|
||||
echo " LD $@"
|
||||
$(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
|
||||
$(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
|
||||
|
||||
libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
|
||||
echo " LD $@"
|
||||
@ -114,9 +119,9 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
|
||||
# x509
|
||||
libmbedx509.a: $(OBJS_X509)
|
||||
echo " AR $@"
|
||||
$(AR) -rc $@ $(OBJS_X509)
|
||||
$(AR) $(AR_DASH)rc $@ $(OBJS_X509)
|
||||
echo " RL $@"
|
||||
$(AR) -s $@
|
||||
$(AR) $(AR_DASH)s $@
|
||||
|
||||
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
|
||||
echo " LD $@"
|
||||
@ -126,9 +131,9 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509)
|
||||
echo " LN $@ -> $<"
|
||||
ln -sf $< $@
|
||||
|
||||
libmbedx509.dylib: $(OBJS_X509)
|
||||
libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
|
||||
echo " LD $@"
|
||||
$(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
|
||||
$(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
|
||||
|
||||
libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
|
||||
echo " LD $@"
|
||||
@ -137,9 +142,9 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
|
||||
# crypto
|
||||
libmbedcrypto.a: $(OBJS_CRYPTO)
|
||||
echo " AR $@"
|
||||
$(AR) -rc $@ $(OBJS_CRYPTO)
|
||||
$(AR) $(AR_DASH)rc $@ $(OBJS_CRYPTO)
|
||||
echo " RL $@"
|
||||
$(AR) -s $@
|
||||
$(AR) $(AR_DASH)s $@
|
||||
|
||||
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
|
||||
echo " LD $@"
|
||||
|
389
library/aes.c
389
library/aes.c
@ -36,6 +36,7 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
#include "mbedtls/padlock.h"
|
||||
#endif
|
||||
@ -54,11 +55,6 @@
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
@ -201,6 +197,8 @@ static const unsigned char FSb[256] =
|
||||
static const uint32_t FT0[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a,b,c,d) 0x##b##c##d##a
|
||||
static const uint32_t FT1[256] = { FT };
|
||||
#undef V
|
||||
@ -213,6 +211,8 @@ static const uint32_t FT2[256] = { FT };
|
||||
static const uint32_t FT3[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#undef FT
|
||||
|
||||
/*
|
||||
@ -328,6 +328,8 @@ static const unsigned char RSb[256] =
|
||||
static const uint32_t RT0[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a,b,c,d) 0x##b##c##d##a
|
||||
static const uint32_t RT1[256] = { RT };
|
||||
#undef V
|
||||
@ -340,6 +342,8 @@ static const uint32_t RT2[256] = { RT };
|
||||
static const uint32_t RT3[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#undef RT
|
||||
|
||||
/*
|
||||
@ -359,18 +363,22 @@ static const uint32_t RCON[10] =
|
||||
*/
|
||||
static unsigned char FSb[256];
|
||||
static uint32_t FT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t FT1[256];
|
||||
static uint32_t FT2[256];
|
||||
static uint32_t FT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
/*
|
||||
* Reverse S-box & tables
|
||||
*/
|
||||
static unsigned char RSb[256];
|
||||
static uint32_t RT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t RT1[256];
|
||||
static uint32_t RT2[256];
|
||||
static uint32_t RT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
/*
|
||||
* Round constants
|
||||
@ -445,9 +453,11 @@ static void aes_gen_tables( void )
|
||||
( (uint32_t) x << 16 ) ^
|
||||
( (uint32_t) z << 24 );
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
FT1[i] = ROTL8( FT0[i] );
|
||||
FT2[i] = ROTL8( FT1[i] );
|
||||
FT3[i] = ROTL8( FT2[i] );
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
x = RSb[i];
|
||||
|
||||
@ -456,14 +466,48 @@ static void aes_gen_tables( void )
|
||||
( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
|
||||
( (uint32_t) MUL( 0x0B, x ) << 24 );
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
RT1[i] = ROTL8( RT0[i] );
|
||||
RT2[i] = ROTL8( RT1[i] );
|
||||
RT3[i] = ROTL8( RT2[i] );
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
}
|
||||
}
|
||||
|
||||
#undef ROTL8
|
||||
|
||||
#endif /* MBEDTLS_AES_ROM_TABLES */
|
||||
|
||||
#if defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
|
||||
#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
|
||||
#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
|
||||
|
||||
#define AES_RT0(idx) RT0[idx]
|
||||
#define AES_RT1(idx) ROTL8( RT0[idx] )
|
||||
#define AES_RT2(idx) ROTL16( RT0[idx] )
|
||||
#define AES_RT3(idx) ROTL24( RT0[idx] )
|
||||
|
||||
#define AES_FT0(idx) FT0[idx]
|
||||
#define AES_FT1(idx) ROTL8( FT0[idx] )
|
||||
#define AES_FT2(idx) ROTL16( FT0[idx] )
|
||||
#define AES_FT3(idx) ROTL24( FT0[idx] )
|
||||
|
||||
#else /* MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#define AES_RT0(idx) RT0[idx]
|
||||
#define AES_RT1(idx) RT1[idx]
|
||||
#define AES_RT2(idx) RT2[idx]
|
||||
#define AES_RT3(idx) RT3[idx]
|
||||
|
||||
#define AES_FT0(idx) FT0[idx]
|
||||
#define AES_FT1(idx) FT1[idx]
|
||||
#define AES_FT2(idx) FT2[idx]
|
||||
#define AES_FT3(idx) FT3[idx]
|
||||
|
||||
#endif /* MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
||||
@ -474,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -641,10 +685,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
{
|
||||
for( j = 0; j < 4; j++, SK++ )
|
||||
{
|
||||
*RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
|
||||
RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
|
||||
RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
|
||||
RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
|
||||
*RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
|
||||
AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
|
||||
AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
|
||||
AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
|
||||
}
|
||||
}
|
||||
|
||||
@ -660,50 +704,50 @@ exit:
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
|
||||
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y3 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y0 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y1 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
|
||||
FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
|
||||
FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
|
||||
FT3[ ( Y2 >> 24 ) & 0xFF ]; \
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y1 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y2 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y3 >> 24 ) & 0xFF ]; \
|
||||
\
|
||||
X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
|
||||
RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
|
||||
RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
|
||||
RT3[ ( Y0 >> 24 ) & 0xFF ]; \
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
|
||||
/*
|
||||
@ -765,12 +809,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_encrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block decryption
|
||||
@ -831,12 +877,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block encryption/decryption
|
||||
@ -1030,6 +1078,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
|
||||
if ( n > 0x0F )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
@ -1235,9 +1286,11 @@ static const int aes_test_ctr_len[3] =
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose )
|
||||
{
|
||||
int ret = 0, i, j, u, v;
|
||||
int ret = 0, i, j, u, mode;
|
||||
unsigned int keybits;
|
||||
unsigned char key[32];
|
||||
unsigned char buf[64];
|
||||
const unsigned char *aes_tests;
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
unsigned char iv[16];
|
||||
#endif
|
||||
@ -1263,45 +1316,52 @@ int mbedtls_aes_self_test( int verbose )
|
||||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( buf, 0, 16 );
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
|
||||
aes_tests = aes_test_ecb_dec[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
aes_tests = aes_test_ecb_enc[u];
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
for( j = 0; j < 10000; j++ )
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_tests, 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
@ -1318,55 +1378,64 @@ int mbedtls_aes_self_test( int verbose )
|
||||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memset( iv , 0, 16 );
|
||||
memset( prv, 0, 16 );
|
||||
memset( buf, 0, 16 );
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
|
||||
aes_tests = aes_test_cbc_dec[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
aes_tests = aes_test_cbc_enc[u];
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
for( j = 0; j < 10000; j++ )
|
||||
{
|
||||
if( mode == MBEDTLS_AES_ENCRYPT )
|
||||
{
|
||||
unsigned char tmp[16];
|
||||
|
||||
mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
|
||||
|
||||
memcpy( tmp, prv, 16 );
|
||||
memcpy( prv, buf, 16 );
|
||||
memcpy( buf, tmp, 16 );
|
||||
}
|
||||
|
||||
if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_tests, 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
@ -1384,45 +1453,52 @@ int mbedtls_aes_self_test( int verbose )
|
||||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
keybits = 128 + u * 64;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( iv, aes_test_cfb128_iv, 16 );
|
||||
memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
|
||||
memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
|
||||
|
||||
offset = 0;
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
|
||||
/*
|
||||
* AES-192 is an optional feature that may be unavailable when
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
memcpy( buf, aes_test_cfb128_ct[u], 64 );
|
||||
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
aes_tests = aes_test_cfb128_pt;
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy( buf, aes_test_cfb128_pt, 64 );
|
||||
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
|
||||
aes_tests = aes_test_cfb128_ct[u];
|
||||
}
|
||||
|
||||
if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
if( memcmp( buf, aes_tests, 64 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
@ -1440,51 +1516,41 @@ int mbedtls_aes_self_test( int verbose )
|
||||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
u = i >> 1;
|
||||
v = i & 1;
|
||||
mode = i & 1;
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " AES-CTR-128 (%s): ",
|
||||
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
|
||||
memcpy( key, aes_test_ctr_key[u], 16 );
|
||||
|
||||
offset = 0;
|
||||
mbedtls_aes_setkey_enc( &ctx, key, 128 );
|
||||
if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( v == MBEDTLS_AES_DECRYPT )
|
||||
len = aes_test_ctr_len[u];
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
len = aes_test_ctr_len[u];
|
||||
memcpy( buf, aes_test_ctr_ct[u], len );
|
||||
|
||||
mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
|
||||
buf, buf );
|
||||
|
||||
if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
aes_tests = aes_test_ctr_pt[u];
|
||||
}
|
||||
else
|
||||
{
|
||||
len = aes_test_ctr_len[u];
|
||||
memcpy( buf, aes_test_ctr_pt[u], len );
|
||||
aes_tests = aes_test_ctr_ct[u];
|
||||
}
|
||||
|
||||
mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
|
||||
buf, buf );
|
||||
ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
|
||||
stream_block, buf, buf );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
if( memcmp( buf, aes_tests, len ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
@ -1498,6 +1564,9 @@ int mbedtls_aes_self_test( int verbose )
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
if( ret != 0 && verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
mbedtls_aes_free( &ctx );
|
||||
|
||||
return( ret );
|
||||
|
@ -32,6 +32,12 @@
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include "mbedtls/aesni.h"
|
||||
|
||||
#include <string.h>
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user