TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply clang formatting.

Browse Source 
Executed with:
`find . -regextype posix-egrep -regex ".*\.([hc]|fmt|function)" | xargs -L1 clang-format-12 -i`

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk
2021-08-03 14:09:02 +02:00
parent e8bd0f2ed0
commit c0eabdc636
422 changed files with 93754 additions and 97774 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
3rdparty/everest/include/everest/Hacl_Curve25519.h vendored
View File

@@ -7,15 +7,14 @@
* KreMLin version: 916c37ac
*/
#ifndef __Hacl_Curve25519_H
#define __Hacl_Curve25519_H
#include "kremlib.h"
void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic,
uint8_t *secret,
uint8_t *basepoint);
#define __Hacl_Curve25519_H_DEFINED
#endif

57
3rdparty/everest/include/everest/everest.h vendored
View File

@@ -33,7 +33,7 @@ extern "C" {
*/
typedef enum
{
MBEDTLS_EVEREST_ECDH_OURS, /**< Our key. */
MBEDTLS_EVEREST_ECDH_OURS, /**< Our key. */
MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_everest_ecdh_side;
@@ -41,7 +41,6 @@ typedef struct {
mbedtls_x25519_context ctx;
} mbedtls_ecdh_context_everest;
/**
* \brief This function sets up the ECDH context with the information
* given.
@@ -58,14 +57,14 @@ typedef struct {
*
* \return \c 0 on success.
*/
int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id );
int mbedtls_everest_setup(mbedtls_ecdh_context_everest *ctx, int grp_id);
/**
* \brief This function frees a context.
*
* \param ctx The context to free.
*/
void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
void mbedtls_everest_free(mbedtls_ecdh_context_everest *ctx);
/**
* \brief This function generates a public key and a TLS
@@ -90,10 +89,12 @@ void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng );
int mbedtls_everest_make_params(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses and processes a TLS ServerKeyExhange
@@ -112,8 +113,9 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf, const unsigned char *end );
int mbedtls_everest_read_params(mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf,
const unsigned char *end);
/**
* \brief This function parses and processes a TLS ServerKeyExhange
@@ -132,8 +134,9 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf, const unsigned char *end );
int mbedtls_everest_read_params(mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf,
const unsigned char *end);
/**
* \brief This function sets up an ECDH context from an EC key.
@@ -153,8 +156,9 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key,
mbedtls_everest_ecdh_side side );
int mbedtls_everest_get_params(mbedtls_ecdh_context_everest *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_everest_ecdh_side side);
/**
* \brief This function generates a public key and a TLS
@@ -175,10 +179,12 @@ int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng );
int mbedtls_everest_make_public(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses and processes a TLS ClientKeyExchange
@@ -197,8 +203,9 @@ int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
const unsigned char *buf, size_t blen );
int mbedtls_everest_read_public(mbedtls_ecdh_context_everest *ctx,
const unsigned char *buf,
size_t blen);
/**
* \brief This function derives and exports the shared secret.
@@ -222,10 +229,12 @@ int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng );
int mbedtls_everest_calc_secret(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#ifdef __cplusplus
}

2
3rdparty/everest/include/everest/kremlib.h vendored
View File

@@ -26,4 +26,4 @@
#include "kremlin/internal/types.h"
#include "kremlin/c_endianness.h"
#endif /* __KREMLIB_H */
#endif /* __KREMLIB_H */

125
3rdparty/everest/include/everest/kremlib/FStar_UInt128.h vendored
View File

@@ -7,47 +7,55 @@
* KreMLin version: 916c37ac
*/
#ifndef __FStar_UInt128_H
#define __FStar_UInt128_H
#include <inttypes.h>
#include <stdbool.h>
#include "kremlin/internal/types.h"
uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
uint64_t
FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee);
uint64_t
FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee);
typedef FStar_UInt128_uint128 FStar_UInt128_t;
FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128
FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_add_underspec(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128
FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a,
uint32_t s);
FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a,
uint32_t s);
bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
@@ -59,62 +67,73 @@ bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b);
FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Percent_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1
);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Percent_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Amp_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Hat_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Bar_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
extern FStar_UInt128_uint128 (
*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
extern FStar_UInt128_uint128
(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1);
extern FStar_UInt128_uint128 (*FStar_UInt128_op_Greater_Greater_Hat)(
FStar_UInt128_uint128 x0,
uint32_t x1);
extern bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern bool
(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern bool
(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
extern bool
(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1);
extern bool (*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1);
FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y);

3
3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h vendored
View File

@@ -7,12 +7,9 @@
* KreMLin version: 916c37ac
*/
#ifndef __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H
#include <inttypes.h>
#include <stdbool.h>
#include "kremlin/internal/compat.h"

242
3rdparty/everest/include/everest/kremlin/c_endianness.h vendored
View File

@@ -13,87 +13,87 @@
/* ... for Linux */
#if defined(__linux__) || defined(__CYGWIN__)
# include <endian.h>
# include <endian.h>
/* ... for OSX */
#elif defined(__APPLE__)
# include <libkern/OSByteOrder.h>
# define htole64(x) OSSwapHostToLittleInt64(x)
# define le64toh(x) OSSwapLittleToHostInt64(x)
# define htobe64(x) OSSwapHostToBigInt64(x)
# define be64toh(x) OSSwapBigToHostInt64(x)
# include <libkern/OSByteOrder.h>
# define htole64(x) OSSwapHostToLittleInt64(x)
# define le64toh(x) OSSwapLittleToHostInt64(x)
# define htobe64(x) OSSwapHostToBigInt64(x)
# define be64toh(x) OSSwapBigToHostInt64(x)
# define htole16(x) OSSwapHostToLittleInt16(x)
# define le16toh(x) OSSwapLittleToHostInt16(x)
# define htobe16(x) OSSwapHostToBigInt16(x)
# define be16toh(x) OSSwapBigToHostInt16(x)
# define htole16(x) OSSwapHostToLittleInt16(x)
# define le16toh(x) OSSwapLittleToHostInt16(x)
# define htobe16(x) OSSwapHostToBigInt16(x)
# define be16toh(x) OSSwapBigToHostInt16(x)
# define htole32(x) OSSwapHostToLittleInt32(x)
# define le32toh(x) OSSwapLittleToHostInt32(x)
# define htobe32(x) OSSwapHostToBigInt32(x)
# define be32toh(x) OSSwapBigToHostInt32(x)
# define htole32(x) OSSwapHostToLittleInt32(x)
# define le32toh(x) OSSwapLittleToHostInt32(x)
# define htobe32(x) OSSwapHostToBigInt32(x)
# define be32toh(x) OSSwapBigToHostInt32(x)
/* ... for Solaris */
#elif defined(__sun__)
# include <sys/byteorder.h>
# define htole64(x) LE_64(x)
# define le64toh(x) LE_64(x)
# define htobe64(x) BE_64(x)
# define be64toh(x) BE_64(x)
# include <sys/byteorder.h>
# define htole64(x) LE_64(x)
# define le64toh(x) LE_64(x)
# define htobe64(x) BE_64(x)
# define be64toh(x) BE_64(x)
# define htole16(x) LE_16(x)
# define le16toh(x) LE_16(x)
# define htobe16(x) BE_16(x)
# define be16toh(x) BE_16(x)
# define htole16(x) LE_16(x)
# define le16toh(x) LE_16(x)
# define htobe16(x) BE_16(x)
# define be16toh(x) BE_16(x)
# define htole32(x) LE_32(x)
# define le32toh(x) LE_32(x)
# define htobe32(x) BE_32(x)
# define be32toh(x) BE_32(x)
# define htole32(x) LE_32(x)
# define le32toh(x) LE_32(x)
# define htobe32(x) BE_32(x)
# define be32toh(x) BE_32(x)
/* ... for the BSDs */
#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
# include <sys/endian.h>
# include <sys/endian.h>
#elif defined(__OpenBSD__)
# include <endian.h>
# include <endian.h>
/* ... for Windows (MSVC)... not targeting XBOX 360! */
#elif defined(_MSC_VER)
# include <stdlib.h>
# define htobe16(x) _byteswap_ushort(x)
# define htole16(x) (x)
# define be16toh(x) _byteswap_ushort(x)
# define le16toh(x) (x)
# include <stdlib.h>
# define htobe16(x) _byteswap_ushort(x)
# define htole16(x) (x)
# define be16toh(x) _byteswap_ushort(x)
# define le16toh(x) (x)
# define htobe32(x) _byteswap_ulong(x)
# define htole32(x) (x)
# define be32toh(x) _byteswap_ulong(x)
# define le32toh(x) (x)
# define htobe32(x) _byteswap_ulong(x)
# define htole32(x) (x)
# define be32toh(x) _byteswap_ulong(x)
# define le32toh(x) (x)
# define htobe64(x) _byteswap_uint64(x)
# define htole64(x) (x)
# define be64toh(x) _byteswap_uint64(x)
# define le64toh(x) (x)
# define htobe64(x) _byteswap_uint64(x)
# define htole64(x) (x)
# define be64toh(x) _byteswap_uint64(x)
# define le64toh(x) (x)
/* ... for Windows (GCC-like, e.g. mingw or clang) */
#elif (defined(_WIN32) || defined(_WIN64)) && \
#elif (defined(_WIN32) || defined(_WIN64)) && \
(defined(__GNUC__) || defined(__clang__))
# define htobe16(x) __builtin_bswap16(x)
# define htole16(x) (x)
# define be16toh(x) __builtin_bswap16(x)
# define le16toh(x) (x)
# define htobe16(x) __builtin_bswap16(x)
# define htole16(x) (x)
# define be16toh(x) __builtin_bswap16(x)
# define le16toh(x) (x)
# define htobe32(x) __builtin_bswap32(x)
# define htole32(x) (x)
# define be32toh(x) __builtin_bswap32(x)
# define le32toh(x) (x)
# define htobe32(x) __builtin_bswap32(x)
# define htole32(x) (x)
# define be32toh(x) __builtin_bswap32(x)
# define le32toh(x) (x)
# define htobe64(x) __builtin_bswap64(x)
# define htole64(x) (x)
# define be64toh(x) __builtin_bswap64(x)
# define le64toh(x) (x)
# define htobe64(x) __builtin_bswap64(x)
# define htole64(x) (x)
# define be64toh(x) __builtin_bswap64(x)
# define le64toh(x) (x)
/* ... generic big-endian fallback code */
#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
@@ -102,103 +102,109 @@
* https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
* */
# define htobe32(x) (x)
# define be32toh(x) (x)
# define htole32(x) \
(__extension__({ \
uint32_t _temp = (x); \
((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
}))
# define le32toh(x) (htole32((x)))
# define htobe32(x) (x)
# define be32toh(x) (x)
# define htole32(x) \
(__extension__({ \
uint32_t _temp = (x); \
((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
}))
# define le32toh(x) (htole32((x)))
# define htobe64(x) (x)
# define be64toh(x) (x)
# define htole64(x) \
(__extension__({ \
uint64_t __temp = (x); \
uint32_t __low = htobe32((uint32_t)__temp); \
uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
(((uint64_t)__low) << 32) | __high; \
}))
# define le64toh(x) (htole64((x)))
# define htobe64(x) (x)
# define be64toh(x) (x)
# define htole64(x) \
(__extension__({ \
uint64_t __temp = (x); \
uint32_t __low = htobe32((uint32_t)__temp); \
uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
(((uint64_t)__low) << 32) | __high; \
}))
# define le64toh(x) (htole64((x)))
/* ... generic little-endian fallback code */
#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
# define htole32(x) (x)
# define le32toh(x) (x)
# define htobe32(x) \
(__extension__({ \
uint32_t _temp = (x); \
((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
}))
# define be32toh(x) (htobe32((x)))
# define htole32(x) (x)
# define le32toh(x) (x)
# define htobe32(x) \
(__extension__({ \
uint32_t _temp = (x); \
((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \
((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
}))
# define be32toh(x) (htobe32((x)))
# define htole64(x) (x)
# define le64toh(x) (x)
# define htobe64(x) \
(__extension__({ \
uint64_t __temp = (x); \
uint32_t __low = htobe32((uint32_t)__temp); \
uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
(((uint64_t)__low) << 32) | __high; \
}))
# define be64toh(x) (htobe64((x)))
# define htole64(x) (x)
# define le64toh(x) (x)
# define htobe64(x) \
(__extension__({ \
uint64_t __temp = (x); \
uint32_t __low = htobe32((uint32_t)__temp); \
uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
(((uint64_t)__low) << 32) | __high; \
}))
# define be64toh(x) (htobe64((x)))
/* ... couldn't determine endian-ness of the target platform */
#else
# error "Please define __BYTE_ORDER__!"
# error "Please define __BYTE_ORDER__!"
#endif /* defined(__linux__) || ... */
/* Loads and stores. These avoid undefined behavior due to unaligned memory
* accesses, via memcpy. */
inline static uint16_t load16(uint8_t *b) {
uint16_t x;
memcpy(&x, b, 2);
return x;
inline static uint16_t load16(uint8_t *b)
{
uint16_t x;
memcpy(&x, b, 2);
return x;
}
inline static uint32_t load32(uint8_t *b) {
uint32_t x;
memcpy(&x, b, 4);
return x;
inline static uint32_t load32(uint8_t *b)
{
uint32_t x;
memcpy(&x, b, 4);
return x;
}
inline static uint64_t load64(uint8_t *b) {
uint64_t x;
memcpy(&x, b, 8);
return x;
inline static uint64_t load64(uint8_t *b)
{
uint64_t x;
memcpy(&x, b, 8);
return x;
}
inline static void store16(uint8_t *b, uint16_t i) {
memcpy(b, &i, 2);
inline static void store16(uint8_t *b, uint16_t i)
{
memcpy(b, &i, 2);
}
inline static void store32(uint8_t *b, uint32_t i) {
memcpy(b, &i, 4);
inline static void store32(uint8_t *b, uint32_t i)
{
memcpy(b, &i, 4);
}
inline static void store64(uint8_t *b, uint64_t i) {
memcpy(b, &i, 8);
inline static void store64(uint8_t *b, uint64_t i)
{
memcpy(b, &i, 8);
}
#define load16_le(b) (le16toh(load16(b)))
#define load16_le(b) (le16toh(load16(b)))
#define store16_le(b, i) (store16(b, htole16(i)))
#define load16_be(b) (be16toh(load16(b)))
#define load16_be(b) (be16toh(load16(b)))
#define store16_be(b, i) (store16(b, htobe16(i)))
#define load32_le(b) (le32toh(load32(b)))
#define load32_le(b) (le32toh(load32(b)))
#define store32_le(b, i) (store32(b, htole32(i)))
#define load32_be(b) (be32toh(load32(b)))
#define load32_be(b) (be32toh(load32(b)))
#define store32_be(b, i) (store32(b, htobe32(i)))
#define load64_le(b) (le64toh(load64(b)))
#define load64_le(b) (le64toh(load64(b)))
#define store64_le(b, i) (store64(b, htole64(i)))
#define load64_be(b) (be64toh(load64(b)))
#define load64_be(b) (be64toh(load64(b)))
#define store64_be(b, i) (store64(b, htobe64(i)))
#endif

2
3rdparty/everest/include/everest/kremlin/internal/builtin.h vendored
View File

@@ -6,7 +6,7 @@
/* For alloca, when using KreMLin's -falloca */
#if (defined(_WIN32) || defined(_WIN64))
# include <malloc.h>
# include <malloc.h>
#endif
/* If some globals need to be initialized before the main, then kremlin will

32
3rdparty/everest/include/everest/kremlin/internal/callconv.h vendored
View File

@@ -13,34 +13,34 @@
* defined too. They have no meaning for other platforms, so we define them to
* be empty macros in other situations. */
#ifndef _MSC_VER
#ifndef __cdecl
#define __cdecl
#endif
#ifndef __stdcall
#define __stdcall
#endif
#ifndef __fastcall
#define __fastcall
#endif
# ifndef __cdecl
# define __cdecl
# endif
# ifndef __stdcall
# define __stdcall
# endif
# ifndef __fastcall
# define __fastcall
# endif
#endif
/* Since KreMLin emits the inline keyword unconditionally, we follow the
* guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
* __inline__ to ensure the code compiles with -std=c90 and earlier. */
#ifdef __GNUC__
# define inline __inline__
# define inline __inline__
#endif
/* GCC-specific attribute syntax; everyone else gets the standard C inline
* attribute. */
#ifdef __GNU_C__
# ifndef __clang__
# define force_inline inline __attribute__((always_inline))
# else
# define force_inline inline
# endif
# ifndef __clang__
# define force_inline inline __attribute__((always_inline))
# else
# define force_inline inline
# endif
#else
# define force_inline inline
# define force_inline inline
#endif
#endif

26
3rdparty/everest/include/everest/kremlin/internal/compat.h vendored
View File

@@ -12,23 +12,23 @@
typedef const char *Prims_string;
typedef struct {
uint32_t length;
const char *data;
uint32_t length;
const char *data;
} FStar_Bytes_bytes;
typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
krml_checked_int_t;
#define RETURN_OR(x) \
do { \
int64_t __ret = x; \
if (__ret < INT32_MIN || INT32_MAX < __ret) { \
KRML_HOST_PRINTF( \
"Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \
__LINE__); \
KRML_HOST_EXIT(252); \
} \
return (int32_t)__ret; \
} while (0)
#define RETURN_OR(x) \
do { \
int64_t __ret = x; \
if (__ret < INT32_MIN || INT32_MAX < __ret) { \
KRML_HOST_PRINTF( \
"Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \
__LINE__); \
KRML_HOST_EXIT(252); \
} \
return (int32_t)__ret; \
} while (0)
#endif

16
3rdparty/everest/include/everest/kremlin/internal/debug.h vendored
View File

@@ -44,14 +44,14 @@ void WasmSupport_check_buffer_size(uint32_t s);
default : "unknown")
/* clang-format on */
# define KRML_DEBUG_RETURN(X) \
({ \
__auto_type _ret = (X); \
KRML_HOST_PRINTF("returning: "); \
KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
KRML_HOST_PRINTF(" \n"); \
_ret; \
})
# define KRML_DEBUG_RETURN(X) \
({ \
__auto_type _ret = (X); \
KRML_HOST_PRINTF("returning: "); \
KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
KRML_HOST_PRINTF(" \n"); \
_ret; \
})
#endif
#endif

77
3rdparty/everest/include/everest/kremlin/internal/target.h vendored
View File

@@ -19,84 +19,87 @@
/* For "bare" targets that do not have a C stdlib, the user might want to use
* [-add-early-include '"mydefinitions.h"'] and override these. */
#ifndef KRML_HOST_PRINTF
# define KRML_HOST_PRINTF printf
# define KRML_HOST_PRINTF printf
#endif
#if ( \
(defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
(!(defined KRML_HOST_EPRINTF)))
# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
#if ((defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
(!(defined KRML_HOST_EPRINTF)))
# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
#endif
#ifndef KRML_HOST_EXIT
# define KRML_HOST_EXIT exit
# define KRML_HOST_EXIT exit
#endif
#ifndef KRML_HOST_MALLOC
# define KRML_HOST_MALLOC malloc
# define KRML_HOST_MALLOC malloc
#endif
#ifndef KRML_HOST_CALLOC
# define KRML_HOST_CALLOC calloc
# define KRML_HOST_CALLOC calloc
#endif
#ifndef KRML_HOST_FREE
# define KRML_HOST_FREE free
# define KRML_HOST_FREE free
#endif
#ifndef KRML_HOST_TIME
# include <time.h>
# include <time.h>
/* Prims_nat not yet in scope */
inline static int32_t krml_time() {
return (int32_t)time(NULL);
inline static int32_t krml_time()
{
return (int32_t)time(NULL);
}
# define KRML_HOST_TIME krml_time
# define KRML_HOST_TIME krml_time
#endif
/* In statement position, exiting is easy. */
#define KRML_EXIT \
do { \
KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
KRML_HOST_EXIT(254); \
} while (0)
#define KRML_EXIT \
do { \
KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, \
__LINE__); \
KRML_HOST_EXIT(254); \
} while (0)
/* In expression position, use the comma-operator and a malloc to return an
* expression of the right size. KreMLin passes t as the parameter to the macro.
*/
#define KRML_EABORT(t, msg) \
(KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \
KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
#define KRML_EABORT(t, msg) \
(KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, \
msg), \
KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
* *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
*/
#ifdef __GNUC__
# define _KRML_CHECK_SIZE_PRAGMA \
_Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
# define _KRML_CHECK_SIZE_PRAGMA \
_Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
#else
# define _KRML_CHECK_SIZE_PRAGMA
# define _KRML_CHECK_SIZE_PRAGMA
#endif
#define KRML_CHECK_SIZE(size_elt, sz) \
do { \
_KRML_CHECK_SIZE_PRAGMA \
if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \
KRML_HOST_PRINTF( \
"Maximum allocatable size exceeded, aborting before overflow at " \
"%s:%d\n", \
__FILE__, __LINE__); \
KRML_HOST_EXIT(253); \
} \
} while (0)
#define KRML_CHECK_SIZE(size_elt, sz) \
do { \
_KRML_CHECK_SIZE_PRAGMA \
if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \
KRML_HOST_PRINTF( \
"Maximum allocatable size exceeded, aborting before overflow at " \
"%s:%d\n", \
__FILE__, __LINE__); \
KRML_HOST_EXIT(253); \
} \
} while (0)
#if defined(_MSC_VER) && _MSC_VER < 1900
# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \
_snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
#else
# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
#endif
#endif

6
3rdparty/everest/include/everest/kremlin/internal/types.h vendored
View File

@@ -45,14 +45,14 @@ typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan;
* it, depending on the compiler and whether the user wants the verified
* implementation or not. */
#if !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(_M_X64)
# include <emmintrin.h>
# include <emmintrin.h>
typedef __m128i FStar_UInt128_uint128;
#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER)
typedef unsigned __int128 FStar_UInt128_uint128;
#else
typedef struct FStar_UInt128_uint128_s {
uint64_t low;
uint64_t high;
uint64_t low;
uint64_t high;
} FStar_UInt128_uint128;
#endif

7
3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h vendored
View File

@@ -7,15 +7,14 @@
* KreMLin version: 916c37ac
*/
#ifndef __Hacl_Curve25519_H
#define __Hacl_Curve25519_H
#include "kremlib.h"
void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic,
uint8_t *secret,
uint8_t *basepoint);
#define __Hacl_Curve25519_H_DEFINED
#endif

2
3rdparty/everest/include/everest/vs2010/inttypes.h vendored
View File

@@ -26,7 +26,7 @@
#include <stdint.h>
#ifdef _MSC_VER
#define inline __inline
# define inline __inline
#endif
/* VS2010 unsigned long == 8 bytes */

60
3rdparty/everest/include/everest/x25519.h vendored
View File

@@ -26,7 +26,7 @@
extern "C" {
#endif
#define MBEDTLS_ECP_TLS_CURVE25519 0x1d
#define MBEDTLS_ECP_TLS_CURVE25519 0x1d
#define MBEDTLS_X25519_KEY_SIZE_BYTES 32
/**
@@ -34,17 +34,16 @@ extern "C" {
*/
typedef enum
{
MBEDTLS_X25519_ECDH_OURS, /**< Our key. */
MBEDTLS_X25519_ECDH_OURS, /**< Our key. */
MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_x25519_ecdh_side;
/**
* \brief The x25519 context structure.
*/
typedef struct
{
unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES];
unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES];
typedef struct {
unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES];
unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES];
} mbedtls_x25519_context;
/**
@@ -52,14 +51,14 @@ typedef struct
*
* \param ctx The x25519 context to initialize.
*/
void mbedtls_x25519_init( mbedtls_x25519_context *ctx );
void mbedtls_x25519_init(mbedtls_x25519_context *ctx);
/**
* \brief This function frees a context.
*
* \param ctx The context to free.
*/
void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
void mbedtls_x25519_free(mbedtls_x25519_context *ctx);
/**
* \brief This function generates a public key and a TLS
@@ -78,10 +77,12 @@ void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x25519_make_params(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses and processes a TLS ServerKeyExchange
@@ -96,8 +97,9 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
const unsigned char **buf, const unsigned char *end );
int mbedtls_x25519_read_params(mbedtls_x25519_context *ctx,
const unsigned char **buf,
const unsigned char *end);
/**
* \brief This function sets up an x25519 context from an EC key.
@@ -117,8 +119,9 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
mbedtls_x25519_ecdh_side side );
int mbedtls_x25519_get_params(mbedtls_x25519_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_x25519_ecdh_side side);
/**
* \brief This function derives and exports the shared secret.
@@ -137,10 +140,12 @@ int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_ke
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x25519_calc_secret(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function generates a public key and a TLS
@@ -160,10 +165,12 @@ int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x25519_make_public(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses and processes a TLS ClientKeyExchange
@@ -180,8 +187,9 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
const unsigned char *buf, size_t blen );
int mbedtls_x25519_read_public(mbedtls_x25519_context *ctx,
const unsigned char *buf,
size_t blen);
#ifdef __cplusplus
}

1216
3rdparty/everest/library/Hacl_Curve25519.c vendored
View File

File diff suppressed because it is too large Load Diff

23
3rdparty/everest/library/Hacl_Curve25519_joined.c vendored
View File

@@ -23,19 +23,18 @@
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
#if defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)
#define MBEDTLS_HAVE_INT128
#endif
# if defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)
# define MBEDTLS_HAVE_INT128
# endif
#if defined(MBEDTLS_HAVE_INT128)
#include "Hacl_Curve25519.c"
#else
#define KRML_VERIFIED_UINT128
#include "kremlib/FStar_UInt128_extracted.c"
#include "legacy/Hacl_Curve25519.c"
#endif
# if defined(MBEDTLS_HAVE_INT128)
# include "Hacl_Curve25519.c"
# else
# define KRML_VERIFIED_UINT128
# include "kremlib/FStar_UInt128_extracted.c"
# include "legacy/Hacl_Curve25519.c"
# endif
#include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c"
# include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c"
#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */

83
3rdparty/everest/library/everest.c vendored
View File

@@ -29,79 +29,88 @@
#include "everest/everest.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
# include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
# define mbedtls_calloc calloc
# define mbedtls_free free
#endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id )
int mbedtls_everest_setup(mbedtls_ecdh_context_everest *ctx, int grp_id)
{
if( grp_id != MBEDTLS_ECP_DP_CURVE25519 )
if (grp_id != MBEDTLS_ECP_DP_CURVE25519)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
mbedtls_x25519_init( &ctx->ctx );
mbedtls_x25519_init(&ctx->ctx);
return 0;
}
void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx )
void mbedtls_everest_free(mbedtls_ecdh_context_everest *ctx)
{
mbedtls_x25519_free( &ctx->ctx );
mbedtls_x25519_free(&ctx->ctx);
}
int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
int mbedtls_everest_make_params(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng );
return mbedtls_x25519_make_params(x25519_ctx, olen, buf, blen, f_rng,
p_rng);
}
int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf,
const unsigned char *end )
int mbedtls_everest_read_params(mbedtls_ecdh_context_everest *ctx,
const unsigned char **buf,
const unsigned char *end)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
return mbedtls_x25519_read_params( x25519_ctx, buf, end );
return mbedtls_x25519_read_params(x25519_ctx, buf, end);
}
int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_everest_ecdh_side side )
int mbedtls_everest_get_params(mbedtls_ecdh_context_everest *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_everest_ecdh_side side)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ?
MBEDTLS_X25519_ECDH_OURS :
MBEDTLS_X25519_ECDH_THEIRS;
return mbedtls_x25519_get_params( x25519_ctx, key, s );
MBEDTLS_X25519_ECDH_OURS :
MBEDTLS_X25519_ECDH_THEIRS;
return mbedtls_x25519_get_params(x25519_ctx, key, s);
}
int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
int mbedtls_everest_make_public(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng );
return mbedtls_x25519_make_public(x25519_ctx, olen, buf, blen, f_rng,
p_rng);
}
int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
const unsigned char *buf, size_t blen )
int mbedtls_everest_read_public(mbedtls_ecdh_context_everest *ctx,
const unsigned char *buf,
size_t blen)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
return mbedtls_x25519_read_public ( x25519_ctx, buf, blen );
return mbedtls_x25519_read_public(x25519_ctx, buf, blen);
}
int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
int mbedtls_everest_calc_secret(mbedtls_ecdh_context_everest *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng );
return mbedtls_x25519_calc_secret(x25519_ctx, olen, buf, blen, f_rng,
p_rng);
}
#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */

458
3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c vendored
View File

@@ -7,407 +7,409 @@
* KreMLin version: 916c37ac
*/
#include "FStar_UInt128.h"
#include "kremlin/c_endianness.h"
#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee)
uint64_t
FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee)
{
return projectee.low;
return projectee.low;
}
uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee)
uint64_t
FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee)
{
return projectee.high;
return projectee.high;
}
static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
{
return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
}
static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b)
{
return FStar_UInt128_constant_time_carry(a, b);
return FStar_UInt128_constant_time_carry(a, b);
}
FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low + b.low,
a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low)
};
return flat;
}
FStar_UInt128_uint128
FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_add_underspec(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low + b.low,
a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low)
};
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low + b.low,
a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low)
};
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low - b.low,
a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low)
};
return flat;
}
FStar_UInt128_uint128
FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low - b.low,
a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low)
};
return flat;
}
static FStar_UInt128_uint128
FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
static FStar_UInt128_uint128 FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) };
return flat;
FStar_UInt128_uint128 flat = {
a.low - b.low,
a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low)
};
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
return FStar_UInt128_sub_mod_impl(a, b);
return FStar_UInt128_sub_mod_impl(a, b);
}
FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128 flat = { a.low & b.low, a.high & b.high };
return flat;
FStar_UInt128_uint128 flat = { a.low & b.low, a.high & b.high };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128 flat = { a.low ^ b.low, a.high ^ b.high };
return flat;
FStar_UInt128_uint128 flat = { a.low ^ b.low, a.high ^ b.high };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128 flat = { a.low | b.low, a.high | b.high };
return flat;
FStar_UInt128_uint128 flat = { a.low | b.low, a.high | b.high };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a)
{
FStar_UInt128_uint128 flat = { ~a.low, ~a.high };
return flat;
FStar_UInt128_uint128 flat = { ~a.low, ~a.high };
return flat;
}
static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
static uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
static uint64_t
FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
{
return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
}
static uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
static uint64_t
FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
{
return FStar_UInt128_add_u64_shift_left(hi, lo, s);
return FStar_UInt128_add_u64_shift_left(hi, lo, s);
}
static FStar_UInt128_uint128
FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
{
if (s == (uint32_t)0U)
{
return a;
}
else
{
FStar_UInt128_uint128
flat = { a.low << s, FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) };
return flat;
}
if (s == (uint32_t)0U) {
return a;
} else {
FStar_UInt128_uint128 flat = { a.low << s,
FStar_UInt128_add_u64_shift_left_respec(
a.high, a.low, s) };
return flat;
}
}
static FStar_UInt128_uint128
FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
{
FStar_UInt128_uint128 flat = { (uint64_t)0U, a.low << (s - FStar_UInt128_u32_64) };
return flat;
FStar_UInt128_uint128 flat = { (uint64_t)0U,
a.low << (s - FStar_UInt128_u32_64) };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a,
uint32_t s)
{
if (s < FStar_UInt128_u32_64)
{
return FStar_UInt128_shift_left_small(a, s);
}
else
{
return FStar_UInt128_shift_left_large(a, s);
}
if (s < FStar_UInt128_u32_64) {
return FStar_UInt128_shift_left_small(a, s);
} else {
return FStar_UInt128_shift_left_large(a, s);
}
}
static uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
static uint64_t
FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
{
return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
}
static uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
static uint64_t
FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
{
return FStar_UInt128_add_u64_shift_right(hi, lo, s);
return FStar_UInt128_add_u64_shift_right(hi, lo, s);
}
static FStar_UInt128_uint128
FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
{
if (s == (uint32_t)0U)
{
return a;
}
else
{
FStar_UInt128_uint128
flat = { FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), a.high >> s };
return flat;
}
if (s == (uint32_t)0U) {
return a;
} else {
FStar_UInt128_uint128 flat = { FStar_UInt128_add_u64_shift_right_respec(
a.high, a.low, s),
a.high >> s };
return flat;
}
}
static FStar_UInt128_uint128
FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
{
FStar_UInt128_uint128 flat = { a.high >> (s - FStar_UInt128_u32_64), (uint64_t)0U };
return flat;
FStar_UInt128_uint128 flat = { a.high >> (s - FStar_UInt128_u32_64),
(uint64_t)0U };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a,
uint32_t s)
{
if (s < FStar_UInt128_u32_64)
{
return FStar_UInt128_shift_right_small(a, s);
}
else
{
return FStar_UInt128_shift_right_large(a, s);
}
if (s < FStar_UInt128_u32_64) {
return FStar_UInt128_shift_right_small(a, s);
} else {
return FStar_UInt128_shift_right_large(a, s);
}
}
bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{
return a.low == b.low && a.high == b.high;
return a.low == b.low && a.high == b.high;
}
bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{
return a.high > b.high || (a.high == b.high && a.low > b.low);
return a.high > b.high || (a.high == b.high && a.low > b.low);
}
bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{
return a.high < b.high || (a.high == b.high && a.low < b.low);
return a.high < b.high || (a.high == b.high && a.low < b.low);
}
bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{
return a.high > b.high || (a.high == b.high && a.low >= b.low);
return a.high > b.high || (a.high == b.high && a.low >= b.low);
}
bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{
return a.high < b.high || (a.high == b.high && a.low <= b.low);
return a.high < b.high || (a.high == b.high && a.low <= b.low);
}
FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat =
{
FStar_UInt64_eq_mask(a.low,
b.low)
& FStar_UInt64_eq_mask(a.high, b.high),
FStar_UInt64_eq_mask(a.low,
b.low)
& FStar_UInt64_eq_mask(a.high, b.high)
};
return flat;
FStar_UInt128_uint128 flat = { FStar_UInt64_eq_mask(a.low, b.low) &
FStar_UInt64_eq_mask(a.high, b.high),
FStar_UInt64_eq_mask(a.low, b.low) &
FStar_UInt64_eq_mask(a.high, b.high) };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a,
FStar_UInt128_uint128 b)
{
FStar_UInt128_uint128
flat =
{
(FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
| (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
(FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high))
| (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low))
};
return flat;
FStar_UInt128_uint128 flat = { (FStar_UInt64_gte_mask(a.high, b.high) &
~FStar_UInt64_eq_mask(a.high, b.high)) |
(FStar_UInt64_eq_mask(a.high, b.high) &
FStar_UInt64_gte_mask(a.low, b.low)),
(FStar_UInt64_gte_mask(a.high, b.high) &
~FStar_UInt64_eq_mask(a.high, b.high)) |
(FStar_UInt64_eq_mask(a.high, b.high) &
FStar_UInt64_gte_mask(a.low, b.low)) };
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a)
{
FStar_UInt128_uint128 flat = { a, (uint64_t)0U };
return flat;
FStar_UInt128_uint128 flat = { a, (uint64_t)0U };
return flat;
}
uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
{
return a.low;
return a.low;
}
FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_add;
FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_add;
FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_add_underspec;
FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_add_underspec;
FStar_UInt128_uint128
(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_add_mod;
FStar_UInt128_uint128 (*FStar_UInt128_op_Plus_Percent_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_add_mod;
FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_sub;
FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_sub;
FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1
) = FStar_UInt128_sub_underspec;
FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Question_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_sub_underspec;
FStar_UInt128_uint128
(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_sub_mod;
FStar_UInt128_uint128 (*FStar_UInt128_op_Subtraction_Percent_Hat)(
FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_sub_mod;
FStar_UInt128_uint128
(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_logand;
FStar_UInt128_uint128 (*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_logand;
FStar_UInt128_uint128
(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_logxor;
FStar_UInt128_uint128 (*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_logxor;
FStar_UInt128_uint128
(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_logor;
FStar_UInt128_uint128 (*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_logor;
FStar_UInt128_uint128
(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
FStar_UInt128_shift_left;
FStar_UInt128_uint128 (*FStar_UInt128_op_Less_Less_Hat)(
FStar_UInt128_uint128 x0,
uint32_t x1) = FStar_UInt128_shift_left;
FStar_UInt128_uint128
(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) =
FStar_UInt128_shift_right;
FStar_UInt128_uint128 (*FStar_UInt128_op_Greater_Greater_Hat)(
FStar_UInt128_uint128 x0,
uint32_t x1) = FStar_UInt128_shift_right;
bool
(*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_eq;
bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_eq;
bool
(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_gt;
bool (*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_gt;
bool
(*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_lt;
bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) = FStar_UInt128_lt;
bool
(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_gte;
bool (*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_gte;
bool
(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) =
FStar_UInt128_lte;
bool (*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0,
FStar_UInt128_uint128 x1) =
FStar_UInt128_lte;
static uint64_t FStar_UInt128_u64_mod_32(uint64_t a)
{
return a & (uint64_t)0xffffffffU;
return a & (uint64_t)0xffffffffU;
}
static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo)
{
return lo + (hi << FStar_UInt128_u32_32);
return lo + (hi << FStar_UInt128_u32_32);
}
FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y)
{
FStar_UInt128_uint128
flat =
{
FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32)
* (uint64_t)y
+ (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)),
((x >> FStar_UInt128_u32_32)
* (uint64_t)y
+ (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32))
>> FStar_UInt128_u32_32
FStar_UInt128_uint128 flat = {
FStar_UInt128_u32_combine(
(x >> FStar_UInt128_u32_32) * (uint64_t)y +
(FStar_UInt128_u64_mod_32(x) * (uint64_t)y >>
FStar_UInt128_u32_32),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)),
((x >> FStar_UInt128_u32_32) * (uint64_t)y +
(FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) >>
FStar_UInt128_u32_32
};
return flat;
return flat;
}
typedef struct K___uint64_t_uint64_t_uint64_t_uint64_t_s
{
uint64_t fst;
uint64_t snd;
uint64_t thd;
uint64_t f3;
}
K___uint64_t_uint64_t_uint64_t_uint64_t;
typedef struct K___uint64_t_uint64_t_uint64_t_uint64_t_s {
uint64_t fst;
uint64_t snd;
uint64_t thd;
uint64_t f3;
} K___uint64_t_uint64_t_uint64_t_uint64_t;
static K___uint64_t_uint64_t_uint64_t_uint64_t
FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
{
K___uint64_t_uint64_t_uint64_t_uint64_t
flat =
{
FStar_UInt128_u64_mod_32(x),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
x
>> FStar_UInt128_u32_32,
(x >> FStar_UInt128_u32_32)
* FStar_UInt128_u64_mod_32(y)
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)
K___uint64_t_uint64_t_uint64_t_uint64_t flat = {
FStar_UInt128_u64_mod_32(x),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) *
FStar_UInt128_u64_mod_32(y)),
x >> FStar_UInt128_u32_32,
(x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) +
(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >>
FStar_UInt128_u32_32)
};
return flat;
return flat;
}
static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
{
return lo + (hi << FStar_UInt128_u32_32);
return lo + (hi << FStar_UInt128_u32_32);
}
static FStar_UInt128_uint128 FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
{
K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
uint64_t u1 = scrut.fst;
uint64_t w3 = scrut.snd;
uint64_t x_ = scrut.thd;
uint64_t t_ = scrut.f3;
FStar_UInt128_uint128
flat =
{
FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
w3),
x_
* (y >> FStar_UInt128_u32_32)
+ (t_ >> FStar_UInt128_u32_32)
+ ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32)
K___uint64_t_uint64_t_uint64_t_uint64_t scrut =
FStar_UInt128_mul_wide_impl_t_(x, y);
uint64_t u1 = scrut.fst;
uint64_t w3 = scrut.snd;
uint64_t x_ = scrut.thd;
uint64_t t_ = scrut.f3;
FStar_UInt128_uint128 flat = {
FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) +
FStar_UInt128_u64_mod_32(t_),
w3),
x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) +
((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >>
FStar_UInt128_u32_32)
};
return flat;
return flat;
}
FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
{
return FStar_UInt128_mul_wide_impl(x, y);
return FStar_UInt128_mul_wide_impl(x, y);
}

114
3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c vendored
View File

@@ -7,94 +7,92 @@
* KreMLin version: 916c37ac
*/
#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h"
uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
{
uint64_t x = a ^ b;
uint64_t minus_x = ~x + (uint64_t)1U;
uint64_t x_or_minus_x = x | minus_x;
uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
return xnx - (uint64_t)1U;
uint64_t x = a ^ b;
uint64_t minus_x = ~x + (uint64_t)1U;
uint64_t x_or_minus_x = x | minus_x;
uint64_t xnx = x_or_minus_x >> (uint32_t)63U;
return xnx - (uint64_t)1U;
}
uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
{
uint64_t x = a;
uint64_t y = b;
uint64_t x_xor_y = x ^ y;
uint64_t x_sub_y = x - y;
uint64_t x_sub_y_xor_y = x_sub_y ^ y;
uint64_t q = x_xor_y | x_sub_y_xor_y;
uint64_t x_xor_q = x ^ q;
uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
return x_xor_q_ - (uint64_t)1U;
uint64_t x = a;
uint64_t y = b;
uint64_t x_xor_y = x ^ y;
uint64_t x_sub_y = x - y;
uint64_t x_sub_y_xor_y = x_sub_y ^ y;
uint64_t q = x_xor_y | x_sub_y_xor_y;
uint64_t x_xor_q = x ^ q;
uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U;
return x_xor_q_ - (uint64_t)1U;
}
uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
{
uint32_t x = a ^ b;
uint32_t minus_x = ~x + (uint32_t)1U;
uint32_t x_or_minus_x = x | minus_x;
uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
return xnx - (uint32_t)1U;
uint32_t x = a ^ b;
uint32_t minus_x = ~x + (uint32_t)1U;
uint32_t x_or_minus_x = x | minus_x;
uint32_t xnx = x_or_minus_x >> (uint32_t)31U;
return xnx - (uint32_t)1U;
}
uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
{
uint32_t x = a;
uint32_t y = b;
uint32_t x_xor_y = x ^ y;
uint32_t x_sub_y = x - y;
uint32_t x_sub_y_xor_y = x_sub_y ^ y;
uint32_t q = x_xor_y | x_sub_y_xor_y;
uint32_t x_xor_q = x ^ q;
uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
return x_xor_q_ - (uint32_t)1U;
uint32_t x = a;
uint32_t y = b;
uint32_t x_xor_y = x ^ y;
uint32_t x_sub_y = x - y;
uint32_t x_sub_y_xor_y = x_sub_y ^ y;
uint32_t q = x_xor_y | x_sub_y_xor_y;
uint32_t x_xor_q = x ^ q;
uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U;
return x_xor_q_ - (uint32_t)1U;
}
uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
{
uint16_t x = a ^ b;
uint16_t minus_x = ~x + (uint16_t)1U;
uint16_t x_or_minus_x = x | minus_x;
uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
return xnx - (uint16_t)1U;
uint16_t x = a ^ b;
uint16_t minus_x = ~x + (uint16_t)1U;
uint16_t x_or_minus_x = x | minus_x;
uint16_t xnx = x_or_minus_x >> (uint32_t)15U;
return xnx - (uint16_t)1U;
}
uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
{
uint16_t x = a;
uint16_t y = b;
uint16_t x_xor_y = x ^ y;
uint16_t x_sub_y = x - y;
uint16_t x_sub_y_xor_y = x_sub_y ^ y;
uint16_t q = x_xor_y | x_sub_y_xor_y;
uint16_t x_xor_q = x ^ q;
uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
return x_xor_q_ - (uint16_t)1U;
uint16_t x = a;
uint16_t y = b;
uint16_t x_xor_y = x ^ y;
uint16_t x_sub_y = x - y;
uint16_t x_sub_y_xor_y = x_sub_y ^ y;
uint16_t q = x_xor_y | x_sub_y_xor_y;
uint16_t x_xor_q = x ^ q;
uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U;
return x_xor_q_ - (uint16_t)1U;
}
uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
{
uint8_t x = a ^ b;
uint8_t minus_x = ~x + (uint8_t)1U;
uint8_t x_or_minus_x = x | minus_x;
uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
return xnx - (uint8_t)1U;
uint8_t x = a ^ b;
uint8_t minus_x = ~x + (uint8_t)1U;
uint8_t x_or_minus_x = x | minus_x;
uint8_t xnx = x_or_minus_x >> (uint32_t)7U;
return xnx - (uint8_t)1U;
}
uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
{
uint8_t x = a;
uint8_t y = b;
uint8_t x_xor_y = x ^ y;
uint8_t x_sub_y = x - y;
uint8_t x_sub_y_xor_y = x_sub_y ^ y;
uint8_t q = x_xor_y | x_sub_y_xor_y;
uint8_t x_xor_q = x ^ q;
uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
return x_xor_q_ - (uint8_t)1U;
uint8_t x = a;
uint8_t y = b;
uint8_t x_xor_y = x ^ y;
uint8_t x_sub_y = x - y;
uint8_t x_sub_y_xor_y = x_sub_y ^ y;
uint8_t q = x_xor_y | x_sub_y_xor_y;
uint8_t x_xor_q = x ^ q;
uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U;
return x_xor_q_ - (uint8_t)1U;
}

1300
3rdparty/everest/library/legacy/Hacl_Curve25519.c vendored
View File

File diff suppressed because it is too large Load Diff

157
3rdparty/everest/library/x25519.c vendored
View File

@@ -23,54 +23,57 @@
#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
#include <mbedtls/ecdh.h>
# include <mbedtls/ecdh.h>
#if !(defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16))
#define KRML_VERIFIED_UINT128
#endif
# if !(defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16))
# define KRML_VERIFIED_UINT128
# endif
#include <Hacl_Curve25519.h>
#include <mbedtls/platform_util.h>
# include <Hacl_Curve25519.h>
# include <mbedtls/platform_util.h>
#include "x25519.h"
# include "x25519.h"
#include <string.h>
# include <string.h>
/*
* Initialize context
*/
void mbedtls_x25519_init( mbedtls_x25519_context *ctx )
void mbedtls_x25519_init(mbedtls_x25519_context *ctx)
{
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x25519_context ) );
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x25519_context));
}
/*
* Free context
*/
void mbedtls_x25519_free( mbedtls_x25519_context *ctx )
void mbedtls_x25519_free(mbedtls_x25519_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL)
return;
mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
mbedtls_platform_zeroize( ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
mbedtls_platform_zeroize(ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES);
mbedtls_platform_zeroize(ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES);
}
int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng )
int mbedtls_x25519_make_params(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret = 0;
uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = {0};
uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 };
if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
if ((ret = f_rng(p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES)) !=
0)
return ret;
*olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 4;
if( blen < *olen )
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ;
if (blen < *olen)
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
*buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
*buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8;
@@ -78,109 +81,119 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
*buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
base[0] = 9;
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
Hacl_Curve25519_crypto_scalarmult(buf, ctx->our_secret, base);
base[0] = 0;
if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
if (memcmp(buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0)
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
return 0 ;
return 0;
}
int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
const unsigned char **buf, const unsigned char *end )
int mbedtls_x25519_read_params(mbedtls_x25519_context *ctx,
const unsigned char **buf,
const unsigned char *end)
{
if( end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA ;
if (end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
if( ( *(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES ) )
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA ;
if ((*(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES))
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
memcpy( ctx->peer_point, *buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
memcpy(ctx->peer_point, *buf, MBEDTLS_X25519_KEY_SIZE_BYTES);
*buf += MBEDTLS_X25519_KEY_SIZE_BYTES;
return 0 ;
return 0;
}
int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
mbedtls_x25519_ecdh_side side )
int mbedtls_x25519_get_params(mbedtls_x25519_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_x25519_ecdh_side side)
{
size_t olen = 0;
switch( side ) {
case MBEDTLS_X25519_ECDH_THEIRS:
return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES );
case MBEDTLS_X25519_ECDH_OURS:
return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA ;
switch (side) {
case MBEDTLS_X25519_ECDH_THEIRS:
return mbedtls_ecp_point_write_binary(
&key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen,
ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES);
case MBEDTLS_X25519_ECDH_OURS:
return mbedtls_mpi_write_binary_le(&key->d, ctx->our_secret,
MBEDTLS_X25519_KEY_SIZE_BYTES);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
}
int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng )
int mbedtls_x25519_calc_secret(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
/* f_rng and p_rng are not used here because this implementation does not
need blinding since it has constant trace. */
(( void )f_rng);
(( void )p_rng);
((void)f_rng);
((void)p_rng);
*olen = MBEDTLS_X25519_KEY_SIZE_BYTES;
if( blen < *olen )
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ;
if (blen < *olen)
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point);
Hacl_Curve25519_crypto_scalarmult(buf, ctx->our_secret, ctx->peer_point);
/* Wipe the DH secret and don't let the peer chose a small subgroup point */
mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES );
mbedtls_platform_zeroize(ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES);
if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 )
if (memcmp(buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0)
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
return 0 ;
return 0;
}
int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int( *f_rng )(void *, unsigned char *, size_t),
void *p_rng )
int mbedtls_x25519_make_public(mbedtls_x25519_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret = 0;
unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 };
if( ctx == NULL )
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA ;
if (ctx == NULL)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 )
if ((ret = f_rng(p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES)) !=
0)
return ret;
*olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 1;
if( blen < *olen )
if (blen < *olen)
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
*buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES;
base[0] = 9;
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
Hacl_Curve25519_crypto_scalarmult(buf, ctx->our_secret, base);
base[0] = 0;
if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 )
if (memcmp(buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0)
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
return ret ;
return ret;
}
int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
const unsigned char *buf, size_t blen )
int mbedtls_x25519_read_public(mbedtls_x25519_context *ctx,
const unsigned char *buf,
size_t blen)
{
if( blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 )
if (blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1)
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) )
if ((*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES))
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
return 0 ;
memcpy(ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES);
return 0;
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */

11
configs/config-ccm-psk-tls1_2.h
View File

@@ -59,7 +59,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save some RAM by adjusting to your exact needs */
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
/*
* You should adjust this to the exact number of sources you're using: default
@@ -72,14 +72,13 @@
* Use only CCM_8 ciphersuites, and
* save ROM and a few bytes of RAM by specifying our own ciphersuite list
*/
#define MBEDTLS_SSL_CIPHERSUITES \
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
#define MBEDTLS_SSL_CIPHERSUITES \
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
/*
* Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
* The optimal size here depends on the typical size of records.
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024

20
configs/config-suite-b.h
View File

@@ -81,26 +81,26 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes
#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes
/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
#define MBEDTLS_ECP_WINDOW_SIZE 2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
/* Significant speed benefit at the expense of some ROM */
#define MBEDTLS_ECP_NIST_OPTIM
/*
* You should adjust this to the exact number of sources you're using: default
* is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
* Minimum is 2 for the entropy test suite.
* is the "mbedtls_platform_entropy_poll" source, but you may want to add other
* ones. Minimum is 2 for the entropy test suite.
*/
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define MBEDTLS_SSL_CIPHERSUITES \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/*
* Save RAM at the expense of interoperability: do this only if you control
@@ -108,5 +108,5 @@
* The minimum size here depends on the certificate chain used as well as the
* typical size of records.
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024

2
configs/config-thread.h
View File

@@ -82,7 +82,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes
#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8

24
doxygen/input/doc_encdec.h
View File

@@ -35,27 +35,29 @@
* Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for
* specific algorithms.
*
* All symmetric encryption algorithms are accessible via the generic cipher layer
* (see \c mbedtls_cipher_setup()).
* All symmetric encryption algorithms are accessible via the generic cipher
* layer (see \c mbedtls_cipher_setup()).
*
* The asymmetric encryptrion algorithms are accessible via the generic public
* key layer (see \c mbedtls_pk_init()).
*
* The following algorithms are provided:
* - Symmetric:
* - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and
* \c mbedtls_aes_crypt_ctr()).
* - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(),
* \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()).
* - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb()
* and \c mbedtls_des3_crypt_cbc()).
* - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c
* mbedtls_aes_crypt_cfb128() and \c mbedtls_aes_crypt_ctr()).
* - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c
* mbedtls_camellia_crypt_cbc(), \c mbedtls_camellia_crypt_cfb128() and \c
* mbedtls_camellia_crypt_ctr()).
* - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c
* mbedtls_des3_crypt_ecb() and \c mbedtls_des3_crypt_cbc()).
* - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init())
* - Asymmetric:
* - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public()
* and \c mbedtls_dhm_calc_secret()).
* - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c
* mbedtls_dhm_make_public() and \c mbedtls_dhm_calc_secret()).
* - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()).
* - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()).
* - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()).
* - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c
* mbedtls_ecdsa_init()).
* - Elliptic Curve Diffie Hellman (ECDH) (see \c mbedtls_ecdh_init()).
*
* This module provides encryption/decryption which can be used to provide

10
doxygen/input/doc_ssltls.h
View File

@@ -31,7 +31,8 @@
* - initialise an SSL/TLS context (see \c mbedtls_ssl_init()).
* - perform an SSL/TLS handshake (see \c mbedtls_ssl_handshake()).
* - read/write (see \c mbedtls_ssl_read() and \c mbedtls_ssl_write()).
* - notify a peer that connection is being closed (see \c mbedtls_ssl_close_notify()).
* - notify a peer that connection is being closed (see \c
* mbedtls_ssl_close_notify()).
*
* Many aspects of such a channel are set through parameters and callback
* functions:
@@ -43,7 +44,8 @@
* - session control functions.
* - X.509 parameters for certificate-handling and key exchange.
*
* This module can be used to create an SSL/TLS server and client and to provide a basic
* framework to setup and communicate through an SSL/TLS communication channel.\n
* Note that you need to provide for several aspects yourself as mentioned above.
* This module can be used to create an SSL/TLS server and client and to provide
* a basic framework to setup and communicate through an SSL/TLS communication
* channel.\n Note that you need to provide for several aspects yourself as
* mentioned above.
*/

187
include/mbedtls/aes.h
View File

@@ -48,23 +48,23 @@
/* padlock.c and aesni.c rely on these values! */
/** AES encryption. */
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_ENCRYPT 1
/** AES decryption. */
#define MBEDTLS_AES_DECRYPT 0
#define MBEDTLS_AES_DECRYPT 0
/* Error codes in range 0x0020-0x0022 */
/** Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
/** Invalid data input length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
/* Error codes in range 0x0021-0x0025 */
/** Invalid input data. */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
!defined(__cplusplus)
# define inline __inline
#endif
#ifdef __cplusplus
@@ -78,36 +78,31 @@ extern "C" {
/**
* \brief The AES context-type definition.
*/
typedef struct mbedtls_aes_context
{
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
used.</li>
<li>Simplifying key expansion in the 256-bit
case by generating an extra round key.
</li></ul> */
}
mbedtls_aes_context;
typedef struct mbedtls_aes_context {
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer
can hold 32 extra Bytes, which can be used for one of
the following purposes: <ul><li>Alignment if VIA
padlock is used.</li> <li>Simplifying key expansion
in the 256-bit case by generating an extra round key.
</li></ul> */
} mbedtls_aes_context;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
# if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief The AES XTS context-type definition.
*/
typedef struct mbedtls_aes_xts_context
{
mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */
typedef struct mbedtls_aes_xts_context {
mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for
AES block encryption or decryption. */
mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for
tweak computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
# endif /* MBEDTLS_CIPHER_MODE_XTS */
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#else /* MBEDTLS_AES_ALT */
# include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
/**
@@ -118,7 +113,7 @@ typedef struct mbedtls_aes_xts_context
*
* \param ctx The AES context to initialize. This must not be \c NULL.
*/
void mbedtls_aes_init( mbedtls_aes_context *ctx );
void mbedtls_aes_init(mbedtls_aes_context *ctx);
/**
* \brief This function releases and clears the specified AES context.
@@ -127,7 +122,7 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx );
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
void mbedtls_aes_free( mbedtls_aes_context *ctx );
void mbedtls_aes_free(mbedtls_aes_context *ctx);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -138,7 +133,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx );
*
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
/**
* \brief This function releases and clears the specified AES XTS context.
@@ -147,7 +142,7 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -165,8 +160,9 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -183,8 +179,9 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx,
const unsigned char *key,
unsigned int keybits);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -203,9 +200,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function prepares an XTS context for decryption and
@@ -223,9 +220,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -251,10 +248,10 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] );
int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -298,12 +295,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -342,12 +339,12 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -390,13 +387,13 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
/**
* \brief This function performs an AES-CFB8 encryption or decryption
@@ -434,12 +431,12 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -488,12 +485,12 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_OFB */
@@ -574,13 +571,13 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/**
@@ -594,9 +591,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16]);
/**
* \brief Internal AES block decryption function. This is only
@@ -609,9 +606,9 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16]);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -620,7 +617,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_aes_self_test( int verbose );
int mbedtls_aes_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

88
include/mbedtls/aria.h
View File

@@ -38,14 +38,14 @@
#include "mbedtls/platform_util.h"
/** ARIA encryption. */
#define MBEDTLS_ARIA_ENCRYPT 1
#define MBEDTLS_ARIA_ENCRYPT 1
/** ARIA decryption. */
#define MBEDTLS_ARIA_DECRYPT 0
#define MBEDTLS_ARIA_DECRYPT 0
/** ARIA block size in bytes. */
#define MBEDTLS_ARIA_BLOCKSIZE 16
#define MBEDTLS_ARIA_BLOCKSIZE 16
/** Maxiumum number of rounds in ARIA. */
#define MBEDTLS_ARIA_MAX_ROUNDS 16
#define MBEDTLS_ARIA_MAX_ROUNDS 16
/** Maximum size of an ARIA key in bytes. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32
@@ -66,16 +66,16 @@ extern "C" {
/**
* \brief The ARIA context-type definition.
*/
typedef struct mbedtls_aria_context
{
unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
typedef struct mbedtls_aria_context {
unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16)
*/
/*! The ARIA round keys. */
uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;
uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1]
[MBEDTLS_ARIA_BLOCKSIZE / 4];
} mbedtls_aria_context;
#else /* MBEDTLS_ARIA_ALT */
#include "aria_alt.h"
#else /* MBEDTLS_ARIA_ALT */
# include "aria_alt.h"
#endif /* MBEDTLS_ARIA_ALT */
/**
@@ -86,7 +86,7 @@ mbedtls_aria_context;
*
* \param ctx The ARIA context to initialize. This must not be \c NULL.
*/
void mbedtls_aria_init( mbedtls_aria_context *ctx );
void mbedtls_aria_init(mbedtls_aria_context *ctx);
/**
* \brief This function releases and clears the specified ARIA context.
@@ -95,7 +95,7 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx );
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized ARIA context.
*/
void mbedtls_aria_free( mbedtls_aria_context *ctx );
void mbedtls_aria_free(mbedtls_aria_context *ctx);
/**
* \brief This function sets the encryption key.
@@ -112,9 +112,9 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -131,9 +131,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function performs an ARIA single-block encryption or
@@ -155,9 +155,9 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -201,12 +201,12 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
int mode,
size_t length,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
int mode,
size_t length,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -251,13 +251,13 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -338,13 +338,13 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -353,7 +353,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
*
* \return \c 0 on success, or \c 1 on failure.
*/
int mbedtls_aria_self_test( int verbose );
int mbedtls_aria_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

239
include/mbedtls/asn1.h
View File

@@ -28,7 +28,7 @@
#include <stddef.h>
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
# include "mbedtls/bignum.h"
#endif
/**
@@ -44,19 +44,19 @@
* \{
*/
/** Out of data when parsing an ASN1 data structure. */
#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
/** ASN1 tag was of an unexpected value. */
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
/** Error when trying to determine the length or invalid length. */
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
/** Actual length differs from expected length. */
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
/** Data is invalid. */
#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
/** Memory allocation failed */
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
/** Buffer too small when writing ASN.1 data structure. */
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
/* \} name */
@@ -71,38 +71,37 @@
* Such sequences are typically read into \c ::mbedtls_x509_buf.
* \{
*/
#define MBEDTLS_ASN1_BOOLEAN 0x01
#define MBEDTLS_ASN1_INTEGER 0x02
#define MBEDTLS_ASN1_BIT_STRING 0x03
#define MBEDTLS_ASN1_OCTET_STRING 0x04
#define MBEDTLS_ASN1_NULL 0x05
#define MBEDTLS_ASN1_OID 0x06
#define MBEDTLS_ASN1_ENUMERATED 0x0A
#define MBEDTLS_ASN1_UTF8_STRING 0x0C
#define MBEDTLS_ASN1_SEQUENCE 0x10
#define MBEDTLS_ASN1_SET 0x11
#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
#define MBEDTLS_ASN1_T61_STRING 0x14
#define MBEDTLS_ASN1_IA5_STRING 0x16
#define MBEDTLS_ASN1_UTC_TIME 0x17
#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
#define MBEDTLS_ASN1_BMP_STRING 0x1E
#define MBEDTLS_ASN1_PRIMITIVE 0x00
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
#define MBEDTLS_ASN1_BOOLEAN 0x01
#define MBEDTLS_ASN1_INTEGER 0x02
#define MBEDTLS_ASN1_BIT_STRING 0x03
#define MBEDTLS_ASN1_OCTET_STRING 0x04
#define MBEDTLS_ASN1_NULL 0x05
#define MBEDTLS_ASN1_OID 0x06
#define MBEDTLS_ASN1_ENUMERATED 0x0A
#define MBEDTLS_ASN1_UTF8_STRING 0x0C
#define MBEDTLS_ASN1_SEQUENCE 0x10
#define MBEDTLS_ASN1_SET 0x11
#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
#define MBEDTLS_ASN1_T61_STRING 0x14
#define MBEDTLS_ASN1_IA5_STRING 0x16
#define MBEDTLS_ASN1_UTC_TIME 0x17
#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
#define MBEDTLS_ASN1_BMP_STRING 0x1E
#define MBEDTLS_ASN1_PRIMITIVE 0x00
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
( ( tag ) < 32u && ( \
( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
( 1u << MBEDTLS_ASN1_T61_STRING ) | \
( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
((tag) < 32u && \
(((1u << (tag)) & \
((1u << MBEDTLS_ASN1_BMP_STRING) | (1u << MBEDTLS_ASN1_UTF8_STRING) | \
(1u << MBEDTLS_ASN1_T61_STRING) | (1u << MBEDTLS_ASN1_IA5_STRING) | \
(1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
(1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \
(1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
@@ -114,9 +113,9 @@
* | Class | P/C | Tag number |
* +-------+-----+------------+
*/
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
/* \} name */
/* \} addtogroup asn1_module */
@@ -127,16 +126,16 @@
/**
* Compares an mbedtls_asn1_buf structure to a reference OID.
*
* Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
* 'unsigned char *oid' here!
* Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot
* use a 'unsigned char *oid' here!
*/
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \
memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0)
#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) || \
memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0)
#ifdef __cplusplus
extern "C" {
@@ -150,46 +149,44 @@ extern "C" {
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct mbedtls_asn1_buf
{
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
typedef struct mbedtls_asn1_buf {
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
} mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct mbedtls_asn1_bitstring
{
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
typedef struct mbedtls_asn1_bitstring {
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at
the end of the string */
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
} mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct mbedtls_asn1_sequence
{
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
}
mbedtls_asn1_sequence;
typedef struct mbedtls_asn1_sequence {
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given
ASN.1 item. */
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in
the sequence. */
} mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct mbedtls_asn1_named_data
{
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
}
mbedtls_asn1_named_data;
typedef struct mbedtls_asn1_named_data {
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry
in the sequence.
*/
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the
current one? */
} mbedtls_asn1_named_data;
/**
* \brief Get the length of an ASN.1 element.
@@ -209,9 +206,9 @@ mbedtls_asn1_named_data;
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
*/
int mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
size_t *len );
int mbedtls_asn1_get_len(unsigned char **p,
const unsigned char *end,
size_t *len);
/**
* \brief Get the tag and length of the element.
@@ -234,9 +231,10 @@ int mbedtls_asn1_get_len( unsigned char **p,
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
*/
int mbedtls_asn1_get_tag( unsigned char **p,
const unsigned char *end,
size_t *len, int tag );
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len,
int tag);
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
@@ -253,9 +251,9 @@ int mbedtls_asn1_get_tag( unsigned char **p,
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BOOLEAN.
*/
int mbedtls_asn1_get_bool( unsigned char **p,
const unsigned char *end,
int *val );
int mbedtls_asn1_get_bool(unsigned char **p,
const unsigned char *end,
int *val);
/**
* \brief Retrieve an integer ASN.1 tag and its value.
@@ -274,9 +272,7 @@ int mbedtls_asn1_get_bool( unsigned char **p,
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
int mbedtls_asn1_get_int( unsigned char **p,
const unsigned char *end,
int *val );
int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val);
/**
* \brief Retrieve an enumerated ASN.1 tag and its value.
@@ -295,9 +291,9 @@ int mbedtls_asn1_get_int( unsigned char **p,
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
int mbedtls_asn1_get_enum( unsigned char **p,
const unsigned char *end,
int *val );
int mbedtls_asn1_get_enum(unsigned char **p,
const unsigned char *end,
int *val);
/**
* \brief Retrieve a bitstring ASN.1 tag and its value.
@@ -316,8 +312,9 @@ int mbedtls_asn1_get_enum( unsigned char **p,
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
mbedtls_asn1_bitstring *bs );
int mbedtls_asn1_get_bitstring(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_bitstring *bs);
/**
* \brief Retrieve a bitstring ASN.1 tag without unused bits and its
@@ -337,9 +334,9 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
int mbedtls_asn1_get_bitstring_null( unsigned char **p,
const unsigned char *end,
size_t *len );
int mbedtls_asn1_get_bitstring_null(unsigned char **p,
const unsigned char *end,
size_t *len);
/**
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>".
@@ -388,10 +385,10 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p,
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 SEQUENCE.
*/
int mbedtls_asn1_get_sequence_of( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_sequence *cur,
int tag );
int mbedtls_asn1_get_sequence_of(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_sequence *cur,
int tag);
/**
* \brief Free a heap-allocated linked list presentation of
* an ASN.1 sequence, including the first element.
@@ -413,7 +410,7 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
* be \c NULL, in which case this functions returns
* immediately.
*/
void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq);
/**
* \brief Traverse an ASN.1 SEQUENCE container and
@@ -503,11 +500,12 @@ void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
int mbedtls_asn1_traverse_sequence_of(
unsigned char **p,
const unsigned char *end,
unsigned char tag_must_mask, unsigned char tag_must_val,
unsigned char tag_may_mask, unsigned char tag_may_val,
int (*cb)( void *ctx, int tag,
unsigned char* start, size_t len ),
void *ctx );
unsigned char tag_must_mask,
unsigned char tag_must_val,
unsigned char tag_may_mask,
unsigned char tag_may_val,
int (*cb)(void *ctx, int tag, unsigned char *start, size_t len),
void *ctx);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -528,9 +526,9 @@ int mbedtls_asn1_traverse_sequence_of(
* not fit in an \c int.
* \return An MPI error code if the parsed value is too large.
*/
int mbedtls_asn1_get_mpi( unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X );
int mbedtls_asn1_get_mpi(unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -549,9 +547,10 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int mbedtls_asn1_get_alg( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
int mbedtls_asn1_get_alg(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg,
mbedtls_asn1_buf *params);
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
@@ -568,9 +567,9 @@ int mbedtls_asn1_get_alg( unsigned char **p,
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int mbedtls_asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg );
int mbedtls_asn1_get_alg_null(unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg);
/**
* \brief Find a specific named_data entry in a sequence or list based on
@@ -582,8 +581,10 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
*
* \return NULL if not found, or a pointer to the existing entry.
*/
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
const char *oid, size_t len );
const mbedtls_asn1_named_data *
mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
const char *oid,
size_t len);
/**
* \brief Free a mbedtls_asn1_named_data entry
@@ -592,7 +593,7 @@ const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_
* This function calls mbedtls_free() on
* `entry->oid.p` and `entry->val.p`.
*/
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry);
/**
* \brief Free all entries in a mbedtls_asn1_named_data list.
@@ -602,7 +603,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
* mbedtls_free() on each list element and
* sets \c *head to \c NULL.
*/
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head);
#ifdef __cplusplus
}

123
include/mbedtls/asn1write.h
View File

@@ -26,14 +26,13 @@
#include "mbedtls/asn1.h"
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
do \
{ \
if( ( ret = (f) ) < 0 ) \
return ret ; \
else \
(g) += ret; \
} while( 0 )
#define MBEDTLS_ASN1_CHK_ADD(g, f) \
do { \
if ((ret = (f)) < 0) \
return ret; \
else \
(g) += ret; \
} while (0)
#ifdef __cplusplus
extern "C" {
@@ -51,8 +50,9 @@ extern "C" {
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
size_t len );
int mbedtls_asn1_write_len(unsigned char **p,
const unsigned char *start,
size_t len);
/**
* \brief Write an ASN.1 tag in ASN.1 format.
*
@@ -65,8 +65,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
unsigned char tag );
int mbedtls_asn1_write_tag(unsigned char **p,
const unsigned char *start,
unsigned char tag);
/**
* \brief Write raw buffer data.
@@ -81,8 +82,10 @@ int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size );
int mbedtls_asn1_write_raw_buffer(unsigned char **p,
const unsigned char *start,
const unsigned char *buf,
size_t size);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -99,8 +102,9 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
const mbedtls_mpi *X );
int mbedtls_asn1_write_mpi(unsigned char **p,
const unsigned char *start,
const mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -115,7 +119,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start);
/**
* \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
@@ -131,8 +135,10 @@ int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
const char *oid, size_t oid_len );
int mbedtls_asn1_write_oid(unsigned char **p,
const unsigned char *start,
const char *oid,
size_t oid_len);
/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
@@ -149,10 +155,11 @@ int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
const unsigned char *start,
const char *oid, size_t oid_len,
size_t par_len );
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
const unsigned char *start,
const char *oid,
size_t oid_len,
size_t par_len);
/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
@@ -167,8 +174,9 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
int boolean );
int mbedtls_asn1_write_bool(unsigned char **p,
const unsigned char *start,
int boolean);
/**
* \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
@@ -184,7 +192,9 @@ int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
int mbedtls_asn1_write_int(unsigned char **p,
const unsigned char *start,
int val);
/**
* \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
@@ -199,7 +209,9 @@ int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int v
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
int mbedtls_asn1_write_enum(unsigned char **p,
const unsigned char *start,
int val);
/**
* \brief Write a string in ASN.1 format using a specific
@@ -218,9 +230,11 @@ int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
int tag, const char *text,
size_t text_len );
int mbedtls_asn1_write_tagged_string(unsigned char **p,
const unsigned char *start,
int tag,
const char *text,
size_t text_len);
/**
* \brief Write a string in ASN.1 format using the PrintableString
@@ -237,9 +251,10 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *st
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_printable_string( unsigned char **p,
const unsigned char *start,
const char *text, size_t text_len );
int mbedtls_asn1_write_printable_string(unsigned char **p,
const unsigned char *start,
const char *text,
size_t text_len);
/**
* \brief Write a UTF8 string in ASN.1 format using the UTF8String
@@ -256,8 +271,10 @@ int mbedtls_asn1_write_printable_string( unsigned char **p,
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
const char *text, size_t text_len );
int mbedtls_asn1_write_utf8_string(unsigned char **p,
const unsigned char *start,
const char *text,
size_t text_len);
/**
* \brief Write a string in ASN.1 format using the IA5String
@@ -274,8 +291,10 @@ int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *star
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
const char *text, size_t text_len );
int mbedtls_asn1_write_ia5_string(unsigned char **p,
const unsigned char *start,
const char *text,
size_t text_len);
/**
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
@@ -291,8 +310,10 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t bits );
int mbedtls_asn1_write_bitstring(unsigned char **p,
const unsigned char *start,
const unsigned char *buf,
size_t bits);
/**
* \brief This function writes a named bitstring tag
@@ -311,10 +332,10 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_named_bitstring( unsigned char **p,
const unsigned char *start,
const unsigned char *buf,
size_t bits );
int mbedtls_asn1_write_named_bitstring(unsigned char **p,
const unsigned char *start,
const unsigned char *buf,
size_t bits);
/**
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
@@ -330,8 +351,10 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size );
int mbedtls_asn1_write_octet_string(unsigned char **p,
const unsigned char *start,
const unsigned char *buf,
size_t size);
/**
* \brief Create or find a specific named_data entry for writing in a
@@ -354,10 +377,12 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *sta
* \return A pointer to the new / existing entry on success.
* \return \c NULL if if there was a memory allocation error.
*/
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
const char *oid, size_t oid_len,
const unsigned char *val,
size_t val_len );
mbedtls_asn1_named_data *
mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list,
const char *oid,
size_t oid_len,
const unsigned char *val,
size_t val_len);
#ifdef __cplusplus
}

20
include/mbedtls/base64.h
View File

@@ -27,9 +27,9 @@
#include <stddef.h>
/** Output buffer too small. */
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
/** Invalid character in input. */
#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
#ifdef __cplusplus
extern "C" {
@@ -54,8 +54,11 @@ extern "C" {
* \note Call this function with dlen = 0 to obtain the
* required buffer size in *olen
*/
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen );
int mbedtls_base64_encode(unsigned char *dst,
size_t dlen,
size_t *olen,
const unsigned char *src,
size_t slen);
/**
* \brief Decode a base64-formatted buffer
@@ -74,8 +77,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
* \note Call this function with *dst = NULL or dlen = 0 to obtain
* the required buffer size in *olen
*/
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen );
int mbedtls_base64_decode(unsigned char *dst,
size_t dlen,
size_t *olen,
const unsigned char *src,
size_t slen);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -83,7 +89,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_base64_self_test( int verbose );
int mbedtls_base64_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

378
include/mbedtls/bignum.h
View File

@@ -29,37 +29,36 @@
#include <stdint.h>
#if defined(MBEDTLS_FS_IO)
#include <stdio.h>
# include <stdio.h>
#endif
/** An error occurred while reading from or writing to a file. */
#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
/** Bad input parameters to function. */
#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
/** There is an invalid character in the digit string. */
#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
/** The buffer is too small to write to. */
#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
/** The input arguments are negative or result in illegal output. */
#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
/** The input argument for division is zero, which is not allowed. */
#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
/** The input arguments are not acceptable. */
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
/** Memory allocation failed. */
#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
#define MBEDTLS_MPI_CHK(f) \
do \
{ \
if( ( ret = (f) ) != 0 ) \
goto cleanup; \
} while( 0 )
#define MBEDTLS_MPI_CHK(f) \
do { \
if ((ret = (f)) != 0) \
goto cleanup; \
} while (0)
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
*/
#define MBEDTLS_MPI_MAX_LIMBS 10000
#define MBEDTLS_MPI_MAX_LIMBS 10000
#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
/*
@@ -72,7 +71,7 @@
* Reduction in size, reduces speed.
*/
/** Maximum window size used. */
#define MBEDTLS_MPI_WINDOW_SIZE 6
# define MBEDTLS_MPI_WINDOW_SIZE 6
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(MBEDTLS_MPI_MAX_SIZE)
@@ -84,16 +83,16 @@
* of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
*/
/** Maximum number of bytes for usable MPIs. */
#define MBEDTLS_MPI_MAX_SIZE 1024
# define MBEDTLS_MPI_MAX_SIZE 1024
#endif /* !MBEDTLS_MPI_MAX_SIZE */
#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
#define MBEDTLS_MPI_MAX_BITS \
(8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
/*
* When reading from files with mbedtls_mpi_read_file() and writing to files with
* mbedtls_mpi_write_file() the buffer should have space
* for a (short) label, the MPI (in the provided radix), the newline
* characters and the '\0'.
* When reading from files with mbedtls_mpi_read_file() and writing to files
* with mbedtls_mpi_write_file() the buffer should have space for a (short)
* label, the MPI (in the provided radix), the newline characters and the '\0'.
*
* By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
@@ -107,9 +106,12 @@
* MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
* LabelSize + 6
*/
#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define MBEDTLS_MPI_RW_BUFFER_SIZE \
(((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
MBEDTLS_LN_2_DIV_LN_10_SCALE100) + \
10 + 6)
/*
* Define the base integer type, architecture-wise.
@@ -122,63 +124,61 @@
* disabled by defining MBEDTLS_NO_UDBL_DIVISION.
*/
#if !defined(MBEDTLS_HAVE_INT32)
#if defined(_MSC_VER) && defined(_M_AMD64)
/* Always choose 64-bit when using MSC */
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* !MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
#elif defined(__GNUC__) && ( \
defined(__amd64__) || defined(__x86_64__) || \
defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) || \
( defined(__sparc__) && defined(__arch64__) ) || \
defined(__s390x__) || defined(__mips64) || \
defined(__aarch64__) )
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
/* mbedtls_t_udbl defined as 128-bit unsigned int */
typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#elif defined(__ARMCC_VERSION) && defined(__aarch64__)
/*
* __ARMCC_VERSION is defined for both armcc and armclang and
* __aarch64__ is only defined by armclang when compiling 64-bit code
*/
#if !defined(MBEDTLS_HAVE_INT64)
#define MBEDTLS_HAVE_INT64
#endif /* !MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
/* mbedtls_t_udbl defined as 128-bit unsigned int */
typedef __uint128_t mbedtls_t_udbl;
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#elif defined(MBEDTLS_HAVE_INT64)
/* Force 64-bit integers with unknown compiler */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
#endif
# if defined(_MSC_VER) && defined(_M_AMD64)
/* Always choose 64-bit when using MSC */
# if !defined(MBEDTLS_HAVE_INT64)
# define MBEDTLS_HAVE_INT64
# endif /* !MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
# elif defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__) || defined(__ppc64__) || \
defined(__powerpc64__) || defined(__ia64__) || defined(__alpha__) || \
(defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || \
defined(__mips64) || defined(__aarch64__))
# if !defined(MBEDTLS_HAVE_INT64)
# define MBEDTLS_HAVE_INT64
# endif /* MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
# if !defined(MBEDTLS_NO_UDBL_DIVISION)
/* mbedtls_t_udbl defined as 128-bit unsigned int */
typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
# define MBEDTLS_HAVE_UDBL
# endif /* !MBEDTLS_NO_UDBL_DIVISION */
# elif defined(__ARMCC_VERSION) && defined(__aarch64__)
/*
* __ARMCC_VERSION is defined for both armcc and armclang and
* __aarch64__ is only defined by armclang when compiling 64-bit code
*/
# if !defined(MBEDTLS_HAVE_INT64)
# define MBEDTLS_HAVE_INT64
# endif /* !MBEDTLS_HAVE_INT64 */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
# if !defined(MBEDTLS_NO_UDBL_DIVISION)
/* mbedtls_t_udbl defined as 128-bit unsigned int */
typedef __uint128_t mbedtls_t_udbl;
# define MBEDTLS_HAVE_UDBL
# endif /* !MBEDTLS_NO_UDBL_DIVISION */
# elif defined(MBEDTLS_HAVE_INT64)
/* Force 64-bit integers with unknown compiler */
typedef int64_t mbedtls_mpi_sint;
typedef uint64_t mbedtls_mpi_uint;
# endif
#endif /* !MBEDTLS_HAVE_INT32 */
#if !defined(MBEDTLS_HAVE_INT64)
/* Default to 32-bit compilation */
#if !defined(MBEDTLS_HAVE_INT32)
#define MBEDTLS_HAVE_INT32
#endif /* !MBEDTLS_HAVE_INT32 */
typedef int32_t mbedtls_mpi_sint;
typedef uint32_t mbedtls_mpi_uint;
#if !defined(MBEDTLS_NO_UDBL_DIVISION)
typedef uint64_t mbedtls_t_udbl;
#define MBEDTLS_HAVE_UDBL
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
/* Default to 32-bit compilation */
# if !defined(MBEDTLS_HAVE_INT32)
# define MBEDTLS_HAVE_INT32
# endif /* !MBEDTLS_HAVE_INT32 */
typedef int32_t mbedtls_mpi_sint;
typedef uint32_t mbedtls_mpi_uint;
# if !defined(MBEDTLS_NO_UDBL_DIVISION)
typedef uint64_t mbedtls_t_udbl;
# define MBEDTLS_HAVE_UDBL
# endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */
#ifdef __cplusplus
@@ -188,13 +188,12 @@ extern "C" {
/**
* \brief MPI structure
*/
typedef struct mbedtls_mpi
{
int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
}
mbedtls_mpi;
typedef struct mbedtls_mpi {
int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise
*/
size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
} mbedtls_mpi;
/**
* \brief Initialize an MPI context.
@@ -204,7 +203,7 @@ mbedtls_mpi;
*
* \param X The MPI context to initialize. This must not be \c NULL.
*/
void mbedtls_mpi_init( mbedtls_mpi *X );
void mbedtls_mpi_init(mbedtls_mpi *X);
/**
* \brief This function frees the components of an MPI context.
@@ -213,7 +212,7 @@ void mbedtls_mpi_init( mbedtls_mpi *X );
* in which case this function is a no-op. If it is
* not \c NULL, it must point to an initialized MPI.
*/
void mbedtls_mpi_free( mbedtls_mpi *X );
void mbedtls_mpi_free(mbedtls_mpi *X);
/**
* \brief Enlarge an MPI to the specified number of limbs.
@@ -228,7 +227,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief This function resizes an MPI downwards, keeping at least the
@@ -245,7 +244,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
* (this can only happen when resizing up).
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief Make a copy of an MPI.
@@ -260,7 +259,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Swap the contents of two MPIs.
@@ -268,7 +267,7 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
* \param X The first MPI. It must be initialized.
* \param Y The second MPI. It must be initialized.
*/
void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y);
/**
* \brief Perform a safe conditional copy of MPI which doesn't
@@ -294,7 +293,9 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
const mbedtls_mpi *Y,
unsigned char assign);
/**
* \brief Perform a safe conditional swap which doesn't
@@ -319,7 +320,9 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned
* \return Another negative error code on other kinds of failure.
*
*/
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
mbedtls_mpi *Y,
unsigned char assign);
/**
* \brief Store integer value in MPI.
@@ -331,7 +334,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char as
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Get a specific bit from an MPI.
@@ -343,7 +346,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
* of \c X is unset or set.
* \return A negative error code on failure.
*/
int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos);
/**
* \brief Modify a specific bit in an MPI.
@@ -360,7 +363,7 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val);
/**
* \brief Return the number of bits of value \c 0 before the
@@ -374,7 +377,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
* \return The number of bits of value \c 0 before the least significant
* bit of value \c 1 in \p X.
*/
size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
size_t mbedtls_mpi_lsb(const mbedtls_mpi *X);
/**
* \brief Return the number of bits up to and including the most
@@ -388,7 +391,7 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
* \return The number of bits up to and including the most
* significant bit of value \c 1.
*/
size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X);
/**
* \brief Return the total size of an MPI value in bytes.
@@ -403,7 +406,7 @@ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
* \return The least number of bytes capable of storing
* the absolute value of \p X.
*/
size_t mbedtls_mpi_size( const mbedtls_mpi *X );
size_t mbedtls_mpi_size(const mbedtls_mpi *X);
/**
* \brief Import an MPI from an ASCII string.
@@ -415,7 +418,7 @@ size_t mbedtls_mpi_size( const mbedtls_mpi *X );
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s);
/**
* \brief Export an MPI to an ASCII string.
@@ -439,8 +442,11 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
* size of \p buf required for a successful call.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
char *buf, size_t buflen, size_t *olen );
int mbedtls_mpi_write_string(const mbedtls_mpi *X,
int radix,
char *buf,
size_t buflen,
size_t *olen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -464,7 +470,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
* is too small.
* \return Another negative error code on failure.
*/
int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin);
/**
* \brief Export an MPI into an opened file.
@@ -481,8 +487,10 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
int radix, FILE *fout );
int mbedtls_mpi_write_file(const char *p,
const mbedtls_mpi *X,
int radix,
FILE *fout);
#endif /* MBEDTLS_FS_IO */
/**
@@ -497,8 +505,9 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
size_t buflen );
int mbedtls_mpi_read_binary(mbedtls_mpi *X,
const unsigned char *buf,
size_t buflen);
/**
* \brief Import X from unsigned binary data, little endian
@@ -512,8 +521,9 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
const unsigned char *buf, size_t buflen );
int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
const unsigned char *buf,
size_t buflen);
/**
* \brief Export X into unsigned binary data, big endian.
@@ -530,8 +540,9 @@ int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
size_t buflen );
int mbedtls_mpi_write_binary(const mbedtls_mpi *X,
unsigned char *buf,
size_t buflen);
/**
* \brief Export X into unsigned binary data, little endian.
@@ -548,8 +559,9 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
unsigned char *buf, size_t buflen );
int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
unsigned char *buf,
size_t buflen);
/**
* \brief Perform a left-shift on an MPI: X <<= count
@@ -561,7 +573,7 @@ int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count);
/**
* \brief Perform a right-shift on an MPI: X >>= count
@@ -573,7 +585,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count);
/**
* \brief Compare the absolute values of two MPIs.
@@ -585,7 +597,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
* \return \c -1 if `|X|` is lesser than `|Y|`.
* \return \c 0 if `|X|` is equal to `|Y|`.
*/
int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Compare two MPIs.
@@ -597,7 +609,7 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
* \return \c -1 if \p X is lesser than \p Y.
* \return \c 0 if \p X is equal to \p Y.
*/
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Check if an MPI is less than the other in constant time.
@@ -614,8 +626,9 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
* \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
* the two input MPIs is not the same.
*/
int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
unsigned *ret );
int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
const mbedtls_mpi *Y,
unsigned *ret);
/**
* \brief Compare an MPI with an integer.
@@ -627,7 +640,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
* \return \c -1 if \p X is lesser than \p z.
* \return \c 0 if \p X is equal to \p z.
*/
int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Perform an unsigned addition of MPIs: X = |A| + |B|
@@ -640,8 +653,9 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_add_abs(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
@@ -655,8 +669,9 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return Another negative error code on different kinds of failure.
*
*/
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_sub_abs(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of MPIs: X = A + B
@@ -669,8 +684,9 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_add_mpi(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a signed subtraction of MPIs: X = A - B
@@ -683,8 +699,9 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_sub_mpi(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of an MPI and an integer: X = A + b
@@ -697,8 +714,9 @@ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
mbedtls_mpi_sint b );
int mbedtls_mpi_add_int(mbedtls_mpi *X,
const mbedtls_mpi *A,
mbedtls_mpi_sint b);
/**
* \brief Perform a signed subtraction of an MPI and an integer:
@@ -712,8 +730,9 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
mbedtls_mpi_sint b );
int mbedtls_mpi_sub_int(mbedtls_mpi *X,
const mbedtls_mpi *A,
mbedtls_mpi_sint b);
/**
* \brief Perform a multiplication of two MPIs: X = A * B
@@ -727,8 +746,9 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return Another negative error code on different kinds of failure.
*
*/
int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_mul_mpi(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a multiplication of an MPI with an unsigned integer:
@@ -743,8 +763,9 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return Another negative error code on different kinds of failure.
*
*/
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
mbedtls_mpi_uint b );
int mbedtls_mpi_mul_int(mbedtls_mpi *X,
const mbedtls_mpi *A,
mbedtls_mpi_uint b);
/**
* \brief Perform a division with remainder of two MPIs:
@@ -764,8 +785,10 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_div_mpi(mbedtls_mpi *Q,
mbedtls_mpi *R,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a division with remainder of an MPI by an integer:
@@ -785,8 +808,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
mbedtls_mpi_sint b );
int mbedtls_mpi_div_int(mbedtls_mpi *Q,
mbedtls_mpi *R,
const mbedtls_mpi *A,
mbedtls_mpi_sint b);
/**
* \brief Perform a modular reduction. R = A mod B
@@ -805,8 +830,9 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
* \return Another negative error code on different kinds of failure.
*
*/
int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_mod_mpi(mbedtls_mpi *R,
const mbedtls_mpi *A,
const mbedtls_mpi *B);
/**
* \brief Perform a modular reduction with respect to an integer.
@@ -824,8 +850,9 @@ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
mbedtls_mpi_sint b );
int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r,
const mbedtls_mpi *A,
mbedtls_mpi_sint b);
/**
* \brief Perform a sliding-window exponentiation: X = A^E mod N
@@ -853,9 +880,11 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
* \return Another negative error code on different kinds of failures.
*
*/
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *E, const mbedtls_mpi *N,
mbedtls_mpi *prec_RR );
int mbedtls_mpi_exp_mod(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *E,
const mbedtls_mpi *N,
mbedtls_mpi *prec_RR);
/**
* \brief Fill an MPI with a number of random bytes.
@@ -874,9 +903,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
* as a big-endian representation of an MPI; this can
* be relevant in applications like deterministic ECDSA.
*/
int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_mpi_fill_random(mbedtls_mpi *X,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** Generate a random number uniformly in a range.
*
@@ -910,11 +940,11 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
* for all usual cryptographic applications.
* \return Another negative error code on failure.
*/
int mbedtls_mpi_random( mbedtls_mpi *X,
mbedtls_mpi_sint min,
const mbedtls_mpi *N,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_mpi_random(mbedtls_mpi *X,
mbedtls_mpi_sint min,
const mbedtls_mpi *N,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
@@ -927,8 +957,7 @@ int mbedtls_mpi_random( mbedtls_mpi *X,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
const mbedtls_mpi *B );
int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B);
/**
* \brief Compute the modular inverse: X = A^-1 mod N
@@ -946,8 +975,9 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
* with respect to \p N.
*/
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *N );
int mbedtls_mpi_inv_mod(mbedtls_mpi *X,
const mbedtls_mpi *A,
const mbedtls_mpi *N);
/**
* \brief Miller-Rabin primality test.
@@ -976,18 +1006,22 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X,
int rounds,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Flags for mbedtls_mpi_gen_prime()
*
* Each of these flags is a constraint on the result X returned by
* mbedtls_mpi_gen_prime().
*/
typedef enum {
MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */
typedef enum
{
MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from
2<sup>-80</sup> to
2<sup>-128</sup> */
} mbedtls_mpi_gen_prime_flag_t;
/**
@@ -1009,9 +1043,11 @@ typedef enum {
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
* \c 3 and #MBEDTLS_MPI_MAX_BITS.
*/
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_mpi_gen_prime(mbedtls_mpi *X,
size_t nbits,
int flags,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
@@ -1020,7 +1056,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_mpi_self_test( int verbose );
int mbedtls_mpi_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

63
include/mbedtls/build_info.h
View File

@@ -6,22 +6,22 @@
* Include this file if you need to depend on the
* configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_BUILD_INFO_H
#define MBEDTLS_BUILD_INFO_H
@@ -36,33 +36,34 @@
* The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 0
#define MBEDTLS_VERSION_PATCH 0
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 0
#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x03000000
#define MBEDTLS_VERSION_STRING "3.0.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
#define MBEDTLS_VERSION_NUMBER 0x03000000
#define MBEDTLS_VERSION_STRING "3.0.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
# define _CRT_SECURE_NO_DEPRECATE 1
#endif
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
# include "mbedtls/mbedtls_config.h"
#else
#include MBEDTLS_CONFIG_FILE
# include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_CONFIG_VERSION) && ( \
MBEDTLS_CONFIG_VERSION < 0x03000000 || \
MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER )
#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
#if defined(MBEDTLS_CONFIG_VERSION) && \
(MBEDTLS_CONFIG_VERSION < 0x03000000 || \
MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER)
# error \
"Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
#endif
/* Target and application specific configurations
@@ -71,11 +72,11 @@
*
*/
#if defined(MBEDTLS_USER_CONFIG_FILE)
#include MBEDTLS_USER_CONFIG_FILE
# include MBEDTLS_USER_CONFIG_FILE
#endif
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#include "mbedtls/config_psa.h"
# include "mbedtls/config_psa.h"
#endif
#include "mbedtls/check_config.h"

84
include/mbedtls/camellia.h
View File

@@ -30,8 +30,8 @@
#include "mbedtls/platform_util.h"
#define MBEDTLS_CAMELLIA_ENCRYPT 1
#define MBEDTLS_CAMELLIA_DECRYPT 0
#define MBEDTLS_CAMELLIA_ENCRYPT 1
#define MBEDTLS_CAMELLIA_DECRYPT 0
/** Bad input data. */
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
@@ -50,15 +50,13 @@ extern "C" {
/**
* \brief CAMELLIA context structure
*/
typedef struct mbedtls_camellia_context
{
int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
}
mbedtls_camellia_context;
typedef struct mbedtls_camellia_context {
int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
} mbedtls_camellia_context;
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#else /* MBEDTLS_CAMELLIA_ALT */
# include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
/**
@@ -67,7 +65,7 @@ mbedtls_camellia_context;
* \param ctx The CAMELLIA context to be initialized.
* This must not be \c NULL.
*/
void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
void mbedtls_camellia_init(mbedtls_camellia_context *ctx);
/**
* \brief Clear a CAMELLIA context.
@@ -76,7 +74,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
* in which case this function returns immediately. If it is not
* \c NULL, it must be initialized.
*/
void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
void mbedtls_camellia_free(mbedtls_camellia_context *ctx);
/**
* \brief Perform a CAMELLIA key schedule operation for encryption.
@@ -90,9 +88,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief Perform a CAMELLIA key schedule operation for decryption.
@@ -106,9 +104,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits );
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits);
/**
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
@@ -125,10 +123,10 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] );
int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -159,12 +157,12 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -205,13 +203,13 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -289,13 +287,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -305,7 +303,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_camellia_self_test( int verbose );
int mbedtls_camellia_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

136
include/mbedtls/ccm.h
View File

@@ -52,15 +52,15 @@
#include "mbedtls/cipher.h"
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
#define MBEDTLS_CCM_STAR_ENCRYPT 3
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
#define MBEDTLS_CCM_STAR_ENCRYPT 3
/** Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
/** Authenticated decryption failed. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
#ifdef __cplusplus
extern "C" {
@@ -74,14 +74,13 @@ extern "C" {
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
typedef struct mbedtls_ccm_context
{
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;
typedef struct mbedtls_ccm_context {
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
context used. */
} mbedtls_ccm_context;
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#else /* MBEDTLS_CCM_ALT */
# include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
/**
@@ -91,7 +90,7 @@ mbedtls_ccm_context;
*
* \param ctx The CCM context to initialize. This must not be \c NULL.
*/
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
void mbedtls_ccm_init(mbedtls_ccm_context *ctx);
/**
* \brief This function initializes the CCM context set in the
@@ -106,10 +105,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits );
int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function releases and clears the specified CCM context
@@ -118,7 +117,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
* \param ctx The CCM context to clear. If this is \c NULL, the function
* has no effect. Otherwise, this must be initialized.
*/
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
void mbedtls_ccm_free(mbedtls_ccm_context *ctx);
/**
* \brief This function encrypts a buffer using CCM.
@@ -156,11 +155,16 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
unsigned char *output,
unsigned char *tag,
size_t tag_len);
/**
* \brief This function encrypts a buffer using CCM*.
@@ -204,11 +208,16 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
unsigned char *output,
unsigned char *tag,
size_t tag_len);
/**
* \brief This function performs a CCM authenticated decryption of a
@@ -241,11 +250,16 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
unsigned char *output,
const unsigned char *tag,
size_t tag_len);
/**
* \brief This function performs a CCM* authenticated decryption of a
@@ -286,11 +300,16 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
unsigned char *output,
const unsigned char *tag,
size_t tag_len);
/**
* \brief This function starts a CCM encryption or decryption
@@ -320,10 +339,10 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
* \p iv_len is invalid (lower than \c 7 or greater than
* \c 13).
*/
int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len );
int mbedtls_ccm_starts(mbedtls_ccm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len);
/**
* \brief This function declares the lengths of the message
@@ -352,10 +371,10 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
* \p ctx is in an invalid state,
* \p total_ad_len is greater than \c 0xFF00.
*/
int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
size_t total_ad_len,
size_t plaintext_len,
size_t tag_len );
int mbedtls_ccm_set_lengths(mbedtls_ccm_context *ctx,
size_t total_ad_len,
size_t plaintext_len,
size_t tag_len);
/**
* \brief This function feeds an input buffer as associated data
@@ -387,9 +406,9 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
* \p ctx is in an invalid state,
* total input length too long.
*/
int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
const unsigned char *ad,
size_t ad_len );
int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
const unsigned char *ad,
size_t ad_len);
/**
* \brief This function feeds an input buffer into an ongoing CCM
@@ -454,10 +473,12 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
* total input length too long,
* or \p output_size too small.
*/
int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
const unsigned char *input, size_t input_len,
unsigned char *output, size_t output_size,
size_t *output_len );
int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
const unsigned char *input,
size_t input_len,
unsigned char *output,
size_t output_size,
size_t *output_len);
/**
* \brief This function finishes the CCM operation and generates
@@ -490,8 +511,9 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
* mbedtls_ccm_update() was lower than the plaintext length
* \c plaintext_len passed to mbedtls_ccm_set_lengths().
*/
int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
unsigned char *tag, size_t tag_len );
int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
unsigned char *tag,
size_t tag_len);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
@@ -500,7 +522,7 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_ccm_self_test( int verbose );
int mbedtls_ccm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus

56
include/mbedtls/chacha20.h
View File

@@ -39,7 +39,7 @@
#include <stddef.h>
/** Invalid input parameter(s). */
#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
#ifdef __cplusplus
extern "C" {
@@ -47,16 +47,16 @@ extern "C" {
#if !defined(MBEDTLS_CHACHA20_ALT)
typedef struct mbedtls_chacha20_context
{
uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
}
mbedtls_chacha20_context;
typedef struct mbedtls_chacha20_context {
uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round
operations). */
uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes
already used. */
} mbedtls_chacha20_context;
#else /* MBEDTLS_CHACHA20_ALT */
#include "chacha20_alt.h"
#else /* MBEDTLS_CHACHA20_ALT */
# include "chacha20_alt.h"
#endif /* MBEDTLS_CHACHA20_ALT */
/**
@@ -74,7 +74,7 @@ mbedtls_chacha20_context;
* \param ctx The ChaCha20 context to initialize.
* This must not be \c NULL.
*/
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -85,7 +85,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
* \c NULL, it must point to an initialized context.
*
*/
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx);
/**
* \brief This function sets the encryption/decryption key.
@@ -103,8 +103,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
*/
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] );
int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
const unsigned char key[32]);
/**
* \brief This function sets the nonce and initial counter value.
@@ -125,9 +125,9 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
* NULL.
*/
int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
const unsigned char nonce[12],
uint32_t counter );
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
const unsigned char nonce[12],
uint32_t counter);
/**
* \brief This function encrypts or decrypts data.
@@ -158,10 +158,10 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
size_t size,
const unsigned char *input,
unsigned char *output );
int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
size_t size,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function encrypts or decrypts data with ChaCha20 and
@@ -191,12 +191,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_chacha20_crypt( const unsigned char key[32],
const unsigned char nonce[12],
uint32_t counter,
size_t size,
const unsigned char* input,
unsigned char* output );
int mbedtls_chacha20_crypt(const unsigned char key[32],
const unsigned char nonce[12],
uint32_t counter,
size_t size,
const unsigned char *input,
unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -205,7 +205,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_chacha20_self_test( int verbose );
int mbedtls_chacha20_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

105
include/mbedtls/chachapoly.h
View File

@@ -39,9 +39,9 @@
#include "mbedtls/poly1305.h"
/** The requested operation is not permitted in the current state. */
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
/** Authenticated decryption failed: data was not authentic. */
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
#ifdef __cplusplus
extern "C" {
@@ -49,28 +49,31 @@ extern "C" {
typedef enum
{
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
}
mbedtls_chachapoly_mode_t;
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption.
*/
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
} mbedtls_chachapoly_mode_t;
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
#include "mbedtls/chacha20.h"
# include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
}
mbedtls_chachapoly_context;
typedef struct mbedtls_chachapoly_context {
mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20
context. */
mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305
context. */
uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional
Authenticated Data. */
uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the
ciphertext. */
int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt
or decrypt). */
} mbedtls_chachapoly_context;
#else /* !MBEDTLS_CHACHAPOLY_ALT */
#include "chachapoly_alt.h"
# include "chachapoly_alt.h"
#endif /* !MBEDTLS_CHACHAPOLY_ALT */
/**
@@ -115,7 +118,7 @@ mbedtls_chachapoly_context;
*
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
*/
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -124,7 +127,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
* case this function is a no-op.
*/
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx);
/**
* \brief This function sets the ChaCha20-Poly1305
@@ -137,8 +140,8 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
const unsigned char key[32] );
int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
const unsigned char key[32]);
/**
* \brief This function starts a ChaCha20-Poly1305 encryption or
@@ -165,9 +168,9 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
mbedtls_chachapoly_mode_t mode );
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
mbedtls_chachapoly_mode_t mode);
/**
* \brief This function feeds additional data to be authenticated
@@ -208,9 +211,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
* if the operations has not been started or has been
* finished, or if the AAD has been finished.
*/
int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
const unsigned char *aad,
size_t aad_len );
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
const unsigned char *aad,
size_t aad_len);
/**
* \brief Thus function feeds data to be encrypted or decrypted
@@ -243,10 +246,10 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
* finished.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
size_t len,
const unsigned char *input,
unsigned char *output );
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
size_t len,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function finished the ChaCha20-Poly1305 operation and
@@ -264,8 +267,8 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
* finished.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
unsigned char mac[16] );
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
unsigned char mac[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -296,14 +299,14 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
size_t length,
const unsigned char nonce[12],
const unsigned char *aad,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
unsigned char tag[16] );
int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
size_t length,
const unsigned char nonce[12],
const unsigned char *aad,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
unsigned char tag[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -330,14 +333,14 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
* if the data was not authentic.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
size_t length,
const unsigned char nonce[12],
const unsigned char *aad,
size_t aad_len,
const unsigned char tag[16],
const unsigned char *input,
unsigned char *output );
int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
size_t length,
const unsigned char nonce[12],
const unsigned char *aad,
size_t aad_len,
const unsigned char tag[16],
const unsigned char *input,
unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -346,7 +349,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_chachapoly_self_test( int verbose );
int mbedtls_chachapoly_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

823
include/mbedtls/check_config.h
View File

File diff suppressed because it is too large Load Diff

508
include/mbedtls/cipher.h
View File

@@ -33,43 +33,43 @@
#include <stddef.h>
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
# define MBEDTLS_CIPHER_MODE_AEAD
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
# define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || defined(MBEDTLS_CHACHA20_C)
# define MBEDTLS_CIPHER_MODE_STREAM
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
!defined(__cplusplus)
# define inline __inline
#endif
/** The selected feature is not available. */
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
/** Bad input parameters. */
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
/** Failed to allocate memory. */
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
/** Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
/** Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
/** Authentication failed (for AEAD modes). */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
/** The context is invalid. For example, because it was freed. */
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
/** Cipher accepts IVs of variable length. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
/** Cipher accepts keys of variable length. */
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
#ifdef __cplusplus
extern "C" {
@@ -82,15 +82,18 @@ extern "C" {
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
typedef enum
{
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID
lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream
cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
} mbedtls_cipher_id_t;
/**
@@ -100,122 +103,164 @@ typedef enum {
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
typedef enum
{
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair
lists. */
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode.
*/
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode.
*/
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode.
*/
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode.
*/
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode.
*/
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode.
*/
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128
mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128
mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128
mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode.
*/
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode.
*/
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode.
*/
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode.
*/
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode.
*/
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode.
*/
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode.
*/
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode.
*/
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode.
*/
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode.
*/
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode.
*/
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode.
*/
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode.
*/
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode.
*/
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode.
*/
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and
CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and
CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and
CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode.
*/
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode.
*/
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode.
*/
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode.
*/
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode.
*/
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode.
*/
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode.
*/
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode.
*/
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode.
*/
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
typedef enum {
MBEDTLS_MODE_NONE = 0, /**< None. */
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
typedef enum
{
MBEDTLS_MODE_NONE = 0, /**< None. */
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
} mbedtls_cipher_mode_t;
/** Supported cipher padding types. */
typedef enum {
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
typedef enum
{
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
} mbedtls_cipher_padding_t;
/** Type of operation. */
typedef enum {
typedef enum
{
MBEDTLS_OPERATION_NONE = -1,
MBEDTLS_DECRYPT = 0,
MBEDTLS_ENCRYPT,
} mbedtls_operation_t;
enum {
enum
{
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys. */
MBEDTLS_KEY_LENGTH_DES = 64,
MBEDTLS_KEY_LENGTH_DES = 64,
/** Key length in bits, including parity, for DES in two-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
/** Key length in bits, including parity, for DES in three-key EDE. */
@@ -226,13 +271,13 @@ enum {
/* This should ideally be derived automatically from list of ciphers.
* This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
* in library/ssl_misc.h. */
#define MBEDTLS_MAX_IV_LENGTH 16
#define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
* This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
* in library/ssl_misc.h. */
#define MBEDTLS_MAX_BLOCK_LENGTH 16
#define MBEDTLS_MAX_BLOCK_LENGTH 16
/** Maximum key length, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
@@ -242,9 +287,9 @@ enum {
* in library/ssl_misc.h, which however deliberately ignores the case of XTS
* since the latter isn't used in SSL/TLS. */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
#define MBEDTLS_MAX_KEY_LENGTH 64
# define MBEDTLS_MAX_KEY_LENGTH 64
#else
#define MBEDTLS_MAX_KEY_LENGTH 32
# define MBEDTLS_MAX_KEY_LENGTH 32
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -261,8 +306,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef struct mbedtls_cipher_info_t
{
typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@@ -278,7 +322,7 @@ typedef struct mbedtls_cipher_info_t
unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
const char * MBEDTLS_PRIVATE(name);
const char *MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
@@ -303,8 +347,7 @@ typedef struct mbedtls_cipher_info_t
/**
* Generic cipher context.
*/
typedef struct mbedtls_cipher_context_t
{
typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
@@ -320,8 +363,12 @@ typedef struct mbedtls_cipher_context_t
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
void (*MBEDTLS_PRIVATE(add_padding))(unsigned char *output,
size_t olen,
size_t data_len);
int (*MBEDTLS_PRIVATE(get_padding))(unsigned char *input,
size_t ilen,
size_t *data_len);
#endif
/** Buffer for input that has not been processed yet. */
@@ -371,7 +418,7 @@ typedef struct mbedtls_cipher_context_t
* \return A statically-allocated array of cipher identifiers
* of type cipher_type_t. The last entry is zero.
*/
const int *mbedtls_cipher_list( void );
const int *mbedtls_cipher_list(void);
/**
* \brief This function retrieves the cipher-information
@@ -384,7 +431,8 @@ const int *mbedtls_cipher_list( void );
* given \p cipher_name.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
const mbedtls_cipher_info_t *
mbedtls_cipher_info_from_string(const char *cipher_name);
/**
* \brief This function retrieves the cipher-information
@@ -396,7 +444,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
* given \p cipher_type.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
const mbedtls_cipher_info_t *
mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type);
/**
* \brief This function retrieves the cipher-information
@@ -412,16 +461,17 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
* given \p cipher_id.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
const mbedtls_cipher_mode_t mode );
const mbedtls_cipher_info_t *
mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
const mbedtls_cipher_mode_t mode);
/**
* \brief This function initializes a \p cipher_context as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
/**
* \brief This function frees and clears the cipher-specific
@@ -432,8 +482,7 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
* function has no effect, otherwise this must point to an
* initialized context.
*/
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
/**
* \brief This function prepares a cipher context for
@@ -461,8 +510,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info );
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -486,9 +535,9 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info,
size_t taglen );
int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info,
size_t taglen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -499,11 +548,11 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
* \return The block size of the underlying cipher.
* \return \c 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx )
static inline unsigned int
mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
@@ -518,11 +567,11 @@ static inline unsigned int mbedtls_cipher_get_block_size(
* \return The mode of operation.
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx )
static inline mbedtls_cipher_mode_t
mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_MODE_NONE;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
@@ -538,17 +587,17 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
* \return \c 0 for ciphers not using an IV or a nonce.
* \return The actual size if an IV has been set.
*/
static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx )
static inline int
mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
return (int) ctx->MBEDTLS_PRIVATE(iv_size);
if (ctx->MBEDTLS_PRIVATE(iv_size) != 0)
return (int)ctx->MBEDTLS_PRIVATE(iv_size);
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@@ -559,12 +608,11 @@ static inline int mbedtls_cipher_get_iv_size(
* \return The type of the cipher.
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
const mbedtls_cipher_context_t *ctx )
static inline mbedtls_cipher_type_t
mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_CIPHER_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_CIPHER_NONE;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
@@ -579,11 +627,11 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
* \return The name of the cipher.
* \return NULL if \p ctx has not been not initialized.
*/
static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx )
static inline const char *
mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
@@ -598,15 +646,14 @@ static inline const char *mbedtls_cipher_get_name(
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
const mbedtls_cipher_context_t *ctx )
static inline int
mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_KEY_LENGTH_NONE;
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@@ -617,12 +664,11 @@ static inline int mbedtls_cipher_get_key_bitlen(
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
const mbedtls_cipher_context_t *ctx )
static inline mbedtls_operation_t
mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_OPERATION_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_OPERATION_NONE;
return ctx->MBEDTLS_PRIVATE(operation);
@@ -644,10 +690,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
const mbedtls_operation_t operation );
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
const mbedtls_operation_t operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
@@ -666,8 +712,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode );
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode);
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
@@ -688,9 +734,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len );
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len);
/**
* \brief This function resets the cipher state.
@@ -724,7 +770,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -739,8 +785,9 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
const unsigned char *ad,
size_t ad_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -772,10 +819,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input,
size_t ilen, unsigned char *output,
size_t *olen );
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t *olen);
/**
* \brief The generic cipher finalization function. If data still
@@ -799,8 +847,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen );
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
unsigned char *output,
size_t *olen);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -819,8 +868,9 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len );
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
unsigned char *tag,
size_t tag_len);
/**
* \brief This function checks the tag for AEAD ciphers.
@@ -835,8 +885,9 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
const unsigned char *tag,
size_t tag_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -872,10 +923,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t *olen);
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/**
@@ -922,12 +976,17 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len );
int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t output_len,
size_t *olen,
size_t tag_len);
/**
* \brief The authenticated encryption (AEAD/NIST_KW) function.
@@ -978,12 +1037,17 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len );
int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len,
const unsigned char *ad,
size_t ad_len,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t output_len,
size_t *olen,
size_t tag_len);
#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
#ifdef __cplusplus
}

60
include/mbedtls/cmac.h
View File

@@ -35,15 +35,15 @@
extern "C" {
#endif
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
#if defined(MBEDTLS_AES_C)
/** The longest block used by CMAC is that of AES. */
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16
# define MBEDTLS_CIPHER_BLKSIZE_MAX 16
#else
/** The longest block used by CMAC is that of 3DES. */
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8
# define MBEDTLS_CIPHER_BLKSIZE_MAX 8
#endif
#if !defined(MBEDTLS_CMAC_ALT)
@@ -51,21 +51,20 @@ extern "C" {
/**
* The CMAC context structure.
*/
struct mbedtls_cmac_context_t
{
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
size_t MBEDTLS_PRIVATE(unprocessed_len);
size_t MBEDTLS_PRIVATE(unprocessed_len);
};
#else /* !MBEDTLS_CMAC_ALT */
#include "cmac_alt.h"
#else /* !MBEDTLS_CMAC_ALT */
# include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */
/**
@@ -90,8 +89,9 @@ struct mbedtls_cmac_context_t
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits );
int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
const unsigned char *key,
size_t keybits);
/**
* \brief This function feeds an input buffer into an ongoing CMAC
@@ -109,8 +109,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen );
int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the CMAC operation, and writes
@@ -127,8 +128,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output );
int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
unsigned char *output);
/**
* \brief This function prepares the authentication of another
@@ -144,7 +145,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx);
/**
* \brief This function calculates the full generic CMAC
@@ -173,10 +174,12 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );
int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
const unsigned char *key,
size_t keylen,
const unsigned char *input,
size_t ilen,
unsigned char *output);
#if defined(MBEDTLS_AES_C)
/**
@@ -196,12 +199,15 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
*
* \return \c 0 on success.
*/
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
const unsigned char *input, size_t in_len,
unsigned char output[16] );
int mbedtls_aes_cmac_prf_128(const unsigned char *key,
size_t key_len,
const unsigned char *input,
size_t in_len,
unsigned char output[16]);
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
#if defined(MBEDTLS_SELF_TEST) && \
(defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C))
/**
* \brief The CMAC checkup routine.
*
@@ -215,7 +221,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_cmac_self_test( int verbose );
int mbedtls_cmac_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#ifdef __cplusplus

48
include/mbedtls/compat-2.x.h
View File

@@ -23,36 +23,36 @@
*/
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Including compat-2.x.h is deprecated"
# warning "Including compat-2.x.h is deprecated"
#endif
#ifndef MBEDTLS_COMPAT2X_H
#define MBEDTLS_COMPAT2X_H
# define MBEDTLS_COMPAT2X_H
/*
* Macros for renamed functions
*/
#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
#define mbedtls_md5_starts_ret mbedtls_md5_starts
#define mbedtls_md5_update_ret mbedtls_md5_update
#define mbedtls_md5_finish_ret mbedtls_md5_finish
#define mbedtls_md5_ret mbedtls_md5
#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
#define mbedtls_ripemd160_ret mbedtls_ripemd160
#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
#define mbedtls_sha1_update_ret mbedtls_sha1_update
#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
#define mbedtls_sha1_ret mbedtls_sha1
#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
#define mbedtls_sha256_update_ret mbedtls_sha256_update
#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
#define mbedtls_sha256_ret mbedtls_sha256
#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
#define mbedtls_sha512_update_ret mbedtls_sha512_update
#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
#define mbedtls_sha512_ret mbedtls_sha512
# define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
# define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
# define mbedtls_md5_starts_ret mbedtls_md5_starts
# define mbedtls_md5_update_ret mbedtls_md5_update
# define mbedtls_md5_finish_ret mbedtls_md5_finish
# define mbedtls_md5_ret mbedtls_md5
# define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
# define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
# define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
# define mbedtls_ripemd160_ret mbedtls_ripemd160
# define mbedtls_sha1_starts_ret mbedtls_sha1_starts
# define mbedtls_sha1_update_ret mbedtls_sha1_update
# define mbedtls_sha1_finish_ret mbedtls_sha1_finish
# define mbedtls_sha1_ret mbedtls_sha1
# define mbedtls_sha256_starts_ret mbedtls_sha256_starts
# define mbedtls_sha256_update_ret mbedtls_sha256_update
# define mbedtls_sha256_finish_ret mbedtls_sha256_finish
# define mbedtls_sha256_ret mbedtls_sha256
# define mbedtls_sha512_starts_ret mbedtls_sha512_starts
# define mbedtls_sha512_update_ret mbedtls_sha512_update
# define mbedtls_sha512_finish_ret mbedtls_sha512_finish
# define mbedtls_sha512_ret mbedtls_sha512
#endif /* MBEDTLS_COMPAT2X_H */

1161
include/mbedtls/config_psa.h
View File

File diff suppressed because it is too large Load Diff

187
include/mbedtls/ctr_drbg.h
View File

@@ -16,10 +16,9 @@
* The security strength as defined in NIST SP 800-90A is
* 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
* kept at its default value (and not overridden in mbedtls_config.h) and that the
* DRBG instance is set up with default parameters.
* See the documentation of mbedtls_ctr_drbg_seed() for more
* information.
* kept at its default value (and not overridden in mbedtls_config.h) and that
* the DRBG instance is set up with default parameters. See the documentation of
* mbedtls_ctr_drbg_seed() for more information.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -47,30 +46,30 @@
#include "mbedtls/aes.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/** The entropy source failed. */
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
/** The requested random buffer length is too big. */
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
/** The input (entropy + additional data) is too large. */
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
/** Read or write error in file. */
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
/** The block size used by the cipher. */
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
#define MBEDTLS_CTR_DRBG_KEYSIZE 16
# define MBEDTLS_CTR_DRBG_KEYSIZE 16
/**< The key size in bytes used by the cipher.
*
* Compile-time choice: 16 bytes (128 bits)
* because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
*/
#else
#define MBEDTLS_CTR_DRBG_KEYSIZE 32
# define MBEDTLS_CTR_DRBG_KEYSIZE 32
/**< The key size in bytes used by the cipher.
*
* Compile-time choice: 32 bytes (256 bits)
@@ -78,15 +77,22 @@
*/
#endif
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
#define MBEDTLS_CTR_DRBG_KEYBITS \
(MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, \
in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN \
(MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed \
length, \
calculated as \
(counter + AES \
key). */
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them using the compiler command
* line.
* Either change them in mbedtls_config.h or define them using the compiler
* command line.
* \{
*/
@@ -95,52 +101,54 @@
* \brief The amount of entropy used per seed by default, in bytes.
*/
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
# if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
/** This is 48 bytes because the entropy module uses SHA-512
* (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
*/
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
# define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
# else /* defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
/** This is 32 bytes because the entropy module uses SHA-256
* (the SHA512 module is disabled or
* \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
*/
#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
# if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
/** \warning To achieve a 256-bit security strength, you must pass a nonce
* to mbedtls_ctr_drbg_seed().
*/
#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
# endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
# define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
# endif /* defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
# define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
/**< The interval before reseed is performed by default. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
# define MBEDTLS_CTR_DRBG_MAX_INPUT 256
/**< The maximum number of additional input Bytes. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
# define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
/**< The maximum number of requested Bytes per call. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
# define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
/**< The maximum size of seed or reseed buffer in bytes. */
#endif
/* \} name SECTION: Module settings */
#define MBEDTLS_CTR_DRBG_PR_OFF 0
#define MBEDTLS_CTR_DRBG_PR_OFF 0
/**< Prediction resistance is disabled. */
#define MBEDTLS_CTR_DRBG_PR_ON 1
#define MBEDTLS_CTR_DRBG_PR_ON 1
/**< Prediction resistance is enabled. */
#ifdef __cplusplus
@@ -154,7 +162,7 @@ extern "C" {
* to include a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
# define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
#else
/** The default length of the nonce read from the entropy source.
*
@@ -162,44 +170,47 @@ extern "C" {
* the entropy source does not provide enough material to form a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
# define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN \
(MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
* Before the initial seeding, this field
* contains the amount of entropy in bytes
* to use as a nonce for the initial seeding,
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */
int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
typedef struct mbedtls_ctr_drbg_context {
unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that
* have been made since the last
* (re)seeding, minus one. Before the
* initial seeding, this field contains
* the amount of entropy in bytes to
* use as a nonce for the initial
* seeding, or -1 if no nonce length
* has been explicitly set (see
* mbedtls_ctr_drbg_set_nonce_len()).
*/
int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether
prediction resistance is enabled, that is
whether to systematically reseed before
each random generation. */
size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on
each seed or reseed operation, in bytes. */
int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of
* requests that can be made between
* reseedings. */
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */
/*!< The entropy callback function. */
void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function.
*/
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -211,8 +222,7 @@ typedef struct mbedtls_ctr_drbg_context
*/
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ctr_drbg_context;
} mbedtls_ctr_drbg_context;
/**
* \brief This function initializes the CTR_DRBG context,
@@ -226,7 +236,7 @@ mbedtls_ctr_drbg_context;
*
* \param ctx The CTR_DRBG context to initialize.
*/
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function seeds and sets up the CTR_DRBG
@@ -327,11 +337,11 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len );
int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len);
/**
* \brief This function resets CTR_DRBG context to the state immediately
@@ -339,7 +349,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
*
* \param ctx The CTR_DRBG context to clear.
*/
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function turns prediction resistance on or off.
@@ -354,8 +364,8 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
* \param ctx The CTR_DRBG context.
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
*/
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
int resistance );
void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -381,8 +391,8 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
* and at most the maximum length accepted by the
* entropy function that is set in the context.
*/
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
size_t len );
void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
size_t len);
/**
* \brief This function sets the amount of entropy grabbed
@@ -403,8 +413,7 @@ void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
* if the initial seeding has already taken place.
*/
int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
size_t len );
int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len);
/**
* \brief This function sets the reseed interval.
@@ -418,8 +427,8 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
* \param ctx The CTR_DRBG context.
* \param interval The reseed interval.
*/
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
int interval );
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
int interval);
/**
* \brief This function reseeds the CTR_DRBG context, that is
@@ -441,8 +450,9 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len );
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t len);
/**
* \brief This function updates the state of the CTR_DRBG context.
@@ -464,9 +474,9 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return An error from the underlying AES cipher on failure.
*/
int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len );
int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len);
/**
* \brief This function updates a CTR_DRBG instance with additional
@@ -499,9 +509,11 @@ int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t output_len,
const unsigned char *additional, size_t add_len );
int mbedtls_ctr_drbg_random_with_add(void *p_rng,
unsigned char *output,
size_t output_len,
const unsigned char *additional,
size_t add_len);
/**
* \brief This function uses CTR_DRBG to generate random data.
@@ -527,8 +539,9 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
int mbedtls_ctr_drbg_random( void *p_rng,
unsigned char *output, size_t output_len );
int mbedtls_ctr_drbg_random(void *p_rng,
unsigned char *output,
size_t output_len);
#if defined(MBEDTLS_FS_IO)
/**
@@ -542,7 +555,8 @@ int mbedtls_ctr_drbg_random( void *p_rng,
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -558,7 +572,8 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -569,7 +584,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_ctr_drbg_self_test( int verbose );
int mbedtls_ctr_drbg_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

201
include/mbedtls/debug.h
View File

@@ -27,56 +27,74 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
# include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_DEBUG_C)
#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
# define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \
MBEDTLS_DEBUG_STRIP_PARENS args )
# define MBEDTLS_SSL_DEBUG_MSG(level, args) \
mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
MBEDTLS_DEBUG_STRIP_PARENS args)
#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \
mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
# define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \
mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
# define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
#if defined(MBEDTLS_BIGNUM_C)
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \
mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
#endif
# if defined(MBEDTLS_BIGNUM_C)
# define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
# endif
#if defined(MBEDTLS_ECP_C)
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \
mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
#endif
# if defined(MBEDTLS_ECP_C)
# define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
# endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_X509_REMOVE_INFO)
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
#else
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif /* MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
# if defined(MBEDTLS_X509_CRT_PARSE_C)
# if !defined(MBEDTLS_X509_REMOVE_INFO)
# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, \
crt)
# else
# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
do { \
} while (0)
# endif /* MBEDTLS_X509_REMOVE_INFO */
# endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_ECDH_C)
#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
#endif
# if defined(MBEDTLS_ECDH_C)
# define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, \
attr)
# endif
#else /* MBEDTLS_DEBUG_C */
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
# define MBEDTLS_SSL_DEBUG_MSG(level, args) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
do { \
} while (0)
# define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
do { \
} while (0)
#endif /* MBEDTLS_DEBUG_C */
@@ -93,19 +111,20 @@
* This module provides debugging functions.
*/
#if defined(__has_attribute)
#if __has_attribute(format)
#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
__attribute__((__format__ (gnu_printf, string_index, first_to_check)))
#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
__attribute__((format(printf, string_index, first_to_check)))
#endif
#else /* __has_attribute(format) */
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
#endif /* __has_attribute(format) */
# if __has_attribute(format)
# if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
__attribute__(( \
__format__(gnu_printf, string_index, first_to_check)))
# else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
__attribute__((format(printf, string_index, first_to_check)))
# endif
# else /* __has_attribute(format) */
# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
# endif /* __has_attribute(format) */
#else /* defined(__has_attribute) */
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
#endif
/**
@@ -120,14 +139,17 @@
*
* This module provides debugging functions.
*/
#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
(defined(_MSC_VER) && _MSC_VER < 1800)
# include <inttypes.h>
# define MBEDTLS_PRINTF_SIZET PRIuPTR
# define MBEDTLS_PRINTF_LONGLONG "I64d"
#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
(defined(_MSC_VER) && _MSC_VER < 1800) */
# define MBEDTLS_PRINTF_SIZET "zu"
# define MBEDTLS_PRINTF_LONGLONG "lld"
#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
(defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
@@ -148,7 +170,7 @@ extern "C" {
* - 3 Informational
* - 4 Verbose
*/
void mbedtls_debug_set_threshold( int threshold );
void mbedtls_debug_set_threshold(int threshold);
/**
* \brief Print a message to the debug output. This function is always used
@@ -165,9 +187,12 @@ void mbedtls_debug_set_threshold( int threshold );
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *format,
...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
/**
* \brief Print the return value of a function to the debug output. This
@@ -184,9 +209,12 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, int ret );
void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *text,
int ret);
/**
* \brief Output a buffer of size len bytes to the debug output. This function
@@ -205,9 +233,13 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len );
void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *text,
const unsigned char *buf,
size_t len);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -226,9 +258,12 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X );
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *text,
const mbedtls_mpi *X);
#endif
#if defined(MBEDTLS_ECP_C)
@@ -248,9 +283,12 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_ecp_point *X );
void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *text,
const mbedtls_ecp_point *X);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -269,9 +307,12 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_x509_crt *crt );
void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const char *text,
const mbedtls_x509_crt *crt);
#endif
#if defined(MBEDTLS_ECDH_C)
@@ -298,10 +339,12 @@ typedef enum
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const mbedtls_ecdh_context *ecdh,
mbedtls_debug_ecdh_attr attr );
void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl,
int level,
const char *file,
int line,
const mbedtls_ecdh_context *ecdh,
mbedtls_debug_ecdh_attr attr);
#endif
#ifdef __cplusplus

107
include/mbedtls/des.h
View File

@@ -33,13 +33,13 @@
#include <stddef.h>
#include <stdint.h>
#define MBEDTLS_DES_ENCRYPT 1
#define MBEDTLS_DES_DECRYPT 0
#define MBEDTLS_DES_ENCRYPT 1
#define MBEDTLS_DES_DECRYPT 0
/** The data input has an invalid length. */
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
#define MBEDTLS_DES_KEY_SIZE 8
#define MBEDTLS_DES_KEY_SIZE 8
#ifdef __cplusplus
extern "C" {
@@ -56,23 +56,19 @@ extern "C" {
* security risk. We recommend considering stronger ciphers
* instead.
*/
typedef struct mbedtls_des_context
{
uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
}
mbedtls_des_context;
typedef struct mbedtls_des_context {
uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
} mbedtls_des_context;
/**
* \brief Triple-DES context structure
*/
typedef struct mbedtls_des3_context
{
uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
typedef struct mbedtls_des3_context {
uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
} mbedtls_des3_context;
#else /* MBEDTLS_DES_ALT */
#include "des_alt.h"
#else /* MBEDTLS_DES_ALT */
# include "des_alt.h"
#endif /* MBEDTLS_DES_ALT */
/**
@@ -84,7 +80,7 @@ mbedtls_des3_context;
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des_init( mbedtls_des_context *ctx );
void mbedtls_des_init(mbedtls_des_context *ctx);
/**
* \brief Clear DES context
@@ -95,21 +91,21 @@ void mbedtls_des_init( mbedtls_des_context *ctx );
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des_free( mbedtls_des_context *ctx );
void mbedtls_des_free(mbedtls_des_context *ctx);
/**
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
*/
void mbedtls_des3_init( mbedtls_des3_context *ctx );
void mbedtls_des3_init(mbedtls_des3_context *ctx);
/**
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
*/
void mbedtls_des3_free( mbedtls_des3_context *ctx );
void mbedtls_des3_free(mbedtls_des3_context *ctx);
/**
* \brief Set key parity on the given key to odd.
@@ -123,7 +119,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx );
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key parity on the given key is odd.
@@ -139,7 +135,8 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
int mbedtls_des_key_check_key_parity(
const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key is not a weak or semi-weak DES key
@@ -152,7 +149,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, encryption)
@@ -166,7 +163,8 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
int mbedtls_des_setkey_enc(mbedtls_des_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, decryption)
@@ -180,7 +178,8 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
int mbedtls_des_setkey_dec(mbedtls_des_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Triple-DES key schedule (112-bit, encryption)
@@ -190,8 +189,8 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
*
* \return 0
*/
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@@ -201,8 +200,8 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
*
* \return 0
*/
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@@ -212,8 +211,8 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
*
* \return 0
*/
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@@ -223,8 +222,8 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
*
* \return 0
*/
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief DES-ECB block encryption/decryption
@@ -239,9 +238,9 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
const unsigned char input[8],
unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -266,12 +265,12 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
* security risk. We recommend considering stronger ciphers
* instead.
*/
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
int mode,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output );
int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
int mode,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -283,9 +282,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
*
* \return 0 if successful
*/
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
const unsigned char input[8],
unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -308,12 +307,12 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*/
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
int mode,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output );
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
int mode,
size_t length,
unsigned char iv[8],
const unsigned char *input,
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -328,8 +327,8 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des_setkey( uint32_t SK[32],
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
void mbedtls_des_setkey(uint32_t SK[32],
const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
#if defined(MBEDTLS_SELF_TEST)
@@ -338,7 +337,7 @@ void mbedtls_des_setkey( uint32_t SK[32],
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_des_self_test( int verbose );
int mbedtls_des_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

1096
include/mbedtls/dhm.h
View File

File diff suppressed because it is too large Load Diff

193
include/mbedtls/ecdh.h
View File

@@ -51,14 +51,14 @@
*/
#if defined(MBEDTLS_ECP_RESTARTABLE)
#define MBEDTLS_ECDH_LEGACY_CONTEXT
# define MBEDTLS_ECDH_LEGACY_CONTEXT
#else
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
# undef MBEDTLS_ECDH_LEGACY_CONTEXT
#endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
#include "everest/everest.h"
# undef MBEDTLS_ECDH_LEGACY_CONTEXT
# include "everest/everest.h"
#endif
#ifdef __cplusplus
@@ -70,7 +70,7 @@ extern "C" {
*/
typedef enum
{
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@@ -83,11 +83,12 @@ typedef enum
*/
typedef enum
{
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
#endif
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0, /*!< The default Mbed TLS implementation
*/
# if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
# endif
} mbedtls_ecdh_variant;
/**
@@ -97,16 +98,17 @@ typedef enum
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
typedef struct mbedtls_ecdh_context_mbed
{
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif
typedef struct mbedtls_ecdh_context_mbed {
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
# if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
computations. */
# endif
} mbedtls_ecdh_context_mbed;
#endif
@@ -117,46 +119,49 @@ typedef struct mbedtls_ecdh_context_mbed
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
typedef struct mbedtls_ecdh_context
{
typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS
messages. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
# if defined(MBEDTLS_ECP_RESTARTABLE)
int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
computations. */
# endif /* MBEDTLS_ECP_RESTARTABLE */
#else
uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
as defined in RFC 4492. */
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
union
{
mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in
TLS messages as defined in RFC 4492. */
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< The elliptic curve used.
*/
mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH
implementation/structure used.
*/
union {
mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
# if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
#endif
} MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
an alternative implementation not supporting
restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
if this flag is set. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
# endif
} MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
# if defined(MBEDTLS_ECP_RESTARTABLE)
uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable
mode. Functions of an alternative implementation
not supporting restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
if this flag is set. */
# endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
}
mbedtls_ecdh_context;
} mbedtls_ecdh_context;
/**
* \brief Check whether a given group can be used for ECDH.
@@ -165,7 +170,7 @@ mbedtls_ecdh_context;
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function generates an ECDH keypair on an elliptic
@@ -192,9 +197,11 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp,
mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function computes the shared secret.
@@ -227,17 +234,19 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp,
mbedtls_mpi *z,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function initializes an ECDH context.
*
* \param ctx The ECDH context to initialize. This must not be \c NULL.
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx);
/**
* \brief This function sets up the ECDH context with the information
@@ -255,8 +264,7 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
*
* \return \c 0 on success.
*/
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id );
int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id);
/**
* \brief This function frees a context.
@@ -265,7 +273,7 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
* case this function does nothing. If it is not \c NULL,
* it must point to an initialized ECDH context.
*/
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx);
/**
* \brief This function generates an EC key pair and exports its
@@ -292,10 +300,12 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses the ECDHE parameters in a
@@ -321,9 +331,9 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
const unsigned char **buf,
const unsigned char *end );
int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
const unsigned char **buf,
const unsigned char *end);
/**
* \brief This function sets up an ECDH context from an EC key.
@@ -344,9 +354,9 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side );
int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side);
/**
* \brief This function generates a public key and exports it
@@ -374,10 +384,12 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function parses and processes the ECDHE payload of a
@@ -398,8 +410,9 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen );
int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
const unsigned char *buf,
size_t blen);
/**
* \brief This function derives and exports the shared secret.
@@ -430,10 +443,12 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx,
size_t *olen,
unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -448,7 +463,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
*
* \param ctx The ECDH context to use. This must be initialized.
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus

143
include/mbedtls/ecdsa.h
View File

@@ -53,13 +53,13 @@
*
* For each of r and s, the value (V) may include an extra initial "0" bit.
*/
#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
/*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
/*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits) \
(/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \
/*T,L of r,s*/ 2 * \
(((bits) >= 127 * 8 ? 3 : 2) + /*V of r,s*/ ((bits) + 8) / 8))
/** The maximal size of an ECDSA signature in Bytes. */
#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS)
#ifdef __cplusplus
extern "C" {
@@ -90,27 +90,29 @@ typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
*/
typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
# if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
* \brief Internal restart context for ecdsa_sign_det()
*
* \note Opaque struct, defined in ecdsa.c
*/
typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
#endif
# endif
/**
* \brief General context for resuming ECDSA operations
*/
typedef struct
{
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
#endif
typedef struct {
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP
restart and shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify()
sub-context */
mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign()
sub-context */
# if defined(MBEDTLS_ECDSA_DETERMINISTIC)
mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det()
sub-context */
# endif
} mbedtls_ecdsa_restart_ctx;
#else /* MBEDTLS_ECP_RESTARTABLE */
@@ -128,7 +130,7 @@ typedef void mbedtls_ecdsa_restart_ctx;
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function computes the ECDSA signature of a
@@ -166,9 +168,14 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
* \return An \c MBEDTLS_ERR_ECP_XXX
* or \c MBEDTLS_MPI_XXX error code on failure.
*/
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp,
mbedtls_mpi *r,
mbedtls_mpi *s,
const mbedtls_mpi *d,
const unsigned char *buf,
size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
@@ -210,12 +217,17 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
mbedtls_mpi *s, const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg,
int (*f_rng_blind)(void *, unsigned char *, size_t),
void *p_rng_blind );
int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp,
mbedtls_mpi *r,
mbedtls_mpi *s,
const mbedtls_mpi *d,
const unsigned char *buf,
size_t blen,
mbedtls_md_type_t md_alg,
int (*f_rng_blind)(void *,
unsigned char *,
size_t),
void *p_rng_blind);
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
@@ -250,10 +262,12 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason.
*/
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
const mbedtls_mpi *s);
int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
const unsigned char *buf,
size_t blen,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *r,
const mbedtls_mpi *s);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -304,12 +318,15 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t sig_size, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hlen,
unsigned char *sig,
size_t sig_size,
size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -351,13 +368,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
* \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t sig_size, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx );
int mbedtls_ecdsa_write_signature_restartable(
mbedtls_ecdsa_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hlen,
unsigned char *sig,
size_t sig_size,
size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx);
/**
* \brief This function reads and verifies an ECDSA signature.
@@ -386,9 +407,11 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen );
int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
const unsigned char *hash,
size_t hlen,
const unsigned char *sig,
size_t slen);
/**
* \brief This function reads and verifies an ECDSA signature,
@@ -421,10 +444,12 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
* \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen,
mbedtls_ecdsa_restart_ctx *rs_ctx );
int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
const unsigned char *hash,
size_t hlen,
const unsigned char *sig,
size_t slen,
mbedtls_ecdsa_restart_ctx *rs_ctx);
/**
* \brief This function generates an ECDSA keypair on the given curve.
@@ -442,8 +467,10 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx,
mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function sets up an ECDSA context from an EC key pair.
@@ -460,8 +487,8 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
const mbedtls_ecp_keypair *key );
int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
const mbedtls_ecp_keypair *key);
/**
* \brief This function initializes an ECDSA context.
@@ -469,7 +496,7 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
* \param ctx The ECDSA context to initialize.
* This must not be \c NULL.
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
/**
* \brief This function frees an ECDSA context.
@@ -478,7 +505,7 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -487,7 +514,7 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
* \param ctx The restart context to initialize.
* This must not be \c NULL.
*/
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -496,7 +523,7 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus

114
include/mbedtls/ecjpake.h
View File

@@ -51,9 +51,10 @@ extern "C" {
/**
* Roles in the EC J-PAKE exchange
*/
typedef enum {
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
MBEDTLS_ECJPAKE_SERVER, /**< Server */
typedef enum
{
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
MBEDTLS_ECJPAKE_SERVER, /**< Server */
} mbedtls_ecjpake_role;
#if !defined(MBEDTLS_ECJPAKE_ALT)
@@ -68,27 +69,31 @@ typedef enum {
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
{
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
typedef struct mbedtls_ecjpake_context {
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3
*/
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4
*/
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1
*/
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2
*/
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc
*/
mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */
#include "ecjpake_alt.h"
#else /* MBEDTLS_ECJPAKE_ALT */
# include "ecjpake_alt.h"
#endif /* MBEDTLS_ECJPAKE_ALT */
/**
@@ -97,7 +102,7 @@ typedef struct mbedtls_ecjpake_context
* \param ctx The ECJPAKE context to initialize.
* This must not be \c NULL.
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx);
/**
* \brief Set up an ECJPAKE context for use.
@@ -120,12 +125,12 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
mbedtls_ecjpake_role role,
mbedtls_md_type_t hash,
mbedtls_ecp_group_id curve,
const unsigned char *secret,
size_t len );
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
mbedtls_ecjpake_role role,
mbedtls_md_type_t hash,
mbedtls_ecp_group_id curve,
const unsigned char *secret,
size_t len);
/**
* \brief Set the point format for future reads and writes.
@@ -139,8 +144,8 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
* is invalid.
*/
int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
int point_format );
int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
int point_format);
/**
* \brief Check if an ECJPAKE context is ready for use.
@@ -151,7 +156,7 @@ int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
* \return \c 0 if the context is ready for use.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx);
/**
* \brief Generate and write the first round message
@@ -172,10 +177,14 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
unsigned char *buf,
size_t len,
size_t *olen,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
/**
* \brief Read and process the first round message
@@ -191,9 +200,9 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len );
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len);
/**
* \brief Generate and write the second round message
@@ -213,10 +222,14 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
unsigned char *buf,
size_t len,
size_t *olen,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
/**
* \brief Read and process the second round message
@@ -231,9 +244,9 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len );
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len);
/**
* \brief Derive the shared secret
@@ -253,10 +266,12 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
unsigned char *buf,
size_t len,
size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This clears an ECJPAKE context and frees any
@@ -266,7 +281,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
* in which case this function does nothing. If it is not
* \c NULL, it must point to an initialized ECJPAKE context.
*/
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -275,7 +290,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
*
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_ecjpake_self_test( int verbose );
int mbedtls_ecjpake_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
@@ -283,5 +298,4 @@ int mbedtls_ecjpake_self_test( int verbose );
}
#endif
#endif /* ecjpake.h */

482
include/mbedtls/ecp.h
View File

@@ -43,23 +43,24 @@
* ECP error codes
*/
/** Bad input parameters to function. */
#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
/** The buffer is too small to write to. */
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
/** The requested feature is not available, for example, the requested curve is not supported. */
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
/** The requested feature is not available, for example, the requested curve is
* not supported. */
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
/** The signature is not valid. */
#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
/** Memory allocation failed. */
#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
/** Generation of random value, such as ephemeral key, failed. */
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
/** Invalid private or public key. */
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
/** The buffer contains a valid signature followed by more data. */
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
/** Operation in progress, call again with the same parameters to continue. */
#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
/* Flags indicating whether to include code that is specific to certain
* types of curves. These flags are for internal library use only. */
@@ -68,17 +69,17 @@
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
# define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_ECP_MONTGOMERY_ENABLED
# define MBEDTLS_ECP_MONTGOMERY_ENABLED
#endif
#ifdef __cplusplus
@@ -112,20 +113,31 @@ extern "C" {
*/
typedef enum
{
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve
defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve
defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve
defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve
defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve
defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve.
*/
MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve.
*/
MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve.
*/
MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz"
curve. */
MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz"
curve. */
MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz"
curve. */
MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
} mbedtls_ecp_group_id;
/**
@@ -133,7 +145,7 @@ typedef enum
*
* \note Montgomery curves are currently excluded.
*/
#define MBEDTLS_ECP_DP_MAX 12
#define MBEDTLS_ECP_DP_MAX 12
/*
* Curve types
@@ -141,19 +153,19 @@ typedef enum
typedef enum
{
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
} mbedtls_ecp_curve_type;
/**
* Curve information, for use by other modules.
*/
typedef struct mbedtls_ecp_curve_info
{
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
typedef struct mbedtls_ecp_curve_info {
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier.
*/
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@@ -167,13 +179,11 @@ typedef struct mbedtls_ecp_curve_info
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
typedef struct mbedtls_ecp_point
{
mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
}
mbedtls_ecp_point;
typedef struct mbedtls_ecp_point {
mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
} mbedtls_ecp_point;
#if !defined(MBEDTLS_ECP_ALT)
/*
@@ -204,12 +214,12 @@ mbedtls_ecp_point;
* not the size of \p N but the required size for private keys.
*
* If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
* Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits
* in size, so that it may be efficiently brought in the 0..P-1 range by a few
* additions or subtractions. Therefore, it is only an approximative modular
* reduction. It must return 0 on success and non-zero on failure.
* Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in
* the range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an
* integer which is congruent mod \p P to the given MPI, and is close enough to
* \p pbits in size, so that it may be efficiently brought in the 0..P-1 range
* by a few additions or subtractions. Therefore, it is only an approximative
* modular reduction. It must return 0 on success and non-zero on failure.
*
* \note Alternative implementations of the ECP module must obey the
* following constraints.
@@ -222,42 +232,44 @@ mbedtls_ecp_point;
* of these fields does not need to be supported.
* They do not need to be at the same offset in the structure.
*/
typedef struct mbedtls_ecp_group
{
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
mbedtls_mpi N; /*!< The order of \p G. */
size_t pbits; /*!< The number of bits in \p P.*/
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
mbedtls_mpi N; /*!< The order of \p G. */
size_t pbits; /*!< The number of bits in \p P.*/
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
/* End of public fields */
unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/
int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are
static. */
int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast
pseudo-reduction mod \p P (see above).*/
int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
}
mbedtls_ecp_group;
void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for
ecp_mul_comb(). */
size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated
pre-computed points. */
} mbedtls_ecp_group;
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h, or define them using the compiler command line.
* Either change them in mbedtls_config.h, or define them using the compiler
* command line.
* \{
*/
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
# if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
* Default: a point where higher memory usage yields disminishing performance
@@ -279,10 +291,10 @@ mbedtls_ecp_group;
* 192 640 640 633 587 476
*/
/** The maximum window size used. */
#define MBEDTLS_ECP_WINDOW_SIZE 4
#endif /* MBEDTLS_ECP_WINDOW_SIZE */
# define MBEDTLS_ECP_WINDOW_SIZE 4
# endif /* MBEDTLS_ECP_WINDOW_SIZE */
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
# if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
/*
* Trade code size for speed on fixed-point multiplication.
*
@@ -296,13 +308,13 @@ mbedtls_ecp_group;
* Change this value to 0 to reduce code size.
*/
/** Enable fixed-point speed-up. */
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
# define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
# endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
/* \} name SECTION: Module settings */
#else /* MBEDTLS_ECP_ALT */
#include "ecp_alt.h"
#else /* MBEDTLS_ECP_ALT */
# include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */
/**
@@ -311,40 +323,40 @@ mbedtls_ecp_group;
#if !defined(MBEDTLS_ECP_C)
/* Dummy definition to help code that has optional ECP support and
* defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
#define MBEDTLS_ECP_MAX_BITS 1
# define MBEDTLS_ECP_MAX_BITS 1
/* Note: the curves must be listed in DECREASING size! */
#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 521
# define MBEDTLS_ECP_MAX_BITS 521
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 512
# define MBEDTLS_ECP_MAX_BITS 512
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 448
# define MBEDTLS_ECP_MAX_BITS 448
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 384
# define MBEDTLS_ECP_MAX_BITS 384
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 384
# define MBEDTLS_ECP_MAX_BITS 384
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 256
# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 256
# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 256
# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 255
# define MBEDTLS_ECP_MAX_BITS 255
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
# define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 224
# define MBEDTLS_ECP_MAX_BITS 224
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 192
# define MBEDTLS_ECP_MAX_BITS 192
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 192
# define MBEDTLS_ECP_MAX_BITS 192
#else
#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
# error "Missing definition of MBEDTLS_ECP_MAX_BITS"
#endif
#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -365,21 +377,26 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
/**
* \brief General context for resuming ECC operations
*/
typedef struct
{
unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
typedef struct {
unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb()
sub-context */
mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd()
sub-context */
} mbedtls_ecp_restart_ctx;
/*
* Operation counts for restartable functions
*/
#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
# define MBEDTLS_ECP_OPS_CHK \
3 /*!< basic ops count for ecp_check_pubkey() */
# define MBEDTLS_ECP_OPS_DBL \
8 /*!< basic ops count for ecp_double_jac() */
# define MBEDTLS_ECP_OPS_ADD \
11 /*!< basic ops count for see ecp_add_mixed() */
# define MBEDTLS_ECP_OPS_INV \
120 /*!< empirical equivalent for mpi_mod_inv() */
/**
* \brief Internal; for restartable functions in other modules.
@@ -392,18 +409,17 @@ typedef struct
* \return \c 0 if doing \p ops basic ops is still allowed,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
*/
int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
mbedtls_ecp_restart_ctx *rs_ctx,
unsigned ops );
int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
mbedtls_ecp_restart_ctx *rs_ctx,
unsigned ops);
/* Utility macro for checking and updating ops budget */
#define MBEDTLS_ECP_BUDGET( ops ) \
MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
(unsigned) (ops) ) );
# define MBEDTLS_ECP_BUDGET(ops) \
MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, (unsigned)(ops)));
#else /* MBEDTLS_ECP_RESTARTABLE */
#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
# define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */
/* We want to declare restartable versions of existing functions anyway */
typedef void mbedtls_ecp_restart_ctx;
@@ -418,27 +434,26 @@ typedef void mbedtls_ecp_restart_ctx;
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
typedef struct mbedtls_ecp_keypair
{
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
}
mbedtls_ecp_keypair;
typedef struct mbedtls_ecp_keypair {
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point
*/
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
} mbedtls_ecp_keypair;
/*
* Point formats, from RFC 4492's enum ECPointFormat
*/
/** Uncompressed point format. */
#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
/** Compressed point format. */
#define MBEDTLS_ECP_PF_COMPRESSED 1
#define MBEDTLS_ECP_PF_COMPRESSED 1
/*
* Some other constants from RFC 4492
*/
/** The named_curve of ECCurveType. */
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -498,7 +513,7 @@ mbedtls_ecp_keypair;
*
* \note This setting is currently ignored by Curve25519.
*/
void mbedtls_ecp_set_max_ops( unsigned max_ops );
void mbedtls_ecp_set_max_ops(unsigned max_ops);
/**
* \brief Check if restart is enabled (max_ops != 0)
@@ -506,13 +521,13 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops );
* \return \c 0 if \c max_ops == 0 (restart disabled)
* \return \c 1 otherwise (restart enabled)
*/
int mbedtls_ecp_restart_is_enabled( void );
int mbedtls_ecp_restart_is_enabled(void);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Get the type of a curve
*/
mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp);
/**
* \brief This function retrieves the information defined in
@@ -526,7 +541,7 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
*
* \return A statically allocated array. The last entry is 0.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
/**
* \brief This function retrieves the list of internal group
@@ -542,7 +557,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
* \return A statically allocated array,
* terminated with MBEDTLS_ECP_DP_NONE.
*/
const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void);
/**
* \brief This function retrieves curve information from an internal
@@ -553,7 +568,8 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
* \return The associated curve information on success.
* \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
const mbedtls_ecp_curve_info *
mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id);
/**
* \brief This function retrieves curve information from a TLS
@@ -564,7 +580,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr
* \return The associated curve information on success.
* \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
const mbedtls_ecp_curve_info *
mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id);
/**
* \brief This function retrieves curve information from a
@@ -575,14 +592,15 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i
* \return The associated curve information on success.
* \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
const mbedtls_ecp_curve_info *
mbedtls_ecp_curve_info_from_name(const char *name);
/**
* \brief This function initializes a point as zero.
*
* \param pt The point to initialize.
*/
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
/**
* \brief This function initializes an ECP group context
@@ -593,21 +611,21 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
* mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
/**
* \brief This function initializes a key pair as an invalid one.
*
* \param key The key pair to initialize.
*/
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key);
/**
* \brief This function frees the components of a point.
*
* \param pt The point to free.
*/
void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
/**
* \brief This function frees the components of an ECP group.
@@ -616,7 +634,7 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP group.
*/
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
/**
* \brief This function frees the components of a key pair.
@@ -625,7 +643,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP key pair.
*/
void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -634,7 +652,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
* \param ctx The restart context to initialize. This must
* not be \c NULL.
*/
void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -643,7 +661,7 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized restart context.
*/
void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/**
@@ -657,7 +675,7 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code for other kinds of failure.
*/
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
/**
* \brief This function copies the contents of group \p src into
@@ -670,8 +688,8 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
const mbedtls_ecp_group *src );
int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst,
const mbedtls_ecp_group *src);
/**
* \brief This function sets a point to the point at infinity.
@@ -682,7 +700,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt);
/**
* \brief This function checks if a point is the point at infinity.
@@ -693,7 +711,7 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
* \return \c 0 if the point is non-zero.
* \return A negative error code on failure.
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
/**
* \brief This function compares two points.
@@ -707,8 +725,8 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
* \return \c 0 if the points are equal.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
*/
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q );
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q);
/**
* \brief This function imports a non-zero point from two ASCII
@@ -722,8 +740,10 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
*/
int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
const char *x, const char *y );
int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P,
int radix,
const char *x,
const char *y);
/**
* \brief This function exports a point into unsigned binary data.
@@ -750,10 +770,12 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
* or the export for the given group is not implemented.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen );
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P,
int format,
size_t *olen,
unsigned char *buf,
size_t buflen);
/**
* \brief This function imports a point from unsigned binary data.
@@ -777,9 +799,10 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
* given group is not implemented.
*/
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *P,
const unsigned char *buf, size_t ilen );
int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *P,
const unsigned char *buf,
size_t ilen);
/**
* \brief This function imports a point from a TLS ECPoint record.
@@ -799,9 +822,10 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
* failure.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *pt,
const unsigned char **buf, size_t len );
int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *pt,
const unsigned char **buf,
size_t len);
/**
* \brief This function exports a point as a TLS ECPoint record
@@ -825,10 +849,12 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
* is too small to hold the exported point.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt,
int format, size_t *olen,
unsigned char *buf, size_t blen );
int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt,
int format,
size_t *olen,
unsigned char *buf,
size_t blen);
/**
* \brief This function sets up an ECP group context
@@ -847,7 +873,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
* correspond to a known group.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
/**
* \brief This function sets up an ECP group context from a TLS
@@ -866,8 +892,9 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
* recognized.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
const unsigned char **buf, size_t len );
int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
const unsigned char **buf,
size_t len);
/**
* \brief This function extracts an elliptic curve group ID from a
@@ -887,9 +914,9 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
* recognized.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
const unsigned char **buf,
size_t len );
int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
const unsigned char **buf,
size_t len);
/**
* \brief This function exports an elliptic curve as a TLS
* ECParameters record as defined in RFC 4492, Section 5.4.
@@ -908,9 +935,10 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
* buffer is too small to hold the exported group.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
size_t *olen,
unsigned char *buf, size_t blen );
int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp,
size_t *olen,
unsigned char *buf,
size_t blen);
/**
* \brief This function performs a scalar multiplication of a point
@@ -941,9 +969,12 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_ecp_mul(mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function performs multiplication of a point by
@@ -975,10 +1006,13 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx );
int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
@@ -1016,9 +1050,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* designate a short Weierstrass curve.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
int mbedtls_ecp_muladd(mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
const mbedtls_ecp_point *P,
const mbedtls_mpi *n,
const mbedtls_ecp_point *Q);
/**
* \brief This function performs multiplication and addition of two
@@ -1060,11 +1097,13 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_muladd_restartable(
mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
mbedtls_ecp_restart_ctx *rs_ctx );
int mbedtls_ecp_muladd_restartable(mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
const mbedtls_ecp_point *P,
const mbedtls_mpi *n,
const mbedtls_ecp_point *Q,
mbedtls_ecp_restart_ctx *rs_ctx);
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
/**
@@ -1094,8 +1133,8 @@ int mbedtls_ecp_muladd_restartable(
* a valid public key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt );
int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt);
/**
* \brief This function checks that an \p mbedtls_mpi is a
@@ -1116,8 +1155,8 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
* private key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
const mbedtls_mpi *d );
int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
const mbedtls_mpi *d);
/**
* \brief This function generates a private key.
@@ -1134,10 +1173,10 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function generates a keypair with a configurable base
@@ -1166,11 +1205,12 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
const mbedtls_ecp_point *G,
mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
const mbedtls_ecp_point *G,
mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function generates an ECP keypair.
@@ -1195,10 +1235,11 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function generates an ECP key.
@@ -1213,9 +1254,10 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id,
mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief This function reads an elliptic curve private key.
@@ -1235,8 +1277,10 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
const unsigned char *buf, size_t buflen );
int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id,
mbedtls_ecp_keypair *key,
const unsigned char *buf,
size_t buflen);
/**
* \brief This function exports an elliptic curve private key.
@@ -1254,8 +1298,9 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
unsigned char *buf, size_t buflen );
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
unsigned char *buf,
size_t buflen);
/**
* \brief This function checks that the keypair objects
@@ -1277,9 +1322,10 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure.
*/
int mbedtls_ecp_check_pub_priv(
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub,
const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
@@ -1289,7 +1335,7 @@ int mbedtls_ecp_check_pub_priv(
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_ecp_self_test( int verbose );
int mbedtls_ecp_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

133
include/mbedtls/entropy.h
View File

@@ -28,67 +28,67 @@
#include <stddef.h>
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#include "mbedtls/sha512.h"
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
# include "mbedtls/sha512.h"
# define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#else
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#include "mbedtls/sha256.h"
#endif
# if defined(MBEDTLS_SHA256_C)
# define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
# include "mbedtls/sha256.h"
# endif
#endif
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/** Critical entropy source failure. */
#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
/** No more sources can be added. */
#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
/** No sources have been added to poll. */
#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
/** No strong sources have been added to poll. */
#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
/** Read/write error in file. */
#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
/** Maximum number of sources supported */
#define MBEDTLS_ENTROPY_MAX_SOURCES 20
# define MBEDTLS_ENTROPY_MAX_SOURCES 20
#endif
#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
/** Maximum amount requested from entropy sources */
#define MBEDTLS_ENTROPY_MAX_GATHER 128
# define MBEDTLS_ENTROPY_MAX_GATHER 128
#endif
/* \} name SECTION: Module settings */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
/** Block size of entropy accumulator (SHA-512) */
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64
# define MBEDTLS_ENTROPY_BLOCK_SIZE 64
#else
/** Block size of entropy accumulator (SHA-256) */
#define MBEDTLS_ENTROPY_BLOCK_SIZE 32
# define MBEDTLS_ENTROPY_BLOCK_SIZE 32
#endif
/** Maximum size of seed we read from seed file */
#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024
#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024
#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
/** Entropy source is strong */
#define MBEDTLS_ENTROPY_SOURCE_STRONG 1
#define MBEDTLS_ENTROPY_SOURCE_STRONG 1
/** Entropy source is weak */
#define MBEDTLS_ENTROPY_SOURCE_WEAK 0
#define MBEDTLS_ENTROPY_SOURCE_WEAK 0
#ifdef __cplusplus
extern "C" {
@@ -105,52 +105,56 @@ extern "C" {
* \return 0 if no critical failures occurred,
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
*/
typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
size_t *olen);
typedef int (*mbedtls_entropy_f_source_ptr)(void *data,
unsigned char *output,
size_t len,
size_t *olen);
/**
* \brief Entropy source state
*/
typedef struct mbedtls_entropy_source_state
{
mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
}
mbedtls_entropy_source_state;
typedef struct mbedtls_entropy_source_state {
mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy
source callback
*/
void *MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before
release */
int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
} mbedtls_entropy_source_state;
/**
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context
{
typedef struct mbedtls_entropy_context {
int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
* 1 after the first update.
* -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif
int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)
[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
}
mbedtls_entropy_context;
} mbedtls_entropy_context;
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
*/
int mbedtls_platform_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
int mbedtls_platform_entropy_poll(void *data,
unsigned char *output,
size_t len,
size_t *olen);
#endif
/**
@@ -158,14 +162,14 @@ int mbedtls_platform_entropy_poll( void *data,
*
* \param ctx Entropy context to initialize
*/
void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
void mbedtls_entropy_init(mbedtls_entropy_context *ctx);
/**
* \brief Free the data in the context
*
* \param ctx Entropy context to free
*/
void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
void mbedtls_entropy_free(mbedtls_entropy_context *ctx);
/**
* \brief Adds an entropy source to poll
@@ -184,9 +188,11 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
*
* \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
*/
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
mbedtls_entropy_f_source_ptr f_source, void *p_source,
size_t threshold, int strong );
int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
mbedtls_entropy_f_source_ptr f_source,
void *p_source,
size_t threshold,
int strong);
/**
* \brief Trigger an extra gather poll for the accumulator
@@ -196,7 +202,7 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
int mbedtls_entropy_gather(mbedtls_entropy_context *ctx);
/**
* \brief Retrieve entropy from the accumulator
@@ -209,7 +215,7 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
int mbedtls_entropy_func(void *data, unsigned char *output, size_t len);
/**
* \brief Add data to the accumulator manually
@@ -221,8 +227,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
*
* \return 0 if successful
*/
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
const unsigned char *data, size_t len );
int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
const unsigned char *data,
size_t len);
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/**
@@ -233,7 +240,7 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
*
* \return 0 if successful
*/
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx);
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_FS_IO)
@@ -247,7 +254,8 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx,
const char *path);
/**
* \brief Read and update a seed file. Seed is added to this
@@ -261,7 +269,8 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx,
const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -273,9 +282,9 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
*
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_entropy_self_test( int verbose );
int mbedtls_entropy_self_test(int verbose);
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
# if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
* \brief Checkup routine
*
@@ -289,8 +298,8 @@ int mbedtls_entropy_self_test( int verbose );
*
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_entropy_source_self_test( int verbose );
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
int mbedtls_entropy_source_self_test(int verbose);
# endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

32
include/mbedtls/error.h
View File

@@ -26,9 +26,9 @@
#include <stddef.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
!defined(__cplusplus)
# define inline __inline
#endif
/**
@@ -109,12 +109,12 @@ extern "C" {
#endif
/** Generic error */
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
/** This is a bug in the library */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
/** Hardware accelerator failed */
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
/** The requested feature is not supported by the platform */
#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
@@ -124,15 +124,15 @@ extern "C" {
* Wrapper macro for mbedtls_error_add(). See that function for
* more details.
*/
#define MBEDTLS_ERROR_ADD( high, low ) \
mbedtls_error_add( high, low, __FILE__, __LINE__ )
#define MBEDTLS_ERROR_ADD(high, low) \
mbedtls_error_add(high, low, __FILE__, __LINE__)
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Testing hook called before adding/combining two error codes together.
* Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
*/
extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif
/**
@@ -153,17 +153,17 @@ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
* \param file file where this error code addition occurred.
* \param line line where this error code addition occurred.
*/
static inline int mbedtls_error_add( int high, int low,
const char *file, int line )
static inline int
mbedtls_error_add(int high, int low, const char *file, int line)
{
#if defined(MBEDTLS_TEST_HOOKS)
if( *mbedtls_test_hook_error_add != NULL )
( *mbedtls_test_hook_error_add )( high, low, file, line );
if (*mbedtls_test_hook_error_add != NULL)
(*mbedtls_test_hook_error_add)(high, low, file, line);
#endif
(void)file;
(void)line;
return high + low ;
return high + low;
}
/**
@@ -175,7 +175,7 @@ static inline int mbedtls_error_add( int high, int low,
* \param buffer buffer to place representation in
* \param buflen length of the buffer
*/
void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
/**
* \brief Translate the high-level part of an Mbed TLS error code into a string
@@ -190,7 +190,7 @@ void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char * mbedtls_high_level_strerr( int error_code );
const char *mbedtls_high_level_strerr(int error_code);
/**
* \brief Translate the low-level part of an Mbed TLS error code into a string
@@ -205,7 +205,7 @@ const char * mbedtls_high_level_strerr( int error_code );
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char * mbedtls_low_level_strerr( int error_code );
const char *mbedtls_low_level_strerr(int error_code);
#ifdef __cplusplus
}

135
include/mbedtls/gcm.h
View File

@@ -38,13 +38,13 @@
#include <stdint.h>
#define MBEDTLS_GCM_ENCRYPT 1
#define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_GCM_ENCRYPT 1
#define MBEDTLS_GCM_DECRYPT 0
/** Authenticated decryption failed. */
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
/** Bad input parameters to function. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
#ifdef __cplusplus
extern "C" {
@@ -55,24 +55,26 @@ extern "C" {
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context
{
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}
mbedtls_gcm_context;
typedef struct mbedtls_gcm_context {
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
context used. */
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data.
*/
uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional
data. */
unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag.
*/
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
} mbedtls_gcm_context;
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#else /* !MBEDTLS_GCM_ALT */
# include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/**
@@ -86,7 +88,7 @@ mbedtls_gcm_context;
*
* \param ctx The GCM context to initialize. This must not be \c NULL.
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
void mbedtls_gcm_init(mbedtls_gcm_context *ctx);
/**
* \brief This function associates a GCM context with a
@@ -104,10 +106,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits );
int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits);
/**
* \brief This function performs GCM encryption or decryption of a buffer.
@@ -160,17 +162,17 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
* not valid or a cipher-specific error code if the encryption
* or decryption failed.
*/
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
int mode,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *input,
unsigned char *output,
size_t tag_len,
unsigned char *tag );
int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
int mode,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *input,
unsigned char *output,
size_t tag_len,
unsigned char *tag);
/**
* \brief This function performs a GCM authenticated decryption of a
@@ -205,16 +207,16 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
* not valid or a cipher-specific error code if the decryption
* failed.
*/
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *tag,
size_t tag_len,
const unsigned char *input,
unsigned char *output );
int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *tag,
size_t tag_len,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function starts a GCM encryption or decryption
@@ -229,10 +231,10 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len );
int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len);
/**
* \brief This function feeds an input buffer as associated data
@@ -254,9 +256,9 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
*
* \return \c 0 on success.
*/
int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
const unsigned char *add,
size_t add_len );
int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
const unsigned char *add,
size_t add_len);
/**
* \brief This function feeds an input buffer into an ongoing GCM
@@ -309,10 +311,12 @@ int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
* unsupported input/output buffer overlap detected,
* or \p output_size too small.
*/
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length );
int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
const unsigned char *input,
size_t input_length,
unsigned char *output,
size_t output_size,
size_t *output_length);
/**
* \brief This function finishes the GCM operation and generates
@@ -347,10 +351,12 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
* invalid value of \p tag_len,
* or \p output_size too small.
*/
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len );
int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
unsigned char *output,
size_t output_size,
size_t *output_length,
unsigned char *tag,
size_t tag_len);
/**
* \brief This function clears a GCM context and the underlying
@@ -359,7 +365,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
* \param ctx The GCM context to clear. If this is \c NULL, the call has
* no effect. Otherwise, this must be initialized.
*/
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
void mbedtls_gcm_free(mbedtls_gcm_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -369,7 +375,7 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_gcm_self_test( int verbose );
int mbedtls_gcm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
@@ -377,5 +383,4 @@ int mbedtls_gcm_self_test( int verbose );
}
#endif
#endif /* gcm.h */

35
include/mbedtls/hkdf.h
View File

@@ -34,7 +34,7 @@
* \{
*/
/** Bad input parameters to function. */
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
/* \} name */
#ifdef __cplusplus
@@ -65,10 +65,15 @@ extern "C" {
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
int mbedtls_hkdf(const mbedtls_md_info_t *md,
const unsigned char *salt,
size_t salt_len,
const unsigned char *ikm,
size_t ikm_len,
const unsigned char *info,
size_t info_len,
unsigned char *okm,
size_t okm_len);
/**
* \brief Take the input keying material \p ikm and extract from it a
@@ -94,10 +99,12 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk );
int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
const unsigned char *salt,
size_t salt_len,
const unsigned char *ikm,
size_t ikm_len,
unsigned char *prk);
/**
* \brief Expand the supplied \p prk into several additional pseudorandom
@@ -125,9 +132,13 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len );
int mbedtls_hkdf_expand(const mbedtls_md_info_t *md,
const unsigned char *prk,
size_t prk_len,
const unsigned char *info,
size_t info_len,
unsigned char *okm,
size_t okm_len);
#ifdef __cplusplus
}

123
include/mbedtls/hmac_drbg.h
View File

@@ -32,55 +32,56 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/*
* Error codes
*/
/** Too many random requested in single call. */
#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
/** Input too large (Entropy + additional). */
#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
/** Read/write error in file. */
#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
/** The entropy source failed. */
#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
/** Interval before reseed is performed by default */
#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
# define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
/** Maximum number of additional input bytes */
#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
# define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
/** Maximum number of requested bytes per call */
#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
# define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
/** Maximum size of (re)seed buffer */
#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
# define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
#endif
/* \} name SECTION: Module settings */
/** No prediction resistance */
#define MBEDTLS_HMAC_DRBG_PR_OFF 0
#define MBEDTLS_HMAC_DRBG_PR_OFF 0
/** Prediction resistance enabled */
#define MBEDTLS_HMAC_DRBG_PR_ON 1
#define MBEDTLS_HMAC_DRBG_PR_ON 1
#ifdef __cplusplus
extern "C" {
@@ -89,23 +90,29 @@ extern "C" {
/**
* HMAC_DRBG context.
*/
typedef struct mbedtls_hmac_drbg_context
{
typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */
int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each
(re)seed */
int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction
resistance (Automatic reseed before every
random generation) */
int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
int (*MBEDTLS_PRIVATE(f_entropy))(void *,
unsigned char *,
size_t); /*!<
entropy
function
*/
void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@@ -126,13 +133,14 @@ typedef struct mbedtls_hmac_drbg_context
* This function makes the context ready for mbedtls_hmac_drbg_seed(),
* mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
*
* \note The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
* \note The reseed interval is
* #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
* by default. Override this value by calling
* mbedtls_hmac_drbg_set_reseed_interval().
*
* \param ctx HMAC_DRBG context to be initialized.
*/
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx);
/**
* \brief HMAC_DRBG initial seeding.
@@ -202,12 +210,12 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if the call to \p f_entropy failed.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len );
int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t *md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len);
/**
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
@@ -237,9 +245,10 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
* memory to allocate context data.
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
const unsigned char *data, size_t data_len );
int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t *md_info,
const unsigned char *data,
size_t data_len);
/**
* \brief This function turns prediction resistance on or off.
@@ -254,8 +263,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
* \param ctx The HMAC_DRBG context.
* \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
*/
void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
int resistance );
void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -266,8 +275,8 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx
* \param ctx The HMAC_DRBG context.
* \param len The amount of entropy to grab, in bytes.
*/
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
size_t len );
void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx,
size_t len);
/**
* \brief Set the reseed interval.
@@ -281,8 +290,8 @@ void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
* \param ctx The HMAC_DRBG context.
* \param interval The reseed interval.
*/
void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
int interval );
void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx,
int interval);
/**
* \brief This function updates the state of the HMAC_DRBG context.
@@ -301,8 +310,9 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
* \return \c 0 on success, or an error from the underlying
* hash calculation.
*/
int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
int mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t add_len);
/**
* \brief This function reseeds the HMAC_DRBG context, that is
@@ -328,8 +338,9 @@ int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if a call to the entropy function failed.
*/
int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t len );
int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t len);
/**
* \brief This function updates an HMAC_DRBG instance with additional
@@ -362,10 +373,11 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
* \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
*/
int mbedtls_hmac_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t output_len,
const unsigned char *additional,
size_t add_len );
int mbedtls_hmac_drbg_random_with_add(void *p_rng,
unsigned char *output,
size_t output_len,
const unsigned char *additional,
size_t add_len);
/**
* \brief This function uses HMAC_DRBG to generate random data.
@@ -394,7 +406,9 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
* \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
* \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
*/
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
int mbedtls_hmac_drbg_random(void *p_rng,
unsigned char *output,
size_t out_len);
/**
* \brief This function resets HMAC_DRBG context to the state immediately
@@ -402,7 +416,7 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len
*
* \param ctx The HMAC_DRBG context to free.
*/
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx);
#if defined(MBEDTLS_FS_IO)
/**
@@ -416,7 +430,8 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx,
const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -432,10 +447,10 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx,
const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief The HMAC_DRBG Checkup routine.
@@ -443,7 +458,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
* \return \c 0 if successful.
* \return \c 1 if the test failed.
*/
int mbedtls_hmac_drbg_self_test( int verbose );
int mbedtls_hmac_drbg_self_test(int verbose);
#endif
#ifdef __cplusplus

52
include/mbedtls/mbedtls_config.h
View File

@@ -165,8 +165,8 @@
*
* Enabling MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
* free() function pointer at runtime.
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative
* calloc() and free() function pointer at runtime.
*
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
@@ -346,14 +346,14 @@
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
* with this definition.
* no longer provide the mbedtls_sha1_process() function, but it will still
* provide the other function (using your mbedtls_sha1_process() function) and
* the definition of mbedtls_sha1_context, so your implementation of
* mbedtls_sha1_process must be compatible with this definition.
*
* \note If you use the AES_xxx_ALT macros, then it is recommended to also set
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
* tables.
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the
* AES tables.
*
* Uncomment a macro to enable alternate implementation of the corresponding
* function.
@@ -3020,7 +3020,8 @@
//#define MBEDTLS_MPI_MAX_SIZE 1024
/* CTR_DRBG options */
/** Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
/** Amount of entropy used per seed by default (48 with SHA-512, 32 with
* SHA-256) */
//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
/** Interval before reseed is performed by default */
//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
@@ -3052,7 +3053,8 @@
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20
/** Maximum amount requested from entropy sources */
//#define MBEDTLS_ENTROPY_MAX_GATHER 128
/** Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
/** Default minimum number of bytes required for the hardware entropy source
* mbedtls_hardware_poll() before entropy is released */
//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32
/* Memory buffer allocator options */
@@ -3060,7 +3062,9 @@
//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
/* Platform options */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if
// MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is
// needed. */
/** Default allocator to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
/** Default free to use, can be undefined */
@@ -3084,19 +3088,23 @@
//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
/** Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to
// read/write with default implementation */
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be
* defined */
/** Default allocator macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc
/** Default free macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FREE_MACRO free
/** Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit
/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
* enabled */
//#define MBEDTLS_PLATFORM_TIME_MACRO time
/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
* enabled */
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t
/** Default fprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf
@@ -3108,9 +3116,10 @@
/** Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf
/** Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
/** Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
// mbedtls_platform_std_nv_seed_write
/* PSA options */
/**
@@ -3234,7 +3243,8 @@
/** Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_PSK_MAX_LEN 32
/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
* number of cookies issued */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60
/**
@@ -3249,12 +3259,14 @@
*
* The value below is only an example, not the default.
*/
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
//#define MBEDTLS_SSL_CIPHERSUITES
// MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/* X509 options */
/** Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
/** Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
/** Maximum length of a path/filename string in bytes including the null
* terminator character ('\0'). */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
/**

107
include/mbedtls/md.h
View File

@@ -1,4 +1,4 @@
/**
/**
* \file md.h
*
* \brief This file contains the generic message-digest wrapper.
@@ -31,13 +31,13 @@
#include "mbedtls/build_info.h"
/** The selected feature is not available. */
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
/** Bad input parameters to function. */
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
/** Failed to allocate memory. */
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
/** Opening or reading of file failed. */
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
#ifdef __cplusplus
extern "C" {
@@ -51,27 +51,28 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef enum {
MBEDTLS_MD_NONE=0, /**< None. */
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
typedef enum
{
MBEDTLS_MD_NONE = 0, /**< None. */
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
} mbedtls_md_type_t;
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
# define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#else
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
# define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
# define MBEDTLS_MD_MAX_BLOCK_SIZE 128
#else
#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
# define MBEDTLS_MD_MAX_BLOCK_SIZE 64
#endif
/**
@@ -89,8 +90,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
@@ -112,7 +112,7 @@ typedef struct mbedtls_md_context_t
* message-digest enumeration #mbedtls_md_type_t.
* The last entry is 0.
*/
const int *mbedtls_md_list( void );
const int *mbedtls_md_list(void);
/**
* \brief This function returns the message-digest information
@@ -123,7 +123,7 @@ const int *mbedtls_md_list( void );
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name);
/**
* \brief This function returns the message-digest information
@@ -134,7 +134,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type);
/**
* \brief This function initializes a message-digest context without
@@ -144,7 +144,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
* context for mbedtls_md_setup() for binding it to a
* message-digest algorithm.
*/
void mbedtls_md_init( mbedtls_md_context_t *ctx );
void mbedtls_md_init(mbedtls_md_context_t *ctx);
/**
* \brief This function clears the internal structure of \p ctx and
@@ -159,8 +159,7 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx );
* You must not call this function if you have not called
* mbedtls_md_init().
*/
void mbedtls_md_free( mbedtls_md_context_t *ctx );
void mbedtls_md_free(mbedtls_md_context_t *ctx);
/**
* \brief This function selects the message digest algorithm to use,
@@ -181,7 +180,9 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
int mbedtls_md_setup(mbedtls_md_context_t *ctx,
const mbedtls_md_info_t *md_info,
int hmac);
/**
* \brief This function clones the state of an message-digest
@@ -202,8 +203,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/
int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src );
int mbedtls_md_clone(mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src);
/**
* \brief This function extracts the message-digest size from the
@@ -214,7 +215,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
*
* \return The size of the message-digest output in Bytes.
*/
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest type from the
@@ -225,7 +226,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
*
* \return The type of the message digest.
*/
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest name from the
@@ -236,7 +237,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
*
* \return The name of the message digest.
*/
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info);
/**
* \brief This function starts a message-digest computation.
@@ -251,7 +252,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
int mbedtls_md_starts(mbedtls_md_context_t *ctx);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -269,7 +270,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
int mbedtls_md_update(mbedtls_md_context_t *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the digest operation,
@@ -289,7 +292,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function calculates the message-digest of a buffer,
@@ -309,8 +312,10 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output );
int mbedtls_md(const mbedtls_md_info_t *md_info,
const unsigned char *input,
size_t ilen,
unsigned char *output);
#if defined(MBEDTLS_FS_IO)
/**
@@ -330,8 +335,9 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
* the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
unsigned char *output );
int mbedtls_md_file(const mbedtls_md_info_t *md_info,
const char *path,
unsigned char *output);
#endif /* MBEDTLS_FS_IO */
/**
@@ -352,8 +358,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
size_t keylen );
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx,
const unsigned char *key,
size_t keylen);
/**
* \brief This function feeds an input buffer into an ongoing HMAC
@@ -374,8 +381,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
size_t ilen );
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the HMAC operation, and writes
@@ -395,7 +403,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function prepares to authenticate a new message with
@@ -412,7 +420,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx);
/**
* \brief This function calculates the full generic HMAC
@@ -436,12 +444,15 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
const unsigned char *key,
size_t keylen,
const unsigned char *input,
size_t ilen,
unsigned char *output);
/* Internal use */
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data);
#ifdef __cplusplus
}

48
include/mbedtls/md5.h
View File

@@ -48,16 +48,15 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md5_context
{
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md5_context;
typedef struct mbedtls_md5_context {
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
*/
} mbedtls_md5_context;
#else /* MBEDTLS_MD5_ALT */
#include "md5_alt.h"
#else /* MBEDTLS_MD5_ALT */
# include "md5_alt.h"
#endif /* MBEDTLS_MD5_ALT */
/**
@@ -70,7 +69,7 @@ mbedtls_md5_context;
* stronger message digests instead.
*
*/
void mbedtls_md5_init( mbedtls_md5_context *ctx );
void mbedtls_md5_init(mbedtls_md5_context *ctx);
/**
* \brief Clear MD5 context
@@ -82,7 +81,7 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx );
* stronger message digests instead.
*
*/
void mbedtls_md5_free( mbedtls_md5_context *ctx );
void mbedtls_md5_free(mbedtls_md5_context *ctx);
/**
* \brief Clone (the state of) an MD5 context
@@ -95,8 +94,8 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx );
* stronger message digests instead.
*
*/
void mbedtls_md5_clone( mbedtls_md5_context *dst,
const mbedtls_md5_context *src );
void mbedtls_md5_clone(mbedtls_md5_context *dst,
const mbedtls_md5_context *src);
/**
* \brief MD5 context setup
@@ -110,7 +109,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst,
* stronger message digests instead.
*
*/
int mbedtls_md5_starts( mbedtls_md5_context *ctx );
int mbedtls_md5_starts(mbedtls_md5_context *ctx);
/**
* \brief MD5 process buffer
@@ -126,9 +125,9 @@ int mbedtls_md5_starts( mbedtls_md5_context *ctx );
* stronger message digests instead.
*
*/
int mbedtls_md5_update( mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_md5_update(mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief MD5 final digest
@@ -143,8 +142,7 @@ int mbedtls_md5_update( mbedtls_md5_context *ctx,
* stronger message digests instead.
*
*/
int mbedtls_md5_finish( mbedtls_md5_context *ctx,
unsigned char output[16] );
int mbedtls_md5_finish(mbedtls_md5_context *ctx, unsigned char output[16]);
/**
* \brief MD5 process data block (internal use only)
@@ -159,8 +157,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx,
* stronger message digests instead.
*
*/
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] );
int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
const unsigned char data[64]);
/**
* \brief Output = MD5( input buffer )
@@ -176,9 +174,9 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
* stronger message digests instead.
*
*/
int mbedtls_md5( const unsigned char *input,
size_t ilen,
unsigned char output[16] );
int mbedtls_md5(const unsigned char *input,
size_t ilen,
unsigned char output[16]);
#if defined(MBEDTLS_SELF_TEST)
@@ -192,7 +190,7 @@ int mbedtls_md5( const unsigned char *input,
* stronger message digests instead.
*
*/
int mbedtls_md5_self_test( int verbose );
int mbedtls_md5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

32
include/mbedtls/memory_buffer_alloc.h
View File

@@ -30,21 +30,23 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
/** Align on multiples of this value */
#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
# define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
#endif
/* \} name SECTION: Module settings */
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS \
(MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {
@@ -65,12 +67,12 @@ extern "C" {
* \param buf buffer to use as heap
* \param len size of the buffer
*/
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len);
/**
* \brief Free the mutex for thread-safety and clear remaining memory
*/
void mbedtls_memory_buffer_alloc_free( void );
void mbedtls_memory_buffer_alloc_free(void);
/**
* \brief Determine when the allocator should automatically verify the state
@@ -80,7 +82,7 @@ void mbedtls_memory_buffer_alloc_free( void );
* \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
* MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
*/
void mbedtls_memory_buffer_set_verify( int verify );
void mbedtls_memory_buffer_set_verify(int verify);
#if defined(MBEDTLS_MEMORY_DEBUG)
/**
@@ -89,7 +91,7 @@ void mbedtls_memory_buffer_set_verify( int verify );
* Prints out a list of 'still allocated' blocks and their stack
* trace if MBEDTLS_MEMORY_BACKTRACE is defined.
*/
void mbedtls_memory_buffer_alloc_status( void );
void mbedtls_memory_buffer_alloc_status(void);
/**
* \brief Get the peak heap usage so far
@@ -99,12 +101,12 @@ void mbedtls_memory_buffer_alloc_status( void );
* into smaller blocks but larger than the requested size.
* \param max_blocks Peak number of blocks in use, including free and used
*/
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks);
/**
* \brief Reset peak statistics
*/
void mbedtls_memory_buffer_alloc_max_reset( void );
void mbedtls_memory_buffer_alloc_max_reset(void);
/**
* \brief Get the current heap usage
@@ -114,7 +116,7 @@ void mbedtls_memory_buffer_alloc_max_reset( void );
* into smaller blocks but larger than the requested size.
* \param cur_blocks Current number of blocks in use, including free and used
*/
void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks);
#endif /* MBEDTLS_MEMORY_DEBUG */
/**
@@ -128,7 +130,7 @@ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
*
* \return 0 if verified, 1 otherwise
*/
int mbedtls_memory_buffer_alloc_verify( void );
int mbedtls_memory_buffer_alloc_verify(void);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -136,7 +138,7 @@ int mbedtls_memory_buffer_alloc_verify( void );
*
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_memory_buffer_alloc_self_test( int verbose );
int mbedtls_memory_buffer_alloc_self_test(int verbose);
#endif
#ifdef __cplusplus

80
include/mbedtls/net_sockets.h
View File

@@ -47,34 +47,34 @@
#include <stdint.h>
/** Failed to open a socket. */
#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
/** The connection to the given server / port failed. */
#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
/** Binding of the socket failed. */
#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
/** Could not listen on the socket. */
#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
/** Could not accept the incoming connection. */
#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
/** Reading information from the socket failed. */
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
/** Sending information through the socket failed. */
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
/** Connection was reset by peer. */
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
/** Failed to get an IP address for the given hostname. */
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
/** Buffer is too small to hold the data. */
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
/** The context is invalid, eg because it was free()ed. */
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
/** Polling the net context failed. */
#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
/** Input invalid. */
#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
/** The backlog that listen() should use. */
#define MBEDTLS_NET_LISTEN_BACKLOG 10
#define MBEDTLS_NET_LISTEN_BACKLOG 10
/** The TCP transport protocol */
#define MBEDTLS_NET_PROTO_TCP 0
@@ -82,7 +82,7 @@
#define MBEDTLS_NET_PROTO_UDP 1
/** Used in \c mbedtls_net_poll to check for pending data */
#define MBEDTLS_NET_POLL_READ 1
#define MBEDTLS_NET_POLL_READ 1
/** Used in \c mbedtls_net_poll to check if write possible */
#define MBEDTLS_NET_POLL_WRITE 2
@@ -97,11 +97,9 @@ extern "C" {
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
typedef struct mbedtls_net_context
{
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
}
mbedtls_net_context;
typedef struct mbedtls_net_context {
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
} mbedtls_net_context;
/**
* \brief Initialize a context
@@ -109,7 +107,7 @@ mbedtls_net_context;
*
* \param ctx Context to initialize
*/
void mbedtls_net_init( mbedtls_net_context *ctx );
void mbedtls_net_init(mbedtls_net_context *ctx);
/**
* \brief Initiate a connection with host:port in the given protocol
@@ -126,7 +124,10 @@ void mbedtls_net_init( mbedtls_net_context *ctx );
*
* \note Sets the socket in connected mode even with UDP.
*/
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
int mbedtls_net_connect(mbedtls_net_context *ctx,
const char *host,
const char *port,
int proto);
/**
* \brief Create a receiving socket on bind_ip:port in the chosen
@@ -146,7 +147,10 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
* \note Regardless of the protocol, opens the sockets and binds it.
* In addition, make the socket listening if protocol is TCP.
*/
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
int mbedtls_net_bind(mbedtls_net_context *ctx,
const char *bind_ip,
const char *port,
int proto);
/**
* \brief Accept a connection from a remote client
@@ -166,9 +170,11 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* non-blocking and accept() would block.
*/
int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
void *client_ip, size_t buf_size, size_t *ip_len );
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
void *client_ip,
size_t buf_size,
size_t *ip_len);
/**
* \brief Check and wait for the context to be ready for read/write
@@ -195,7 +201,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
* on success or timeout, or a negative return code otherwise.
*/
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout);
/**
* \brief Set the socket blocking
@@ -204,7 +210,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
*
* \return 0 if successful, or a non-zero error code
*/
int mbedtls_net_set_block( mbedtls_net_context *ctx );
int mbedtls_net_set_block(mbedtls_net_context *ctx);
/**
* \brief Set the socket non-blocking
@@ -213,7 +219,7 @@ int mbedtls_net_set_block( mbedtls_net_context *ctx );
*
* \return 0 if successful, or a non-zero error code
*/
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
int mbedtls_net_set_nonblock(mbedtls_net_context *ctx);
/**
* \brief Portable usleep helper
@@ -223,7 +229,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
* \note Real amount of time slept will not be less than
* select()'s timeout granularity (typically, 10ms).
*/
void mbedtls_net_usleep( unsigned long usec );
void mbedtls_net_usleep(unsigned long usec);
/**
* \brief Read at most 'len' characters. If no error occurs,
@@ -237,7 +243,7 @@ void mbedtls_net_usleep( unsigned long usec );
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
*/
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len);
/**
* \brief Write at most 'len' characters. If no error occurs,
@@ -251,7 +257,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
*/
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len);
/**
* \brief Read at most 'len' characters, blocking for at most
@@ -279,22 +285,24 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
* non-blocking. Handling timeouts with non-blocking reads
* requires a different strategy.
*/
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout );
int mbedtls_net_recv_timeout(void *ctx,
unsigned char *buf,
size_t len,
uint32_t timeout);
/**
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
*/
void mbedtls_net_close( mbedtls_net_context *ctx );
void mbedtls_net_close(mbedtls_net_context *ctx);
/**
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
*/
void mbedtls_net_free( mbedtls_net_context *ctx );
void mbedtls_net_free(mbedtls_net_context *ctx);
#ifdef __cplusplus
}

44
include/mbedtls/nist_kw.h
View File

@@ -62,11 +62,12 @@ typedef enum
* Don't make any assumptions on this context!
*/
typedef struct {
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */
#include "nist_kw_alt.h"
#else /* MBEDTLS_NIST_key wrapping_ALT */
# include "nist_kw_alt.h"
#endif /* MBEDTLS_NIST_KW_ALT */
/**
@@ -77,7 +78,7 @@ typedef struct {
* \param ctx The key wrapping context to initialize.
*
*/
void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx);
/**
* \brief This function initializes the key wrapping context set in the
@@ -95,11 +96,11 @@ void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
* which are not supported.
* \return cipher-specific error code on failure of the underlying cipher.
*/
int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits,
const int is_wrap );
int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits,
const int is_wrap);
/**
* \brief This function releases and clears the specified key wrapping context
@@ -107,7 +108,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
*
* \param ctx The key wrapping context to clear.
*/
void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx);
/**
* \brief This function encrypts a buffer using key wrapping.
@@ -130,9 +131,13 @@ void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
* \return cipher-specific error code on failure of the underlying cipher.
*/
int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
const unsigned char *input, size_t in_len,
unsigned char *output, size_t* out_len, size_t out_size );
int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
mbedtls_nist_kw_mode_t mode,
const unsigned char *input,
size_t in_len,
unsigned char *output,
size_t *out_len,
size_t out_size);
/**
* \brief This function decrypts a buffer using key wrapping.
@@ -157,10 +162,13 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t m
* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
* \return cipher-specific error code on failure of the underlying cipher.
*/
int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
const unsigned char *input, size_t in_len,
unsigned char *output, size_t* out_len, size_t out_size);
int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
mbedtls_nist_kw_mode_t mode,
const unsigned char *input,
size_t in_len,
unsigned char *output,
size_t *out_len,
size_t out_size);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
@@ -169,7 +177,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_nist_kw_self_test( int verbose );
int mbedtls_nist_kw_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus

625
include/mbedtls/oid.h
View File

@@ -31,249 +31,395 @@
#include <stddef.h>
#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher.h"
# include "mbedtls/cipher.h"
#endif
#if defined(MBEDTLS_MD_C)
#include "mbedtls/md.h"
# include "mbedtls/md.h"
#endif
/** OID is not found. */
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
/** output buffer is too small */
#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
/* This is for the benefit of X.509, but defined here in order to avoid
* having a "backwards" include of x.509.h here */
/*
* X.509 extension types (internal, arbitrary values for bitsets)
*/
#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
/*
* Top level OID tuples
*/
#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
#define MBEDTLS_OID_ISO_IDENTIFIED_ORG \
"\x2b" /* {iso(1) identified-organization(3)} */
#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
#define MBEDTLS_OID_ISO_ITU_COUNTRY \
"\x60" /* {joint-iso-itu-t(2) country(16)} */
/*
* ISO Member bodies OID parts
*/
#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORG_ANSI_X9_62
#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
#define MBEDTLS_OID_RSA_COMPANY \
MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
#define MBEDTLS_OID_ANSI_X9_62 \
MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORG_ANSI_X9_62
/*
* ISO Identified organization OID parts
*/
#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
#define MBEDTLS_OID_ORG_OIW "\x0e"
#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
#define MBEDTLS_OID_ORG_OIW "\x0e"
#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM \
MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define MBEDTLS_OID_TELETRUST \
MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV \
MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
#define MBEDTLS_OID_NETSCAPE \
MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
/* ISO arc for standard certificate and CRL extensions */
#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
#define MBEDTLS_OID_ID_CE \
MBEDTLS_OID_ISO_CCITT_DS \
"\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
#define MBEDTLS_OID_NIST_ALG \
MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) \
organization(1) gov(101) csor(3) \
nistAlgorithm(4) */
/**
* Private Internet Extensions
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
#define MBEDTLS_OID_INTERNET \
MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
* Arc for standard naming attributes
*/
#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define MBEDTLS_OID_AT \
MBEDTLS_OID_ISO_CCITT_DS \
"\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define MBEDTLS_OID_AT_CN \
MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define MBEDTLS_OID_AT_SUR_NAME \
MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define MBEDTLS_OID_AT_SERIAL_NUMBER \
MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define MBEDTLS_OID_AT_COUNTRY \
MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define MBEDTLS_OID_AT_LOCALITY \
MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define MBEDTLS_OID_AT_STATE \
MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define MBEDTLS_OID_AT_ORGANIZATION \
MBEDTLS_OID_AT \
"\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define MBEDTLS_OID_AT_ORG_UNIT \
MBEDTLS_OID_AT \
"\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
#define MBEDTLS_OID_AT_TITLE \
MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define MBEDTLS_OID_AT_POSTAL_ADDRESS \
MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define MBEDTLS_OID_AT_POSTAL_CODE \
MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
#define MBEDTLS_OID_AT_GIVEN_NAME \
MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define MBEDTLS_OID_AT_INITIALS \
MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER \
MBEDTLS_OID_AT \
"\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER \
MBEDTLS_OID_AT \
"\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
#define MBEDTLS_OID_AT_DN_QUALIFIER \
MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define MBEDTLS_OID_AT_PSEUDONYM \
MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
#define MBEDTLS_OID_UID \
"\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
#define MBEDTLS_OID_DOMAIN_COMPONENT \
"\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
*/
#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER \
MBEDTLS_OID_ID_CE \
"\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER \
MBEDTLS_OID_ID_CE \
"\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define MBEDTLS_OID_KEY_USAGE \
MBEDTLS_OID_ID_CE \
"\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
#define MBEDTLS_OID_CERTIFICATE_POLICIES \
MBEDTLS_OID_ID_CE \
"\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define MBEDTLS_OID_POLICY_MAPPINGS \
MBEDTLS_OID_ID_CE \
"\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define MBEDTLS_OID_SUBJECT_ALT_NAME \
MBEDTLS_OID_ID_CE \
"\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
#define MBEDTLS_OID_ISSUER_ALT_NAME \
MBEDTLS_OID_ID_CE \
"\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS \
MBEDTLS_OID_ID_CE \
"\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
#define MBEDTLS_OID_BASIC_CONSTRAINTS \
MBEDTLS_OID_ID_CE \
"\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
#define MBEDTLS_OID_NAME_CONSTRAINTS \
MBEDTLS_OID_ID_CE \
"\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
#define MBEDTLS_OID_POLICY_CONSTRAINTS \
MBEDTLS_OID_ID_CE \
"\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
#define MBEDTLS_OID_EXTENDED_KEY_USAGE \
MBEDTLS_OID_ID_CE \
"\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS \
MBEDTLS_OID_ID_CE \
"\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY \
MBEDTLS_OID_ID_CE \
"\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define MBEDTLS_OID_FRESHEST_CRL \
MBEDTLS_OID_ID_CE \
"\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* Certificate policies
*/
#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
#define MBEDTLS_OID_ANY_POLICY \
MBEDTLS_OID_CERTIFICATE_POLICIES \
"\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
/*
* Netscape certificate extensions
*/
#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
/*
* OIDs for CRL extensions
*/
#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
#define MBEDTLS_OID_CRL_NUMBER \
MBEDTLS_OID_ID_CE \
"\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
/*
* X.509 v3 Extended key usage OIDs
*/
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE \
MBEDTLS_OID_EXTENDED_KEY_USAGE \
"\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
#define MBEDTLS_OID_KP \
MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
#define MBEDTLS_OID_SERVER_AUTH \
MBEDTLS_OID_KP \
"\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
#define MBEDTLS_OID_CLIENT_AUTH \
MBEDTLS_OID_KP \
"\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
#define MBEDTLS_OID_CODE_SIGNING \
MBEDTLS_OID_KP \
"\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
#define MBEDTLS_OID_EMAIL_PROTECTION \
MBEDTLS_OID_KP \
"\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
#define MBEDTLS_OID_TIME_STAMPING \
MBEDTLS_OID_KP \
"\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
#define MBEDTLS_OID_OCSP_SIGNING \
MBEDTLS_OID_KP \
"\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
/**
* Wi-SUN Alliance Field Area Network
* { iso(1) identified-organization(3) dod(6) internet(1)
* private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
*/
#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
#define MBEDTLS_OID_ON \
MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
#define MBEDTLS_OID_ON_HW_MODULE_NAME \
MBEDTLS_OID_ON \
"\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
/*
* PKCS definition OIDs
*/
#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
#define MBEDTLS_OID_PKCS \
MBEDTLS_OID_RSA_COMPANY \
"\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
#define MBEDTLS_OID_PKCS1 \
MBEDTLS_OID_PKCS \
"\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
#define MBEDTLS_OID_PKCS5 \
MBEDTLS_OID_PKCS \
"\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
#define MBEDTLS_OID_PKCS9 \
MBEDTLS_OID_PKCS \
"\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
#define MBEDTLS_OID_PKCS12 \
MBEDTLS_OID_PKCS \
"\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
/*
* PKCS#1 OIDs
*/
#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
#define MBEDTLS_OID_PKCS1_RSA \
MBEDTLS_OID_PKCS1 \
"\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
#define MBEDTLS_OID_PKCS1_MD5 \
MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
#define MBEDTLS_OID_PKCS1_SHA1 \
MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
#define MBEDTLS_OID_PKCS1_SHA224 \
MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
#define MBEDTLS_OID_PKCS1_SHA256 \
MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
#define MBEDTLS_OID_PKCS1_SHA384 \
MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
#define MBEDTLS_OID_PKCS1_SHA512 \
MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
#define MBEDTLS_OID_PKCS9_EMAIL \
MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
/* RFC 4055 */
#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
#define MBEDTLS_OID_RSASSA_PSS \
MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
#define MBEDTLS_OID_MGF1 \
MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
/*
* Digest algorithms
*/
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 \
MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 \
MBEDTLS_OID_NIST_ALG \
"\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 \
MBEDTLS_OID_NIST_ALG \
"\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA384 \
MBEDTLS_OID_NIST_ALG \
"\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA512 \
MBEDTLS_OID_NIST_ALG \
"\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 \
MBEDTLS_OID_TELETRUST \
"\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
#define MBEDTLS_OID_HMAC_SHA1 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
#define MBEDTLS_OID_HMAC_SHA224 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
#define MBEDTLS_OID_HMAC_SHA256 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
#define MBEDTLS_OID_HMAC_SHA384 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
#define MBEDTLS_OID_HMAC_SHA512 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
/*
* Encryption algorithms
*/
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
#define MBEDTLS_OID_DES_CBC \
MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG \
"\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC \
MBEDTLS_OID_RSA_COMPANY \
"\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES \
MBEDTLS_OID_NIST_ALG \
"\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
/*
* Key Wrapping algorithms
@@ -281,41 +427,76 @@
/*
* RFC 5649
*/
#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
#define MBEDTLS_OID_AES128_KW \
MBEDTLS_OID_AES \
"\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
#define MBEDTLS_OID_AES128_KWP \
MBEDTLS_OID_AES \
"\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
#define MBEDTLS_OID_AES192_KW \
MBEDTLS_OID_AES \
"\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
#define MBEDTLS_OID_AES192_KWP \
MBEDTLS_OID_AES \
"\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
#define MBEDTLS_OID_AES256_KW \
MBEDTLS_OID_AES \
"\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
#define MBEDTLS_OID_AES256_KWP \
MBEDTLS_OID_AES \
"\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
/*
* PKCS#5 OIDs
*/
#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
#define MBEDTLS_OID_PKCS5_PBKDF2 \
MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
#define MBEDTLS_OID_PKCS5_PBES2 \
MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
#define MBEDTLS_OID_PKCS5_PBMAC1 \
MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
/*
* PKCS#5 PBES1 algorithms
*/
#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC \
MBEDTLS_OID_PKCS5 \
"\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC \
MBEDTLS_OID_PKCS5 \
"\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC \
MBEDTLS_OID_PKCS5 \
"\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC \
MBEDTLS_OID_PKCS5 \
"\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
/*
* PKCS#8 OIDs
*/
#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ \
MBEDTLS_OID_PKCS9 \
"\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
/*
* PKCS#12 PBE OIDs
*/
#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
#define MBEDTLS_OID_PKCS12_PBE \
MBEDTLS_OID_PKCS12 \
"\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
/*
* EC key algorithms from RFC 5480
@@ -323,12 +504,12 @@
/* id-ecPublicKey OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
/* id-ecDH OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132)
* schemes(1) ecdh(12) } */
#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
/*
* ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
@@ -336,35 +517,35 @@
/* secp192r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
/* secp224r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
/* secp256r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
/* secp384r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
/* secp521r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
/* secp192k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
/* secp224k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
/* secp256k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
/* RFC 5639 4.1
* ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
@@ -372,16 +553,17 @@
* algorithm(3) ecSign(2) 8}
* ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
* versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
#define MBEDTLS_OID_EC_BRAINPOOL_V1 \
MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
/*
* SEC1 C.1
@@ -389,38 +571,41 @@
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
* id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
*/
#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD \
MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
/*
* ECDSA signature identifiers, from RFC 5480
*/
#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
#define MBEDTLS_OID_ANSI_X9_62_SIG \
MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 \
MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 1 } */
#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 2 } */
#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 3 } */
#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 4 } */
#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
#ifdef __cplusplus
extern "C" {
@@ -429,13 +614,12 @@ extern "C" {
/**
* \brief Base OID descriptor structure
*/
typedef struct mbedtls_oid_descriptor_t
{
const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
typedef struct mbedtls_oid_descriptor_t {
const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
@@ -450,7 +634,9 @@ typedef struct mbedtls_oid_descriptor_t
* \return Length of the string written (excluding final NULL) or
* MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
*/
int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
int mbedtls_oid_get_numeric_string(char *buf,
size_t size,
const mbedtls_asn1_buf *oid);
/**
* \brief Translate an X.509 extension OID into local values
@@ -460,7 +646,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
/**
* \brief Translate an X.509 attribute type OID into the short name
@@ -471,7 +657,8 @@ int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid,
const char **short_name);
/**
* \brief Translate PublicKeyAlgorithm OID into pk_type
@@ -481,7 +668,8 @@ int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **s
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid,
mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate pk_type into PublicKeyAlgorithm OID
@@ -492,8 +680,9 @@ int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_a
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen );
int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
const char **oid,
size_t *olen);
#if defined(MBEDTLS_ECP_C)
/**
@@ -504,7 +693,8 @@ int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid,
mbedtls_ecp_group_id *grp_id);
/**
* \brief Translate EC group identifier into NamedCurve OID
@@ -515,8 +705,9 @@ int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *g
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen );
int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
const char **oid,
size_t *olen);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -529,8 +720,9 @@ int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg,
mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate SignatureAlgorithm OID into description
@@ -540,7 +732,8 @@ int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid,
const char **desc);
/**
* \brief Translate md_type and pk_type into SignatureAlgorithm OID
@@ -552,8 +745,10 @@ int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const char **oid, size_t *olen );
int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg,
mbedtls_md_type_t md_alg,
const char **oid,
size_t *olen);
/**
* \brief Translate hash algorithm OID into md_type
@@ -563,7 +758,8 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg);
/**
* \brief Translate hmac algorithm OID into md_type
@@ -573,7 +769,8 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_hmac);
#endif /* MBEDTLS_MD_C */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -585,7 +782,8 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid,
const char **desc);
#endif
/**
@@ -596,7 +794,8 @@ int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid,
const char **desc);
/**
* \brief Translate md_type into hash algorithm OID
@@ -607,7 +806,9 @@ int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const cha
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg,
const char **oid,
size_t *olen);
#if defined(MBEDTLS_CIPHER_C)
/**
@@ -618,7 +819,8 @@ int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid,
mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_PKCS12_C)
@@ -632,8 +834,9 @@ int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
mbedtls_cipher_type_t *cipher_alg );
int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg,
mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_PKCS12_C */
#ifdef __cplusplus

56
include/mbedtls/pem.h
View File

@@ -34,23 +34,23 @@
* \{
*/
/** No PEM header or footer found. */
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
/** PEM string is not as expected. */
#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
/** Failed to allocate memory. */
#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
/** RSA IV is not in hex-format. */
#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
/** Unsupported key encryption algorithm. */
#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
/** Private key password can't be empty. */
#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
/** Unavailable feature, e.g. hashing/encryption combination. */
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
/** Bad input parameters to function. */
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
/* \} name */
#ifdef __cplusplus
@@ -61,20 +61,19 @@ extern "C" {
/**
* \brief PEM context structure
*/
typedef struct mbedtls_pem_context
{
unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
}
mbedtls_pem_context;
typedef struct mbedtls_pem_context {
unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header
information */
} mbedtls_pem_context;
/**
* \brief PEM context setup
*
* \param ctx context to be initialized
*/
void mbedtls_pem_init( mbedtls_pem_context *ctx );
void mbedtls_pem_init(mbedtls_pem_context *ctx);
/**
* \brief Read a buffer for PEM information and store the resulting
@@ -98,17 +97,20 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx );
*
* \return 0 on success, or a specific PEM error code
*/
int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
const unsigned char *data,
const unsigned char *pwd,
size_t pwdlen, size_t *use_len );
int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx,
const char *header,
const char *footer,
const unsigned char *data,
const unsigned char *pwd,
size_t pwdlen,
size_t *use_len);
/**
* \brief PEM context memory freeing
*
* \param ctx context to be freed
*/
void mbedtls_pem_free( mbedtls_pem_context *ctx );
void mbedtls_pem_free(mbedtls_pem_context *ctx);
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -138,9 +140,13 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx );
* the required minimum size of \p buf.
* \return Another PEM or BASE64 error code on other kinds of failure.
*/
int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
unsigned char *buf, size_t buf_len, size_t *olen );
int mbedtls_pem_write_buffer(const char *header,
const char *footer,
const unsigned char *der_data,
size_t der_len,
unsigned char *buf,
size_t buf_len,
size_t *olen);
#endif /* MBEDTLS_PEM_WRITE_C */
#ifdef __cplusplus

326
include/mbedtls/pk.h
View File

@@ -29,56 +29,56 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
# include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
# include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
# include "mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
# include "psa/crypto.h"
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
!defined(__cplusplus)
# define inline __inline
#endif
/** Memory allocation failed. */
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
/** Type mismatch, eg attempt to encrypt with an ECDSA key */
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
/** Bad input parameters to function. */
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
/** Read/write of file failed. */
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
/** Unsupported key version */
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
/** Invalid key tag or value. */
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
/** Key algorithm is unsupported (only RSA and EC are supported). */
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
/** Private key password can't be empty. */
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
/** The pubkey tag or value is invalid (only RSA and EC are supported). */
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
/** The algorithm tag or value is invalid. */
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
/** Elliptic curve is unsupported (only NIST curves are supported). */
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
/** Unavailable feature, e.g. RSA disabled for RSA key. */
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
/** The buffer contains a valid signature followed by more data. */
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
/** The output buffer is too small. */
#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
#ifdef __cplusplus
extern "C" {
@@ -87,8 +87,9 @@ extern "C" {
/**
* \brief Public key types
*/
typedef enum {
MBEDTLS_PK_NONE=0,
typedef enum
{
MBEDTLS_PK_NONE = 0,
MBEDTLS_PK_RSA,
MBEDTLS_PK_ECKEY,
MBEDTLS_PK_ECKEY_DH,
@@ -102,8 +103,7 @@ typedef enum {
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
int MBEDTLS_PRIVATE(expected_salt_len);
@@ -123,42 +123,43 @@ typedef struct mbedtls_pk_rsassa_pss_options
*/
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \
MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For RSA, the signature can be as large as the bignum module allows.
* For RSA_ALT, the signature size is not necessarily tied to what the
* bignum module can do, but in the absence of any specific setting,
* we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
# define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
#if defined(MBEDTLS_ECDSA_C) && \
#if defined(MBEDTLS_ECDSA_C) && \
MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For ECDSA, the ecdsa module exports a constant for the maximum
* signature size. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
# define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
# if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
* through the PSA API in the PSA representation. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
#endif
# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
# define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
# endif
#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
# if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* The Mbed TLS representation is different for ECDSA signatures:
* PSA uses the raw concatenation of r and s,
* whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
* Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
* types, lengths (represented by up to 2 bytes), and potential leading
* zeros of the INTEGERs and the SEQUENCE. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
#endif
# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
# define MBEDTLS_PK_SIGNATURE_MAX_SIZE \
(PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11)
# endif
#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
/**
@@ -174,8 +175,7 @@ typedef enum
/**
* \brief Item to send to the debug module
*/
typedef struct mbedtls_pk_debug_item
{
typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
const char *MBEDTLS_PRIVATE(name);
void *MBEDTLS_PRIVATE(value);
@@ -192,20 +192,20 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
/**
* \brief Public key container
*/
typedef struct mbedtls_pk_context
{
const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
information */
void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Context for resuming operations
*/
typedef struct
{
const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
typedef struct {
const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
information */
void *MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@@ -219,9 +219,9 @@ typedef void mbedtls_pk_restart_ctx;
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
{
return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
return ((mbedtls_rsa_context *)(pk).MBEDTLS_PRIVATE(pk_ctx));
}
#endif /* MBEDTLS_RSA_C */
@@ -232,9 +232,9 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
{
return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
return ((mbedtls_ecp_keypair *)(pk).MBEDTLS_PRIVATE(pk_ctx));
}
#endif /* MBEDTLS_ECP_C */
@@ -242,14 +242,21 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
/**
* \brief Types for RSA-alt abstraction
*/
typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len );
typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len);
typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -259,7 +266,7 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
*
* \return The PK info associated with the type or NULL if not found.
*/
const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type);
/**
* \brief Initialize a #mbedtls_pk_context (as NONE).
@@ -267,7 +274,7 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx );
void mbedtls_pk_init(mbedtls_pk_context *ctx);
/**
* \brief Free the components of a #mbedtls_pk_context.
@@ -280,7 +287,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx );
* PSA key and you still need to call psa_destroy_key()
* independently if you want to destroy that key.
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx );
void mbedtls_pk_free(mbedtls_pk_context *ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -289,7 +296,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx );
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
@@ -297,7 +304,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
* \param ctx The context to clear. It must have been initialized.
* If this is \c NULL, this function does nothing.
*/
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/**
@@ -315,7 +322,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
* \note For contexts holding an RSA-alt key, use
* \c mbedtls_pk_setup_rsa_alt() instead.
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -346,8 +353,7 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
* ECC key pair.
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
const psa_key_id_t key );
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const psa_key_id_t key);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -366,10 +372,11 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
*
* \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
*/
int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
mbedtls_pk_rsa_alt_sign_func sign_func,
mbedtls_pk_rsa_alt_key_len_func key_len_func );
int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx,
void *key,
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
mbedtls_pk_rsa_alt_sign_func sign_func,
mbedtls_pk_rsa_alt_key_len_func key_len_func);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -379,7 +386,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
*
* \return Key size in bits, or 0 on error
*/
size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx);
/**
* \brief Get the length in bytes of the underlying key
@@ -388,9 +395,9 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
*
* \return Key length in bytes, or 0 on error
*/
static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
{
return ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ;
return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
}
/**
@@ -405,7 +412,7 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
* been initialized but not set up, or that has been
* cleared with mbedtls_pk_free().
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
/**
* \brief Verify signature (including padding if relevant).
@@ -434,9 +441,12 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
*/
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
int mbedtls_pk_verify(mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
const unsigned char *sig,
size_t sig_len);
/**
* \brief Restartable version of \c mbedtls_pk_verify()
@@ -458,11 +468,13 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx );
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
const unsigned char *sig,
size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Verify signature, with options.
@@ -493,10 +505,14 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
* to a mbedtls_pk_rsassa_pss_options structure,
* otherwise it must be NULL.
*/
int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type,
const void *options,
mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
const unsigned char *sig,
size_t sig_len);
/**
* \brief Make signature, including padding if relevant.
@@ -526,10 +542,15 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*/
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_pk_sign(mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
unsigned char *sig,
size_t sig_size,
size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Restartable version of \c mbedtls_pk_sign()
@@ -560,12 +581,16 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx );
int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
unsigned char *sig,
size_t sig_size,
size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Decrypt message (including padding if relevant).
@@ -584,10 +609,14 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
*
* \return 0 on success, or a specific error code.
*/
int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t *olen,
size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Encrypt message (including padding if relevant).
@@ -607,10 +636,14 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
*
* \return 0 on success, or a specific error code.
*/
int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
const unsigned char *input,
size_t ilen,
unsigned char *output,
size_t *olen,
size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Check if a public-private pair of keys matches.
@@ -626,10 +659,10 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
* \return Another non-zero value if the keys do not match.
*/
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Export debug information
@@ -639,7 +672,8 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
int mbedtls_pk_debug(const mbedtls_pk_context *ctx,
mbedtls_pk_debug_item *items);
/**
* \brief Access the type name
@@ -648,7 +682,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item
*
* \return Type name on success, or "invalid PK"
*/
const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx);
/**
* \brief Get the key type
@@ -658,7 +692,7 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
* \return Type on success.
* \return #MBEDTLS_PK_NONE for a context that has not been set up.
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx);
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
@@ -692,10 +726,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
const unsigned char *key,
size_t keylen,
const unsigned char *pwd,
size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** \ingroup pk_module */
/**
@@ -719,10 +756,11 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen );
int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
const unsigned char *key,
size_t keylen);
#if defined(MBEDTLS_FS_IO)
# if defined(MBEDTLS_FS_IO)
/** \ingroup pk_module */
/**
* \brief Load and parse a private key
@@ -746,9 +784,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *password,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
const char *path,
const char *password,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** \ingroup pk_module */
/**
@@ -767,8 +807,8 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
#endif /* MBEDTLS_FS_IO */
int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path);
# endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
@@ -785,7 +825,9 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
* \return length of data written if successful, or a specific
* error code
*/
int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
int mbedtls_pk_write_key_der(const mbedtls_pk_context *ctx,
unsigned char *buf,
size_t size);
/**
* \brief Write a public key to a SubjectPublicKeyInfo DER structure
@@ -800,9 +842,11 @@ int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf,
* \return length of data written if successful, or a specific
* error code
*/
int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *ctx,
unsigned char *buf,
size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a public key to a PEM string
*
@@ -813,7 +857,9 @@ int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *b
*
* \return 0 if successful, or a specific error code
*/
int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *ctx,
unsigned char *buf,
size_t size);
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
@@ -825,8 +871,10 @@ int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *b
*
* \return 0 if successful, or a specific error code
*/
int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
#endif /* MBEDTLS_PEM_WRITE_C */
int mbedtls_pk_write_key_pem(const mbedtls_pk_context *ctx,
unsigned char *buf,
size_t size);
# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_WRITE_C */
/*
@@ -845,8 +893,9 @@ int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf,
*
* \return 0 if successful, or a specific PK error code
*/
int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
mbedtls_pk_context *pk );
int mbedtls_pk_parse_subpubkey(unsigned char **p,
const unsigned char *end,
mbedtls_pk_context *pk);
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
@@ -860,8 +909,9 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
*
* \return the length written or a negative error code
*/
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key );
int mbedtls_pk_write_pubkey(unsigned char **p,
unsigned char *start,
const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
/*
@@ -869,7 +919,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
* know you do.
*/
#if defined(MBEDTLS_FS_IO)
int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -893,9 +943,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
psa_key_id_t *key,
psa_algorithm_t hash_alg );
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
psa_key_id_t *key,
psa_algorithm_t hash_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus

45
include/mbedtls/pkcs12.h
View File

@@ -31,23 +31,23 @@
#include <stddef.h>
/** Bad input parameters to function. */
#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
/** Feature not available, e.g. unsupported encryption scheme. */
#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
/** PBE ASN.1 data not as expected. */
#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
/** encryption/decryption key */
#define MBEDTLS_PKCS12_DERIVE_KEY 1
#define MBEDTLS_PKCS12_DERIVE_KEY 1
/** initialization vector */
#define MBEDTLS_PKCS12_DERIVE_IV 2
#define MBEDTLS_PKCS12_DERIVE_IV 2
/** integrity / MAC key */
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3
#define MBEDTLS_PKCS12_PBE_DECRYPT 0
#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
#define MBEDTLS_PKCS12_PBE_DECRYPT 0
#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
#ifdef __cplusplus
extern "C" {
@@ -71,11 +71,15 @@ extern "C" {
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *input, size_t len,
unsigned char *output );
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params,
int mode,
mbedtls_cipher_type_t cipher_type,
mbedtls_md_type_t md_type,
const unsigned char *pwd,
size_t pwdlen,
const unsigned char *input,
size_t len,
unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -100,10 +104,15 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
*
* \return 0 if successful, or a MD, BIGNUM type error.
*/
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *salt, size_t saltlen,
mbedtls_md_type_t mbedtls_md, int id, int iterations );
int mbedtls_pkcs12_derivation(unsigned char *data,
size_t datalen,
const unsigned char *pwd,
size_t pwdlen,
const unsigned char *salt,
size_t saltlen,
mbedtls_md_type_t mbedtls_md,
int id,
int iterations);
#ifdef __cplusplus
}

37
include/mbedtls/pkcs5.h
View File

@@ -33,16 +33,16 @@
#include <stdint.h>
/** Bad input parameters to function. */
#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
/** Unexpected ASN.1 data. */
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
/** Requested encryption or digest alg not available. */
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
#define MBEDTLS_PKCS5_DECRYPT 0
#define MBEDTLS_PKCS5_ENCRYPT 1
#define MBEDTLS_PKCS5_DECRYPT 0
#define MBEDTLS_PKCS5_ENCRYPT 1
#ifdef __cplusplus
extern "C" {
@@ -63,10 +63,13 @@ extern "C" {
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output );
int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params,
int mode,
const unsigned char *pwd,
size_t pwdlen,
const unsigned char *data,
size_t datalen,
unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -84,10 +87,14 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output );
int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
const unsigned char *password,
size_t plen,
const unsigned char *salt,
size_t slen,
unsigned int iteration_count,
uint32_t key_length,
unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
@@ -96,7 +103,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_pkcs5_self_test( int verbose );
int mbedtls_pkcs5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

314
include/mbedtls/platform.h
View File

@@ -35,7 +35,7 @@
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
# include "mbedtls/platform_time.h"
#endif
#ifdef __cplusplus
@@ -46,7 +46,8 @@ extern "C" {
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
@@ -55,97 +56,100 @@ extern "C" {
* and vsnprintf. This affects MSVC and MinGW builds.
*/
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
# define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
# define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
#endif
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
# if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/** The default \c snprintf function to use. */
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf
#else
# define MBEDTLS_PLATFORM_STD_SNPRINTF \
mbedtls_platform_win32_snprintf
# else
/** The default \c snprintf function to use. */
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
#endif
#endif
#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
# define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
# endif
# endif
# if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
# if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
/** The default \c vsnprintf function to use. */
#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf
#else
# define MBEDTLS_PLATFORM_STD_VSNPRINTF \
mbedtls_platform_win32_vsnprintf
# else
/** The default \c vsnprintf function to use. */
#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf
#endif
#endif
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
# define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf
# endif
# endif
# if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
/** The default \c printf function to use. */
#define MBEDTLS_PLATFORM_STD_PRINTF printf
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
# define MBEDTLS_PLATFORM_STD_PRINTF printf
# endif
# if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
/** The default \c fprintf function to use. */
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
#endif
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
# define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
# endif
# if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
/** The default \c calloc function to use. */
#define MBEDTLS_PLATFORM_STD_CALLOC calloc
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
# define MBEDTLS_PLATFORM_STD_CALLOC calloc
# endif
# if !defined(MBEDTLS_PLATFORM_STD_FREE)
/** The default \c free function to use. */
#define MBEDTLS_PLATFORM_STD_FREE free
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
# define MBEDTLS_PLATFORM_STD_FREE free
# endif
# if !defined(MBEDTLS_PLATFORM_STD_EXIT)
/** The default \c exit function to use. */
#define MBEDTLS_PLATFORM_STD_EXIT exit
#endif
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
# define MBEDTLS_PLATFORM_STD_EXIT exit
# endif
# if !defined(MBEDTLS_PLATFORM_STD_TIME)
/** The default \c time function to use. */
#define MBEDTLS_PLATFORM_STD_TIME time
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
# define MBEDTLS_PLATFORM_STD_TIME time
# endif
# if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
/** The default exit value to use. */
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
# define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
# endif
# if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
/** The default exit value to use. */
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
#endif
#if defined(MBEDTLS_FS_IO)
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
#endif
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
#endif
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
#endif
#endif /* MBEDTLS_FS_IO */
# define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
# endif
# if defined(MBEDTLS_FS_IO)
# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
# define MBEDTLS_PLATFORM_STD_NV_SEED_READ \
mbedtls_platform_std_nv_seed_read
# endif
# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
# define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE \
mbedtls_platform_std_nv_seed_write
# endif
# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
# define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
# endif
# endif /* MBEDTLS_FS_IO */
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
#include MBEDTLS_PLATFORM_STD_MEM_HDR
#endif
# if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
# include MBEDTLS_PLATFORM_STD_MEM_HDR
# endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
/* \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
#else
# if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
# define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
# define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
# else
/* For size_t */
#include <stddef.h>
extern void *mbedtls_calloc( size_t n, size_t size );
extern void mbedtls_free( void *ptr );
# include <stddef.h>
extern void *mbedtls_calloc(size_t n, size_t size);
extern void mbedtls_free(void *ptr);
/**
* \brief This function dynamically sets the memory-management
@@ -156,12 +160,12 @@ extern void mbedtls_free( void *ptr );
*
* \return \c 0.
*/
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
void (*free_func)( void * ) );
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
void (*free_func)(void *));
# endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
#define mbedtls_free free
#define mbedtls_calloc calloc
# define mbedtls_free free
# define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
/*
@@ -169,8 +173,8 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
*/
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
/* We need FILE * */
#include <stdio.h>
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
# include <stdio.h>
extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...);
/**
* \brief This function dynamically configures the fprintf
@@ -181,21 +185,22 @@ extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
*
* \return \c 0.
*/
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
... ) );
int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream,
const char *,
...));
#else
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
#else
#define mbedtls_fprintf fprintf
#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
# if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
# define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
# else
# define mbedtls_fprintf fprintf
# endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
/*
* The function pointers for printf
*/
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
extern int (*mbedtls_printf)( const char *format, ... );
extern int (*mbedtls_printf)(const char *format, ...);
/**
* \brief This function dynamically configures the snprintf
@@ -206,13 +211,13 @@ extern int (*mbedtls_printf)( const char *format, ... );
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
#else
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
# if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
# define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
# else
# define mbedtls_printf printf
# endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
/*
@@ -226,11 +231,11 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...);
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...);
/**
* \brief This function allows configuring a custom
@@ -240,14 +245,14 @@ extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
const char * format, ... ) );
int mbedtls_platform_set_snprintf(
int (*snprintf_func)(char *s, size_t n, const char *format, ...));
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
# if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
# define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
# else
# define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
# endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
/*
@@ -260,14 +265,20 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
* the destination buffer is too short.
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include <stdarg.h>
# include <stdarg.h>
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
int mbedtls_platform_win32_vsnprintf(char *s,
size_t n,
const char *fmt,
va_list arg);
#endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
#include <stdarg.h>
extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
# include <stdarg.h>
extern int (*mbedtls_vsnprintf)(char *s,
size_t n,
const char *format,
va_list arg);
/**
* \brief Set your own snprintf function pointer
@@ -276,21 +287,21 @@ extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_lis
*
* \return \c 0
*/
int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
const char * format, va_list arg ) );
int mbedtls_platform_set_vsnprintf(
int (*vsnprintf_func)(char *s, size_t n, const char *format, va_list arg));
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
#else
#define mbedtls_vsnprintf vsnprintf
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
# if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
# define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
# else
# define mbedtls_vsnprintf vsnprintf
# endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
/*
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
extern void (*mbedtls_exit)( int status );
extern void (*mbedtls_exit)(int status);
/**
* \brief This function dynamically configures the exit
@@ -301,27 +312,27 @@ extern void (*mbedtls_exit)( int status );
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
int mbedtls_platform_set_exit(void (*exit_func)(int status));
#else
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
#else
#define mbedtls_exit exit
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
# if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
# define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
# else
# define mbedtls_exit exit
# endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
/*
* The default exit values
*/
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
# define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
#else
#define MBEDTLS_EXIT_SUCCESS 0
# define MBEDTLS_EXIT_SUCCESS 0
#endif
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
# define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
#else
#define MBEDTLS_EXIT_FAILURE 1
# define MBEDTLS_EXIT_FAILURE 1
#endif
/*
@@ -331,15 +342,15 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
* Only enabled when the NV seed entropy source is enabled
*/
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
# if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Internal standard platform definitions */
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
#endif
int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len);
int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len);
# endif
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
# if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len);
extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len);
/**
* \brief This function allows configuring custom seed file writing and
@@ -350,20 +361,20 @@ extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_nv_seed(
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
);
#else
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
#else
#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
#endif
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
int mbedtls_platform_set_nv_seed(int (*nv_seed_read_func)(unsigned char *buf,
size_t buf_len),
int (*nv_seed_write_func)(unsigned char *buf,
size_t buf_len));
# else
# if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
# define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
# define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
# else
# define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
# define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
# endif
# endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
@@ -374,14 +385,13 @@ int mbedtls_platform_set_nv_seed(
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
typedef struct mbedtls_platform_context
{
char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
typedef struct mbedtls_platform_context {
char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are
not portable. */
} mbedtls_platform_context;
#else
#include "platform_alt.h"
# include "platform_alt.h"
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/**
@@ -393,13 +403,14 @@ mbedtls_platform_context;
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
* \note The usage and necessity of this function is dependent on the platform.
* \note The usage and necessity of this function is dependent on the
* platform.
*
* \param ctx The platform context.
*
* \return \c 0 on success.
*/
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
int mbedtls_platform_setup(mbedtls_platform_context *ctx);
/**
* \brief This function performs any platform teardown operations.
*
@@ -409,12 +420,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx );
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
* \note The usage and necessity of this function is dependent on the platform.
* \note The usage and necessity of this function is dependent on the
* platform.
*
* \param ctx The platform context.
*
*/
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
void mbedtls_platform_teardown(mbedtls_platform_context *ctx);
#ifdef __cplusplus
}

19
include/mbedtls/platform_time.h
View File

@@ -32,7 +32,8 @@ extern "C" {
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
@@ -43,7 +44,7 @@ extern "C" {
typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
#else
/* For time_t */
#include <time.h>
# include <time.h>
typedef time_t mbedtls_time_t;
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
@@ -51,7 +52,7 @@ typedef time_t mbedtls_time_t;
* The function pointers for time
*/
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time);
/**
* \brief Set your own time function pointer
@@ -60,13 +61,13 @@ extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
*
* \return 0
*/
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time));
#else
#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
#else
#define mbedtls_time time
#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
# if defined(MBEDTLS_PLATFORM_TIME_MACRO)
# define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
# else
# define mbedtls_time time
# endif /* MBEDTLS_PLATFORM_TIME_MACRO */
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
#ifdef __cplusplus

42
include/mbedtls/platform_util.h
View File

@@ -27,8 +27,8 @@
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
#include "mbedtls/platform_time.h"
#include <time.h>
# include "mbedtls/platform_time.h"
# include <time.h>
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
@@ -36,28 +36,32 @@ extern "C" {
#endif
/* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) \
do { \
} while (0)
#define MBEDTLS_INTERNAL_VALIDATE(cond) \
do { \
} while (0)
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
# if defined(MBEDTLS_DEPRECATED_WARNING)
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
* to avoid conflict with other headers which define and use
* it, too. We might want to move all these definitions here at
* some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
( (mbedtls_deprecated_string_constant_t) ( VAL ) )
# define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t;
# define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \
((mbedtls_deprecated_string_constant_t)(VAL))
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */
# define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \
((mbedtls_deprecated_numeric_constant_t)(VAL))
# undef MBEDTLS_DEPRECATED
# else /* MBEDTLS_DEPRECATED_WARNING */
# define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) VAL
# define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL
# endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
@@ -82,7 +86,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
* \param len Length of the buffer in bytes
*
*/
void mbedtls_platform_zeroize( void *buf, size_t len );
void mbedtls_platform_zeroize(void *buf, size_t len);
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
@@ -111,8 +115,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
struct tm *tm_buf );
struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
struct tm *tm_buf);
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus

54
include/mbedtls/poly1305.h
View File

@@ -39,7 +39,7 @@
#include <stddef.h>
/** Invalid input parameter(s). */
#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
#ifdef __cplusplus
extern "C" {
@@ -47,18 +47,20 @@ extern "C" {
#if !defined(MBEDTLS_POLY1305_ALT)
typedef struct mbedtls_poly1305_context
{
uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
}
mbedtls_poly1305_context;
typedef struct mbedtls_poly1305_context {
uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the
key). */
uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the
key). */
uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data.
*/
size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in
'queue'. */
} mbedtls_poly1305_context;
#else /* MBEDTLS_POLY1305_ALT */
#include "poly1305_alt.h"
#else /* MBEDTLS_POLY1305_ALT */
# include "poly1305_alt.h"
#endif /* MBEDTLS_POLY1305_ALT */
/**
@@ -76,7 +78,7 @@ mbedtls_poly1305_context;
* \param ctx The Poly1305 context to initialize. This must
* not be \c NULL.
*/
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -86,7 +88,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
* case this function is a no-op. If it is not \c NULL, it must
* point to an initialized Poly1305 context.
*/
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx);
/**
* \brief This function sets the one-time authentication key.
@@ -101,8 +103,8 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
const unsigned char key[32] );
int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
const unsigned char key[32]);
/**
* \brief This functions feeds an input buffer into an ongoing
@@ -122,9 +124,9 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function generates the Poly1305 Message
@@ -138,8 +140,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
unsigned char mac[16] );
int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
unsigned char mac[16]);
/**
* \brief This function calculates the Poly1305 MAC of the input
@@ -159,10 +161,10 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_poly1305_mac( const unsigned char key[32],
const unsigned char *input,
size_t ilen,
unsigned char mac[16] );
int mbedtls_poly1305_mac(const unsigned char key[32],
const unsigned char *input,
size_t ilen,
unsigned char mac[16]);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -171,7 +173,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_poly1305_self_test( int verbose );
int mbedtls_poly1305_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

6
include/mbedtls/private_access.h
View File

@@ -1,4 +1,4 @@
/**
/**
* \file private_access.h
*
* \brief Macro wrapper for struct's memebrs.
@@ -24,9 +24,9 @@
#define MBEDTLS_PRIVATE_ACCESS_H
#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_PRIVATE(member) private_##member
# define MBEDTLS_PRIVATE(member) private_##member
#else
#define MBEDTLS_PRIVATE(member) member
# define MBEDTLS_PRIVATE(member) member
#endif
#endif /* MBEDTLS_PRIVATE_ACCESS_H */

492
include/mbedtls/psa_util.h
View File

@@ -31,23 +31,22 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
# include "psa/crypto.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
#include "mbedtls/pk.h"
#include "mbedtls/oid.h"
#include "mbedtls/error.h"
# include "mbedtls/ecp.h"
# include "mbedtls/md.h"
# include "mbedtls/pk.h"
# include "mbedtls/oid.h"
# include "mbedtls/error.h"
#include <string.h>
# include <string.h>
/* Translations for symmetric crypto. */
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
mbedtls_cipher_type_t cipher )
static inline psa_key_type_t
mbedtls_psa_translate_cipher_type(mbedtls_cipher_type_t cipher)
{
switch( cipher )
{
switch (cipher) {
case MBEDTLS_CIPHER_AES_128_CCM:
case MBEDTLS_CIPHER_AES_192_CCM:
case MBEDTLS_CIPHER_AES_256_CCM:
@@ -57,301 +56,293 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
case MBEDTLS_CIPHER_AES_128_CBC:
case MBEDTLS_CIPHER_AES_192_CBC:
case MBEDTLS_CIPHER_AES_256_CBC:
return PSA_KEY_TYPE_AES ;
return PSA_KEY_TYPE_AES;
/* ARIA not yet supported in PSA. */
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
case MBEDTLS_CIPHER_ARIA_192_CCM:
case MBEDTLS_CIPHER_ARIA_256_CCM:
case MBEDTLS_CIPHER_ARIA_128_GCM:
case MBEDTLS_CIPHER_ARIA_192_GCM:
case MBEDTLS_CIPHER_ARIA_256_GCM:
case MBEDTLS_CIPHER_ARIA_128_CBC:
case MBEDTLS_CIPHER_ARIA_192_CBC:
case MBEDTLS_CIPHER_ARIA_256_CBC:
return PSA_KEY_TYPE_ARIA ; */
/* ARIA not yet supported in PSA. */
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
case MBEDTLS_CIPHER_ARIA_192_CCM:
case MBEDTLS_CIPHER_ARIA_256_CCM:
case MBEDTLS_CIPHER_ARIA_128_GCM:
case MBEDTLS_CIPHER_ARIA_192_GCM:
case MBEDTLS_CIPHER_ARIA_256_GCM:
case MBEDTLS_CIPHER_ARIA_128_CBC:
case MBEDTLS_CIPHER_ARIA_192_CBC:
case MBEDTLS_CIPHER_ARIA_256_CBC:
return PSA_KEY_TYPE_ARIA ; */
default:
return 0 ;
return 0;
}
}
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
mbedtls_cipher_mode_t mode, size_t taglen )
static inline psa_algorithm_t
mbedtls_psa_translate_cipher_mode(mbedtls_cipher_mode_t mode, size_t taglen)
{
switch( mode )
{
switch (mode) {
case MBEDTLS_MODE_ECB:
return PSA_ALG_ECB_NO_PADDING ;
return PSA_ALG_ECB_NO_PADDING;
case MBEDTLS_MODE_GCM:
return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ;
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
case MBEDTLS_MODE_CCM:
return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ;
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
case MBEDTLS_MODE_CBC:
if( taglen == 0 )
return PSA_ALG_CBC_NO_PADDING ;
if (taglen == 0)
return PSA_ALG_CBC_NO_PADDING;
else
return 0 ;
return 0;
default:
return 0 ;
return 0;
}
}
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
mbedtls_operation_t op )
static inline psa_key_usage_t
mbedtls_psa_translate_cipher_operation(mbedtls_operation_t op)
{
switch( op )
{
switch (op) {
case MBEDTLS_ENCRYPT:
return PSA_KEY_USAGE_ENCRYPT ;
return PSA_KEY_USAGE_ENCRYPT;
case MBEDTLS_DECRYPT:
return PSA_KEY_USAGE_DECRYPT ;
return PSA_KEY_USAGE_DECRYPT;
default:
return 0 ;
return 0;
}
}
/* Translations for hashing. */
static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
{
switch( md_alg )
{
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return PSA_ALG_MD5 ;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
return PSA_ALG_SHA_1 ;
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return PSA_ALG_SHA_224 ;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return PSA_ALG_SHA_256 ;
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
return PSA_ALG_SHA_384 ;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
return PSA_ALG_SHA_512 ;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
return PSA_ALG_RIPEMD160 ;
#endif
case MBEDTLS_MD_NONE:
return 0 ;
default:
return 0 ;
switch (md_alg) {
# if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return PSA_ALG_MD5;
# endif
# if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
return PSA_ALG_SHA_1;
# endif
# if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return PSA_ALG_SHA_224;
# endif
# if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return PSA_ALG_SHA_256;
# endif
# if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
return PSA_ALG_SHA_384;
# endif
# if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
return PSA_ALG_SHA_512;
# endif
# if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
return PSA_ALG_RIPEMD160;
# endif
case MBEDTLS_MD_NONE:
return 0;
default:
return 0;
}
}
/* Translations for ECC. */
static inline int mbedtls_psa_get_ecc_oid_from_id(
psa_ecc_family_t curve, size_t bits,
char const **oid, size_t *oid_len )
static inline int mbedtls_psa_get_ecc_oid_from_id(psa_ecc_family_t curve,
size_t bits,
char const **oid,
size_t *oid_len)
{
switch( curve )
{
switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
switch (bits) {
# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_FAMILY_SECP_K1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
switch (bits) {
# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
return 0;
# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
switch (bits) {
# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
return 0;
# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
return 0;
# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
return 0 ;
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
return 0;
# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
}
(void) oid;
(void) oid_len;
return -1 ;
(void)oid;
(void)oid_len;
return -1;
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((521 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((521 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
#endif
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((512 + 7) / 8) + 1)
# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((512 + 7) / 8) + 1)
# endif
# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
/* Translations for PK layer */
static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
static inline int mbedtls_psa_err_translate_pk(psa_status_t status)
{
switch( status )
{
switch (status) {
case PSA_SUCCESS:
return 0 ;
return 0;
case PSA_ERROR_NOT_SUPPORTED:
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ;
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
case PSA_ERROR_INSUFFICIENT_MEMORY:
return MBEDTLS_ERR_PK_ALLOC_FAILED ;
return MBEDTLS_ERR_PK_ALLOC_FAILED;
case PSA_ERROR_INSUFFICIENT_ENTROPY:
return MBEDTLS_ERR_ECP_RANDOM_FAILED ;
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
case PSA_ERROR_BAD_STATE:
return MBEDTLS_ERR_PK_BAD_INPUT_DATA ;
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
/* All other failures */
case PSA_ERROR_COMMUNICATION_FAILURE:
case PSA_ERROR_HARDWARE_FAILURE:
case PSA_ERROR_CORRUPTION_DETECTED:
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
default: /* We return the same as for the 'other failures',
* but list them separately nonetheless to indicate
* which failure conditions we have considered. */
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
}
@@ -360,18 +351,18 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* into a PSA ECC group identifier. */
#if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
uint16_t tls_ecc_grp_reg_id, size_t *bits )
# if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t
mbedtls_psa_parse_tls_ecc_group(uint16_t tls_ecc_grp_reg_id, size_t *bits)
{
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
if( curve_info == NULL )
return 0 ;
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
if (curve_info == NULL)
return 0;
return (PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa(curve_info->MBEDTLS_PRIVATE(grp_id), bits)));
}
#endif /* MBEDTLS_ECP_C */
# endif /* MBEDTLS_ECP_C */
/* This function takes a buffer holding an EC public key
* exported through psa_export_public_key(), and converts
@@ -383,14 +374,14 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
* as a subbuffer, and the function merely selects this subbuffer instead
* of making a copy.
*/
static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
size_t srclen,
unsigned char **dst,
size_t *dstlen )
static inline int mbedtls_psa_tls_psa_ec_to_ecpoint(unsigned char *src,
size_t srclen,
unsigned char **dst,
size_t *dstlen)
{
*dst = src;
*dstlen = srclen;
return 0 ;
return 0;
}
/* This function takes a buffer holding an ECPoint structure
@@ -398,18 +389,18 @@ static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
* exchanges) and converts it into a format that the PSA key
* agreement API understands.
*/
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
size_t srclen,
unsigned char *dst,
size_t dstlen,
size_t *olen )
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec(unsigned char const *src,
size_t srclen,
unsigned char *dst,
size_t dstlen,
size_t *olen)
{
if( srclen > dstlen )
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ;
if (srclen > dstlen)
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
memcpy( dst, src, srclen );
memcpy(dst, src, srclen);
*olen = srclen;
return 0 ;
return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -426,9 +417,10 @@ static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
* This type name is not part of the Mbed TLS stable API. It may be renamed
* or moved without warning.
*/
typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
typedef int
mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
# if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** The random generator function for the PSA subsystem.
*
@@ -465,9 +457,9 @@ typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_s
* `MBEDTLS_ERR_CTR_DRBG_xxx` or
* `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
*/
int mbedtls_psa_get_random( void *p_rng,
unsigned char *output,
size_t output_size );
int mbedtls_psa_get_random(void *p_rng,
unsigned char *output,
size_t output_size);
/** The random generator state for the PSA subsystem.
*
@@ -479,24 +471,24 @@ int mbedtls_psa_get_random( void *p_rng,
* The implementation of this macro depends on the configuration of the
* library. Do not make any assumption on its nature.
*/
#define MBEDTLS_PSA_RANDOM_STATE NULL
# define MBEDTLS_PSA_RANDOM_STATE NULL
#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
# else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
# if defined(MBEDTLS_CTR_DRBG_C)
# include "mbedtls/ctr_drbg.h"
typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
#elif defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
# elif defined(MBEDTLS_HMAC_DRBG_C)
# include "mbedtls/hmac_drbg.h"
typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
#endif
# endif
extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
# define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
# endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#endif /* MBEDTLS_PSA_CRYPTO_C */

49
include/mbedtls/ripemd160.h
View File

@@ -39,16 +39,15 @@ extern "C" {
/**
* \brief RIPEMD-160 context structure
*/
typedef struct mbedtls_ripemd160_context
{
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_ripemd160_context;
typedef struct mbedtls_ripemd160_context {
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
*/
} mbedtls_ripemd160_context;
#else /* MBEDTLS_RIPEMD160_ALT */
#include "ripemd160_alt.h"
#else /* MBEDTLS_RIPEMD160_ALT */
# include "ripemd160_alt.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
/**
@@ -56,14 +55,14 @@ mbedtls_ripemd160_context;
*
* \param ctx RIPEMD-160 context to be initialized
*/
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx);
/**
* \brief Clear RIPEMD-160 context
*
* \param ctx RIPEMD-160 context to be cleared
*/
void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx);
/**
* \brief Clone (the state of) an RIPEMD-160 context
@@ -71,8 +70,8 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
* \param dst The destination context
* \param src The context to be cloned
*/
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
const mbedtls_ripemd160_context *src );
void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
const mbedtls_ripemd160_context *src);
/**
* \brief RIPEMD-160 context setup
@@ -81,7 +80,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
*
* \return 0 if successful
*/
int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx);
/**
* \brief RIPEMD-160 process buffer
@@ -92,9 +91,9 @@ int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
*
* \return 0 if successful
*/
int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief RIPEMD-160 final digest
@@ -104,8 +103,8 @@ int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
*
* \return 0 if successful
*/
int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
unsigned char output[20] );
int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
unsigned char output[20]);
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -115,8 +114,8 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
*
* \return 0 if successful
*/
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
const unsigned char data[64] );
int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
const unsigned char data[64]);
/**
* \brief Output = RIPEMD-160( input buffer )
@@ -127,9 +126,9 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
*
* \return 0 if successful
*/
int mbedtls_ripemd160( const unsigned char *input,
size_t ilen,
unsigned char output[20] );
int mbedtls_ripemd160(const unsigned char *input,
size_t ilen,
unsigned char output[20]);
#if defined(MBEDTLS_SELF_TEST)
@@ -138,7 +137,7 @@ int mbedtls_ripemd160( const unsigned char *input,
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_ripemd160_self_test( int verbose );
int mbedtls_ripemd160_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

400
include/mbedtls/rsa.h
View File

@@ -35,46 +35,46 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/*
* RSA Error codes
*/
/** Bad input parameters to function. */
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
/** Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
/** Something failed during generation of a key. */
#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
/** Key failed to pass the validity check of the library. */
#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
/** The public key operation failed. */
#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
/** The private key operation failed. */
#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
/** The PKCS#1 verification failed. */
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
/** The output buffer for decryption is not large enough. */
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
/** The random generator failed to generate non-zeros. */
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
/*
* RSA constants
*/
/** Use PKCS#1 v1.5 encoding. */
#define MBEDTLS_RSA_PKCS_V15 0
#define MBEDTLS_RSA_PKCS_V15 0
/** Use PKCS#1 v2.1 encoding. */
#define MBEDTLS_RSA_PKCS_V21 1
#define MBEDTLS_RSA_PKCS_V21 1
/** Identifier for RSA signature operations. */
#define MBEDTLS_RSA_SIGN 1
#define MBEDTLS_RSA_SIGN 1
/** Identifier for RSA encryption and decryption operations. */
#define MBEDTLS_RSA_CRYPT 2
#define MBEDTLS_RSA_CRYPT 2
#define MBEDTLS_RSA_SALT_LEN_ANY -1
#define MBEDTLS_RSA_SALT_LEN_ANY -1
/*
* The above constants may be used even if the RSA module is compile out,
@@ -92,49 +92,48 @@ extern "C" {
/**
* \brief The RSA context structure.
*/
typedef struct mbedtls_rsa_context
{
int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
typedef struct mbedtls_rsa_context {
int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t
type, as specified in md.h for use in the MGF mask
generating function used in the EME-OAEP and EMSA-PSS
encodings. */
# if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex.
*/
# endif
} mbedtls_rsa_context;
#else /* MBEDTLS_RSA_ALT */
#include "rsa_alt.h"
#else /* MBEDTLS_RSA_ALT */
# include "rsa_alt.h"
#endif /* MBEDTLS_RSA_ALT */
/**
@@ -147,7 +146,7 @@ mbedtls_rsa_context;
*
* \param ctx The RSA context to initialize. This must not be \c NULL.
*/
void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
void mbedtls_rsa_init(mbedtls_rsa_context *ctx);
/**
* \brief This function sets padding for an already initialized RSA
@@ -183,8 +182,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
* \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
* \p padding or \p hash_id is invalid.
*/
int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
mbedtls_md_type_t hash_id );
int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx,
int padding,
mbedtls_md_type_t hash_id);
/**
* \brief This function imports a set of core parameters into an
@@ -215,10 +215,12 @@ int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
const mbedtls_mpi *P, const mbedtls_mpi *Q,
const mbedtls_mpi *D, const mbedtls_mpi *E );
int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
const mbedtls_mpi *P,
const mbedtls_mpi *Q,
const mbedtls_mpi *D,
const mbedtls_mpi *E);
/**
* \brief This function imports core RSA parameters, in raw big-endian
@@ -254,12 +256,17 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
unsigned char const *N, size_t N_len,
unsigned char const *P, size_t P_len,
unsigned char const *Q, size_t Q_len,
unsigned char const *D, size_t D_len,
unsigned char const *E, size_t E_len );
int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
unsigned char const *N,
size_t N_len,
unsigned char const *P,
size_t P_len,
unsigned char const *Q,
size_t Q_len,
unsigned char const *D,
size_t D_len,
unsigned char const *E,
size_t E_len);
/**
* \brief This function completes an RSA context from
@@ -293,7 +300,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
* failed.
*
*/
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
int mbedtls_rsa_complete(mbedtls_rsa_context *ctx);
/**
* \brief This function exports the core parameters of an RSA key.
@@ -335,9 +342,12 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
* \return A non-zero return code on any other failure.
*
*/
int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
mbedtls_mpi *D, mbedtls_mpi *E );
int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
mbedtls_mpi *N,
mbedtls_mpi *P,
mbedtls_mpi *Q,
mbedtls_mpi *D,
mbedtls_mpi *E);
/**
* \brief This function exports core parameters of an RSA key
@@ -386,12 +396,17 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
* functionality or because of security policies.
* \return A non-zero return code on any other failure.
*/
int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
unsigned char *N, size_t N_len,
unsigned char *P, size_t P_len,
unsigned char *Q, size_t Q_len,
unsigned char *D, size_t D_len,
unsigned char *E, size_t E_len );
int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
unsigned char *N,
size_t N_len,
unsigned char *P,
size_t P_len,
unsigned char *Q,
size_t Q_len,
unsigned char *D,
size_t D_len,
unsigned char *E,
size_t E_len);
/**
* \brief This function exports CRT parameters of a private RSA key.
@@ -412,8 +427,10 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
* \return A non-zero error code on failure.
*
*/
int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
mbedtls_mpi *DP,
mbedtls_mpi *DQ,
mbedtls_mpi *QP);
/**
* \brief This function retrieves the length of RSA modulus in Bytes.
@@ -423,7 +440,7 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
* \return The length of the RSA modulus in Bytes.
*
*/
size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx);
/**
* \brief This function generates an RSA keypair.
@@ -443,10 +460,11 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
unsigned int nbits, int exponent );
int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
unsigned int nbits,
int exponent);
/**
* \brief This function checks if a context contains at least an RSA
@@ -462,7 +480,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks if a context contains an RSA private key
@@ -500,7 +518,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks a public-private RSA key pair.
@@ -513,8 +531,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv );
int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv);
/**
* \brief This function performs an RSA public key operation.
@@ -535,9 +553,9 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output );
int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function performs an RSA private key operation.
@@ -568,11 +586,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *input,
unsigned char *output );
int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function adds the message padding, then performs an RSA
@@ -597,12 +615,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t ilen,
const unsigned char *input,
unsigned char *output );
int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t ilen,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function performs a PKCS#1 v1.5 encryption operation
@@ -624,12 +642,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t ilen,
const unsigned char *input,
unsigned char *output );
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
size_t ilen,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP encryption
@@ -658,13 +678,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
unsigned char *output );
int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *label,
size_t label_len,
size_t ilen,
const unsigned char *input,
unsigned char *output);
/**
* \brief This function performs an RSA operation, then removes the
@@ -697,13 +718,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v1.5 decryption
@@ -734,13 +755,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP decryption
@@ -775,14 +798,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *label,
size_t label_len,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len);
/**
* \brief This function performs a private RSA operation to sign
@@ -818,13 +842,13 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 signature
@@ -850,13 +874,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -901,14 +927,16 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
int saltlen,
unsigned char *sig );
int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
int saltlen,
unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -951,13 +979,13 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
/**
* \brief This function performs a public RSA operation and checks
@@ -985,11 +1013,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 verification
@@ -1010,11 +1038,11 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1045,11 +1073,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1085,13 +1113,13 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
mbedtls_md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig );
int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
mbedtls_md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig);
/**
* \brief This function copies the components of an RSA context.
@@ -1102,7 +1130,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
*/
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src);
/**
* \brief This function frees the components of an RSA key.
@@ -1111,7 +1139,7 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
* this function is a no-op. If it is not \c NULL, it must
* point to an initialized RSA context.
*/
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
void mbedtls_rsa_free(mbedtls_rsa_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -1121,7 +1149,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_rsa_self_test( int verbose );
int mbedtls_rsa_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

50
include/mbedtls/sha1.h
View File

@@ -36,7 +36,7 @@
#include <stdint.h>
/** SHA-1 input data was malformed. */
#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
#ifdef __cplusplus
extern "C" {
@@ -54,16 +54,15 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_sha1_context
{
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
}
mbedtls_sha1_context;
typedef struct mbedtls_sha1_context {
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
processed. */
} mbedtls_sha1_context;
#else /* MBEDTLS_SHA1_ALT */
#include "sha1_alt.h"
#else /* MBEDTLS_SHA1_ALT */
# include "sha1_alt.h"
#endif /* MBEDTLS_SHA1_ALT */
/**
@@ -77,7 +76,7 @@ mbedtls_sha1_context;
* This must not be \c NULL.
*
*/
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
void mbedtls_sha1_init(mbedtls_sha1_context *ctx);
/**
* \brief This function clears a SHA-1 context.
@@ -92,7 +91,7 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
* SHA-1 context.
*
*/
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
void mbedtls_sha1_free(mbedtls_sha1_context *ctx);
/**
* \brief This function clones the state of a SHA-1 context.
@@ -105,8 +104,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
* \param src The SHA-1 context to clone from. This must be initialized.
*
*/
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src );
void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src);
/**
* \brief This function starts a SHA-1 checksum calculation.
@@ -121,7 +120,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
* \return A negative error code on failure.
*
*/
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
int mbedtls_sha1_starts(mbedtls_sha1_context *ctx);
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -140,9 +139,9 @@ int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_sha1_update(mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -160,8 +159,7 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] );
int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, unsigned char output[20]);
/**
* \brief SHA-1 process data block (internal use only).
@@ -178,8 +176,8 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
* \return A negative error code on failure.
*
*/
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] );
int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
const unsigned char data[64]);
/**
* \brief This function calculates the SHA-1 checksum of a buffer.
@@ -204,9 +202,9 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
* \return A negative error code on failure.
*
*/
int mbedtls_sha1( const unsigned char *input,
size_t ilen,
unsigned char output[20] );
int mbedtls_sha1(const unsigned char *input,
size_t ilen,
unsigned char output[20]);
#if defined(MBEDTLS_SELF_TEST)
@@ -221,7 +219,7 @@ int mbedtls_sha1( const unsigned char *input,
* \return \c 1 on failure.
*
*/
int mbedtls_sha1_self_test( int verbose );
int mbedtls_sha1_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

59
include/mbedtls/sha256.h
View File

@@ -4,7 +4,8 @@
* \brief This file contains SHA-224 and SHA-256 definitions and functions.
*
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
* (SHS)</em>.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -32,7 +33,7 @@
#include <stdint.h>
/** SHA-256 input data was malformed. */
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
#ifdef __cplusplus
extern "C" {
@@ -49,18 +50,17 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts().
*/
typedef struct mbedtls_sha256_context
{
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;
typedef struct mbedtls_sha256_context {
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
processed. */
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
} mbedtls_sha256_context;
#else /* MBEDTLS_SHA256_ALT */
#include "sha256_alt.h"
#else /* MBEDTLS_SHA256_ALT */
# include "sha256_alt.h"
#endif /* MBEDTLS_SHA256_ALT */
/**
@@ -68,7 +68,7 @@ mbedtls_sha256_context;
*
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
*/
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
/**
* \brief This function clears a SHA-256 context.
@@ -77,7 +77,7 @@ void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized SHA-256 context.
*/
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
/**
* \brief This function clones the state of a SHA-256 context.
@@ -85,8 +85,8 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src );
void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src);
/**
* \brief This function starts a SHA-224 or SHA-256 checksum
@@ -99,7 +99,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -114,9 +114,9 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -131,8 +131,7 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char *output );
int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output);
/**
* \brief This function processes a single data block within
@@ -146,8 +145,8 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] );
int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
const unsigned char data[64]);
/**
* \brief This function calculates the SHA-224 or SHA-256
@@ -168,10 +167,10 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
int mbedtls_sha256( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is224 );
int mbedtls_sha256(const unsigned char *input,
size_t ilen,
unsigned char *output,
int is224);
#if defined(MBEDTLS_SELF_TEST)
@@ -181,7 +180,7 @@ int mbedtls_sha256( const unsigned char *input,
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha256_self_test( int verbose );
int mbedtls_sha256_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */

65
include/mbedtls/sha512.h
View File

@@ -3,7 +3,8 @@
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
*
* The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
* (SHS)</em>.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -31,7 +32,7 @@
#include <stdint.h>
/** SHA-512 input data was malformed. */
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
#ifdef __cplusplus
extern "C" {
@@ -48,20 +49,19 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts().
*/
typedef struct mbedtls_sha512_context
{
uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C)
int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;
typedef struct mbedtls_sha512_context {
uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being
processed. */
# if defined(MBEDTLS_SHA384_C)
int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
# endif
} mbedtls_sha512_context;
#else /* MBEDTLS_SHA512_ALT */
#include "sha512_alt.h"
#else /* MBEDTLS_SHA512_ALT */
# include "sha512_alt.h"
#endif /* MBEDTLS_SHA512_ALT */
/**
@@ -70,7 +70,7 @@ mbedtls_sha512_context;
* \param ctx The SHA-512 context to initialize. This must
* not be \c NULL.
*/
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
void mbedtls_sha512_init(mbedtls_sha512_context *ctx);
/**
* \brief This function clears a SHA-512 context.
@@ -80,7 +80,7 @@ void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
* is not \c NULL, it must point to an initialized
* SHA-512 context.
*/
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
void mbedtls_sha512_free(mbedtls_sha512_context *ctx);
/**
* \brief This function clones the state of a SHA-512 context.
@@ -88,8 +88,8 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src );
void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src);
/**
* \brief This function starts a SHA-384 or SHA-512 checksum
@@ -106,7 +106,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -121,9 +121,9 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen );
int mbedtls_sha512_update(mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen);
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -138,8 +138,7 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char *output );
int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output);
/**
* \brief This function processes a single data block within
@@ -153,8 +152,8 @@ int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] );
int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
const unsigned char data[128]);
/**
* \brief This function calculates the SHA-512 or SHA-384
@@ -182,20 +181,20 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha512( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is384 );
int mbedtls_sha512(const unsigned char *input,
size_t ilen,
unsigned char *output,
int is384);
#if defined(MBEDTLS_SELF_TEST)
/**
/**
* \brief The SHA-384 or SHA-512 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha512_self_test( int verbose );
int mbedtls_sha512_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

1641
include/mbedtls/ssl.h
View File

File diff suppressed because it is too large Load Diff

58
include/mbedtls/ssl_cache.h
View File

@@ -28,23 +28,25 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
# define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#endif
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
# define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES \
50 /*!< Maximum entries in cache */
#endif
/* \} name SECTION: Module settings */
@@ -59,31 +61,29 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
/**
* \brief This structure is used for storing cache entries
*/
struct mbedtls_ssl_cache_entry
{
struct mbedtls_ssl_cache_entry {
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
size_t MBEDTLS_PRIVATE(session_id_len);
unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
size_t MBEDTLS_PRIVATE(session_len);
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
* \brief Cache context
*/
struct mbedtls_ssl_cache_context
{
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
struct mbedtls_ssl_cache_context {
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};
@@ -92,7 +92,7 @@ struct mbedtls_ssl_cache_context
*
* \param cache SSL cache context
*/
void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
/**
* \brief Cache get callback implementation
@@ -105,10 +105,10 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
* \param session The address at which to store the session
* associated with \p session_id, if present.
*/
int mbedtls_ssl_cache_get( void *data,
unsigned char const *session_id,
size_t session_id_len,
mbedtls_ssl_session *session );
int mbedtls_ssl_cache_get(void *data,
unsigned char const *session_id,
size_t session_id_len,
mbedtls_ssl_session *session);
/**
* \brief Cache set callback implementation
@@ -120,10 +120,10 @@ int mbedtls_ssl_cache_get( void *data,
* \param session_id_len The length of \p session_id in bytes.
* \param session The session to store.
*/
int mbedtls_ssl_cache_set( void *data,
unsigned char const *session_id,
size_t session_id_len,
const mbedtls_ssl_session *session );
int mbedtls_ssl_cache_set(void *data,
unsigned char const *session_id,
size_t session_id_len,
const mbedtls_ssl_session *session);
#if defined(MBEDTLS_HAVE_TIME)
/**
@@ -135,7 +135,8 @@ int mbedtls_ssl_cache_set( void *data,
* \param cache SSL cache context
* \param timeout cache entry timeout in seconds
*/
void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache,
int timeout);
#endif /* MBEDTLS_HAVE_TIME */
/**
@@ -145,14 +146,15 @@ void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeou
* \param cache SSL cache context
* \param max cache entry maximum
*/
void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache,
int max);
/**
* \brief Free referenced items in a cache context and clear memory
*
* \param cache SSL cache context
*/
void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
#ifdef __cplusplus
}

506
include/mbedtls/ssl_ciphersuites.h
View File

@@ -37,240 +37,240 @@ extern "C" {
* Supported ciphersuites (Official IANA names)
*/
/** Weak! */
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
/** Weak! */
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
/** Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
/** Weak! */
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
/** Weak! */
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
/** Weak! */
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
/** Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
/** Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
/** Weak! */
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
/** Weak! */
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
/** Weak! */
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
/** Weak! */
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
/** Weak! */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
/** Weak! */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
/** Weak! */
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
/** Weak! */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
@@ -282,42 +282,42 @@ extern "C" {
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
@@ -329,71 +329,72 @@ extern "C" {
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
/** experimental */
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
/* RFC 7905 */
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
/** TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
/** TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
*/
typedef enum {
typedef enum
{
MBEDTLS_KEY_EXCHANGE_NONE = 0,
MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -409,94 +410,93 @@ typedef enum {
} mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
# define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
#endif
/* Key exchanges allowing client certificate requests */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
# define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
#endif
/* Key exchanges involving server signature in ServerKeyExchange */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
# define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
#endif
/* Key exchanges using ECDH */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
#endif
/* Key exchanges that don't involve ephemeral keys */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
#endif
/* Key exchanges that involve ephemeral keys */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
#endif
/* Key exchanges using a PSK */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
#endif
/* Key exchanges using DHE */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
#endif
/* Key exchanges using ECDHE */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
# define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
#endif
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/** Weak ciphersuite flag */
#define MBEDTLS_CIPHERSUITE_WEAK 0x01
#define MBEDTLS_CIPHERSUITE_WEAK 0x01
/** Short authentication tag, eg for CCM_8 */
#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
/** Can't be used with DTLS */
#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
/**
* \brief This structure is used for storing ciphersuite information
*/
struct mbedtls_ssl_ciphersuite_t
{
struct mbedtls_ssl_ciphersuite_t {
int MBEDTLS_PRIVATE(id);
const char * MBEDTLS_PRIVATE(name);
const char *MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
@@ -510,92 +510,96 @@ struct mbedtls_ssl_ciphersuite_t
unsigned char MBEDTLS_PRIVATE(flags);
};
const int *mbedtls_ssl_list_ciphersuites( void );
const int *mbedtls_ssl_list_ciphersuites(void);
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
const mbedtls_ssl_ciphersuite_t *
mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
const mbedtls_ssl_ciphersuite_t *
mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
mbedtls_pk_type_t
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
mbedtls_pk_type_t
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
#endif
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -603,56 +607,56 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
static inline int
mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return 1 ;
return 1;
default:
return 0 ;
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */

35
include/mbedtls/ssl_cookie.h
View File

@@ -28,19 +28,21 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in mbedtls_config.h or define them on the compiler command line.
* Either change them in mbedtls_config.h or define them on the compiler command
* line.
* \{
*/
#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
#define MBEDTLS_SSL_COOKIE_TIMEOUT 60
/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
* number of cookies issued */
# define MBEDTLS_SSL_COOKIE_TIMEOUT 60
#endif
/* \} name SECTION: Module settings */
@@ -52,14 +54,14 @@ extern "C" {
/**
* \brief Context for the default cookie functions.
*/
typedef struct mbedtls_ssl_cookie_ctx
{
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
typedef struct mbedtls_ssl_cookie_ctx {
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC
portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if
HAVE_TIME, or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
@@ -69,14 +71,14 @@ typedef struct mbedtls_ssl_cookie_ctx
/**
* \brief Initialize cookie context
*/
void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Setup cookie context (generate keys)
*/
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/**
* \brief Set expiration delay for cookies
@@ -87,12 +89,13 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
* issued in the meantime.
* 0 to disable expiration (NOT recommended)
*/
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx,
unsigned long delay);
/**
* \brief Free cookie context
*/
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t

48
include/mbedtls/ssl_ticket.h
View File

@@ -35,7 +35,7 @@
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
# include "mbedtls/threading.h"
#endif
#ifdef __cplusplus
@@ -45,33 +45,34 @@ extern "C" {
/**
* \brief Information for session ticket protection
*/
typedef struct mbedtls_ssl_ticket_key
{
unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
mbedtls_ssl_ticket_key;
typedef struct mbedtls_ssl_ticket_key {
unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp
(seconds) */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth
enc/decryption */
} mbedtls_ssl_ticket_key;
/**
* \brief Context for session ticket handling functions
*/
typedef struct mbedtls_ssl_ticket_context
{
mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
typedef struct mbedtls_ssl_ticket_context {
mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys
*/
unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active
key */
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in
seconds */
/** Callback for getting (pseudo-)random numbers */
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ssl_ticket_context;
} mbedtls_ssl_ticket_context;
/**
* \brief Initialize a ticket context.
@@ -80,7 +81,7 @@ mbedtls_ssl_ticket_context;
*
* \param ctx Context to be initialized
*/
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx);
/**
* \brief Prepare context to be actually used
@@ -104,10 +105,11 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_cipher_type_t cipher,
uint32_t lifetime );
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
mbedtls_cipher_type_t cipher,
uint32_t lifetime);
/**
* \brief Implementation of the ticket write callback
@@ -128,7 +130,7 @@ mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
*
* \param ctx Context to be cleaned up
*/
void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx);
#ifdef __cplusplus
}

38
include/mbedtls/threading.h
View File

@@ -32,14 +32,13 @@ extern "C" {
#endif
/** Bad input parameters to function. */
#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
/** Locking / unlocking / free failed with error code. */
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
# include <pthread.h>
typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
@@ -50,7 +49,7 @@ typedef struct mbedtls_threading_mutex_t
#if defined(MBEDTLS_THREADING_ALT)
/* You should define the mbedtls_threading_mutex_t type in your header */
#include "threading_alt.h"
# include "threading_alt.h"
/**
* \brief Set your alternate threading implementation function
@@ -70,15 +69,15 @@ typedef struct mbedtls_threading_mutex_t
* \param mutex_lock the lock function implementation
* \param mutex_unlock the unlock function implementation
*/
void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
void (*mutex_free)( mbedtls_threading_mutex_t * ),
int (*mutex_lock)( mbedtls_threading_mutex_t * ),
int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
void (*mutex_free)(mbedtls_threading_mutex_t *),
int (*mutex_lock)(mbedtls_threading_mutex_t *),
int (*mutex_unlock)(mbedtls_threading_mutex_t *));
/**
* \brief Free global mutexes.
*/
void mbedtls_threading_free_alt( void );
void mbedtls_threading_free_alt(void);
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_THREADING_C)
@@ -87,19 +86,20 @@ void mbedtls_threading_free_alt( void );
*
* All these functions are expected to work or the result will be undefined.
*/
extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex);
extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex);
extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex);
extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex);
/*
* Global mutexes
*/
#if defined(MBEDTLS_FS_IO)
# if defined(MBEDTLS_FS_IO)
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
#endif
# endif
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
# if defined(MBEDTLS_HAVE_TIME_DATE) && \
!defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
/* This mutex may or may not be used in the default definition of
* mbedtls_platform_gmtime_r(), but in order to determine that,
* we need to check POSIX features, hence modify _POSIX_C_SOURCE.
@@ -107,7 +107,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
* an accompanying definition, in case mbedtls_platform_gmtime_r()
* doesn't need it, but that's not a problem. */
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
# endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
#endif /* MBEDTLS_THREADING_C */

23
include/mbedtls/timing.h
View File

@@ -38,27 +38,26 @@ extern "C" {
/**
* \brief timer structure
*/
struct mbedtls_timing_hr_time
{
struct mbedtls_timing_hr_time {
unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
typedef struct mbedtls_timing_delay_context
{
struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
uint32_t MBEDTLS_PRIVATE(int_ms);
uint32_t MBEDTLS_PRIVATE(fin_ms);
typedef struct mbedtls_timing_delay_context {
struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
uint32_t MBEDTLS_PRIVATE(int_ms);
uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */
#include "timing_alt.h"
#else /* MBEDTLS_TIMING_ALT */
# include "timing_alt.h"
#endif /* MBEDTLS_TIMING_ALT */
/* Internal use */
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val,
int reset);
/**
* \brief Set a pair of delays to watch
@@ -74,7 +73,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int
* \note To set a single delay, either use \c mbedtls_timing_set_timer
* directly or use this function with int_ms == fin_ms.
*/
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms);
/**
* \brief Get the status of delays
@@ -88,7 +87,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
* 1 if only the intermediate delay is passed,
* 2 if the final delay is passed.
*/
int mbedtls_timing_get_delay( void *data );
int mbedtls_timing_get_delay(void *data);
#ifdef __cplusplus
}

16
include/mbedtls/version.h
View File

@@ -31,9 +31,9 @@
#if defined(MBEDTLS_VERSION_C)
#ifdef __cplusplus
# ifdef __cplusplus
extern "C" {
#endif
# endif
/**
* Get the version number.
@@ -41,7 +41,7 @@ extern "C" {
* \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch).
*/
unsigned int mbedtls_version_get_number( void );
unsigned int mbedtls_version_get_number(void);
/**
* Get the version string ("x.y.z").
@@ -49,7 +49,7 @@ unsigned int mbedtls_version_get_number( void );
* \param string The string that will receive the value.
* (Should be at least 9 bytes in size)
*/
void mbedtls_version_get_string( char *string );
void mbedtls_version_get_string(char *string);
/**
* Get the full version string ("mbed TLS x.y.z").
@@ -60,7 +60,7 @@ void mbedtls_version_get_string( char *string );
* (So the buffer should be at least 18 bytes to receive this
* version string).
*/
void mbedtls_version_get_string_full( char *string );
void mbedtls_version_get_string_full(char *string);
/**
* \brief Check if support for a feature was compiled into this
@@ -79,11 +79,11 @@ void mbedtls_version_get_string_full( char *string );
* -2 if support for feature checking as a whole was not
* compiled in.
*/
int mbedtls_version_check_feature( const char *feature );
int mbedtls_version_check_feature(const char *feature);
#ifdef __cplusplus
# ifdef __cplusplus
}
#endif
# endif
#endif /* MBEDTLS_VERSION_C */

325
include/mbedtls/x509.h
View File

@@ -29,7 +29,7 @@
#include "mbedtls/pk.h"
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
# include "mbedtls/rsa.h"
#endif
/**
@@ -46,7 +46,7 @@
* Set this to a low value to prevent an adversary from making you waste
* resources verifying an overlong certificate chain.
*/
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
# define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
#endif
/**
@@ -54,45 +54,46 @@
* \{
*/
/** Unavailable feature, e.g. RSA hashing/encryption combination. */
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
/** Requested OID is unknown. */
#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */
#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
/** The CRT/CRL/CSR version element is invalid. */
#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
/** The serial tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
/** The algorithm tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
/** The name tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
/** The date tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
/** The signature tag or value invalid. */
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
/** The extension tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
/** CRT/CRL/CSR has an unsupported version number. */
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
/** Signature algorithm (oid) is unsupported. */
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
/** Certificate verification failed, e.g. CRL, CA or signature check failed. */
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
/** Format not recognized as DER or PEM. */
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
/** Input invalid. */
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
/** Allocation of memory failed. */
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
/** Read/write of file failed. */
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
/** Destination buffer is too small. */
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
/** A fatal error occurred, eg the chain is too long or the vrfy callback
* failed. */
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
/* \} name */
/**
@@ -101,45 +102,46 @@
*/
/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
/** The certificate validity has expired. */
#define MBEDTLS_X509_BADCERT_EXPIRED 0x01
#define MBEDTLS_X509_BADCERT_EXPIRED 0x01
/** The certificate has been revoked (is on a CRL). */
#define MBEDTLS_X509_BADCERT_REVOKED 0x02
#define MBEDTLS_X509_BADCERT_REVOKED 0x02
/** The certificate Common Name (CN) does not match with the expected CN. */
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
/** The certificate is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
/** The CRL is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
/** The CRL is expired. */
#define MBEDTLS_X509_BADCRL_EXPIRED 0x20
#define MBEDTLS_X509_BADCRL_EXPIRED 0x20
/** Certificate was missing. */
#define MBEDTLS_X509_BADCERT_MISSING 0x40
#define MBEDTLS_X509_BADCERT_MISSING 0x40
/** Certificate verification was skipped. */
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
/** Other reason (can be used by verify callback) */
#define MBEDTLS_X509_BADCERT_OTHER 0x0100
#define MBEDTLS_X509_BADCERT_OTHER 0x0100
/** The certificate validity starts in the future. */
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200
/** The CRL is from the future */
#define MBEDTLS_X509_BADCRL_FUTURE 0x0400
#define MBEDTLS_X509_BADCRL_FUTURE 0x0400
/** Usage does not match the keyUsage extension. */
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
/** Usage does not match the extendedKeyUsage extension. */
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
/** Usage does not match the nsCertType extension. */
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
/** The certificate is signed with an unacceptable hash. */
#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
/** The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
/** The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
/** The certificate is signed with an unacceptable key (eg bad curve, RSA too
* short). */
#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
/** The CRL is signed with an unacceptable hash. */
#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
/** The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
/** The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
/* \} name */
/* \} addtogroup x509_module */
@@ -156,43 +158,43 @@
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
*/
#define MBEDTLS_X509_SAN_OTHER_NAME 0
#define MBEDTLS_X509_SAN_RFC822_NAME 1
#define MBEDTLS_X509_SAN_DNS_NAME 2
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
#define MBEDTLS_X509_SAN_IP_ADDRESS 7
#define MBEDTLS_X509_SAN_REGISTERED_ID 8
#define MBEDTLS_X509_SAN_OTHER_NAME 0
#define MBEDTLS_X509_SAN_RFC822_NAME 1
#define MBEDTLS_X509_SAN_DNS_NAME 2
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
#define MBEDTLS_X509_SAN_IP_ADDRESS 7
#define MBEDTLS_X509_SAN_REGISTERED_ID 8
/*
* X.509 v3 Key Usage Extension flags
* Reminder: update x509_info_key_usage() when adding new flags.
*/
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
/*
* Netscape certificate types
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
*/
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
/*
* X.509 extension types
@@ -203,32 +205,42 @@
* Those are defined in oid.h as oid.c needs them in a data structure. Since
* these were previously defined here, let's have aliases for compatibility.
*/
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER \
MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER \
MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES \
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME \
MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS \
MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS \
MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS \
MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE \
MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS \
MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY \
MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
/*
* Storage format identifiers
* Recognized formats: PEM and DER
*/
#define MBEDTLS_X509_FORMAT_DER 1
#define MBEDTLS_X509_FORMAT_PEM 2
#define MBEDTLS_X509_FORMAT_DER 1
#define MBEDTLS_X509_FORMAT_PEM 2
/** Maximum value size of a DN entry */
#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
#ifdef __cplusplus
extern "C" {
@@ -265,12 +277,16 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
}
mbedtls_x509_time;
typedef struct mbedtls_x509_time {
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon),
MBEDTLS_PRIVATE(day); /**<
Date.
*/
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min),
MBEDTLS_PRIVATE(sec); /**<
Time.
*/
} mbedtls_x509_time;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
/** \} addtogroup x509_module */
@@ -286,7 +302,7 @@ mbedtls_x509_time;
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
/**
* \brief Store the certificate serial in printable form into buf;
@@ -299,7 +315,9 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
int mbedtls_x509_serial_gets(char *buf,
size_t size,
const mbedtls_x509_buf *serial);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -313,7 +331,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
* \return 1 if the given time is in the past or an error occurred,
* 0 otherwise.
*/
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -327,59 +345,84 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
* \return 1 if the given time is in the future or an error occurred,
* 0 otherwise.
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
*/
int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
mbedtls_x509_name *cur );
int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg );
int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
int mbedtls_x509_get_name(unsigned char **p,
const unsigned char *end,
mbedtls_x509_name *cur);
int mbedtls_x509_get_alg_null(unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *alg);
int mbedtls_x509_get_alg(unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *alg,
mbedtls_x509_buf *params);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
int *salt_len );
int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg,
mbedtls_md_type_t *mgf_md,
int *salt_len);
#endif
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
void **sig_opts );
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
mbedtls_x509_time *t );
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );
int mbedtls_x509_get_sig(unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *sig);
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg,
mbedtls_pk_type_t *pk_alg,
void **sig_opts);
int mbedtls_x509_get_time(unsigned char **p,
const unsigned char *end,
mbedtls_x509_time *t);
int mbedtls_x509_get_serial(unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *serial);
int mbedtls_x509_get_ext(unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *ext,
int tag);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts );
int mbedtls_x509_sig_alg_gets(char *buf,
size_t size,
const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg,
mbedtls_md_type_t md_alg,
const void *sig_opts);
#endif
int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
int critical, const unsigned char *val,
size_t val_len );
int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first );
int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first );
int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size );
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head,
const char *name);
int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head,
const char *oid,
size_t oid_len,
int critical,
const unsigned char *val,
size_t val_len);
int mbedtls_x509_write_extensions(unsigned char **p,
unsigned char *start,
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_names(unsigned char **p,
unsigned char *start,
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_sig(unsigned char **p,
unsigned char *start,
const char *oid,
size_t oid_len,
unsigned char *sig,
size_t size);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if( ret < 0 || (size_t) ret >= n ) \
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ; \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if (ret < 0 || (size_t)ret >= n) \
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
\
n -= (size_t)ret; \
p += (size_t)ret; \
} while (0)
#ifdef __cplusplus
}

69
include/mbedtls/x509_crl.h
View File

@@ -44,8 +44,7 @@ extern "C" {
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct mbedtls_x509_crl_entry
{
typedef struct mbedtls_x509_crl_entry {
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
@@ -55,41 +54,54 @@ typedef struct mbedtls_x509_crl_entry
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl_entry;
} mbedtls_x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct mbedtls_x509_crl
{
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
typedef struct mbedtls_x509_crl {
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
The part that is To Be Signed. */
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type
identifier */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
(DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
(named information object). */
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries
containing the certificate
revocation times for this
CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
the MD algorithm of the
signature algorithm, e.g.
MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
the Public Key algorithm of
the signature algorithm, e.g.
MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
mbedtls_pk_verify_ext(), e.g. for
RSASSA-PSS */
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl;
} mbedtls_x509_crl;
/**
* \brief Parse a DER-encoded CRL and append it to the chained list
@@ -101,8 +113,9 @@ mbedtls_x509_crl;
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
const unsigned char *buf, size_t buflen );
int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
const unsigned char *buf,
size_t buflen);
/**
* \brief Parse one or more CRLs and append them to the chained list
*
@@ -115,7 +128,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain,
const unsigned char *buf,
size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -128,7 +143,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -143,8 +158,10 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_crl *crl );
int mbedtls_x509_crl_info(char *buf,
size_t size,
const char *prefix,
const mbedtls_x509_crl *crl);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
@@ -152,14 +169,14 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
*
* \param crl CRL chain to initialize
*/
void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
void mbedtls_x509_crl_init(mbedtls_x509_crl *crl);
/**
* \brief Unallocate all CRL data
*
* \param crl CRL chain to free
*/
void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
void mbedtls_x509_crl_free(mbedtls_x509_crl *crl);
/* \} name */
/* \} addtogroup x509_module */

614
include/mbedtls/x509_crt.h
View File

@@ -46,54 +46,114 @@ extern "C" {
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct mbedtls_x509_crt
{
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
typedef struct mbedtls_x509_crt {
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
The part that is To Be Signed. */
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate
issued by a specific CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g.
sha1RSA */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
(DER). Used for quick
comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
(DER). Used for quick
comparison. */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
(named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
(named information object).
*/
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of
certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate
validity. */
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3
issuer unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3
subject unique identifier.
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions.
*/
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list
of raw entries
of Subject
Alternative
Names extension
(currently only
dNSName and
OtherName are
listed). */
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional
list of
certificate
policies
(Only
anyPolicy is
printed and
enforced,
however the
rest of the
policies are
still
listed). */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and
parsed extensions */
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension
value: 1 if this certificate belongs to a
CA, 0 otherwise. */
int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension
value: The maximum path length to the
root certificate. Path length is 1
higher than RFC 5280 'meaning', so 1+
*/
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension
value: See the values in x509.h
*/
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of
extended key usage
OIDs. */
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape
certificate type extension
value: See the values in
x509.h */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part
signed with the private key. */
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
the MD algorithm of the
signature algorithm, e.g.
MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
the Public Key algorithm of
the signature algorithm, e.g.
MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
mbedtls_pk_verify_ext(), e.g. for
RSASSA-PSS */
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the
CA-chain. */
} mbedtls_x509_crt;
/**
* From RFC 5280 section 4.2.1.6:
@@ -101,52 +161,55 @@ mbedtls_x509_crt;
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
typedef struct mbedtls_x509_san_other_name
{
typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as deifned in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union
{
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
struct
{
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
}
MBEDTLS_PRIVATE(hardware_module_name);
}
MBEDTLS_PRIVATE(value);
}
mbedtls_x509_san_other_name;
struct {
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier.
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
} MBEDTLS_PRIVATE(hardware_module_name);
} MBEDTLS_PRIVATE(value);
} mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name, according to type
* A structure for holding the parsed Subject Alternative Name, according to
* type
*/
typedef struct mbedtls_x509_subject_alternative_name
{
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
typedef struct mbedtls_x509_subject_alternative_name {
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX.
*/
union {
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
}
MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The
otherName
supported
type. */
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for
the un
constructed
types. Only
dnsName
currently
supported */
} MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
} mbedtls_x509_subject_alternative_name;
/**
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id)-1))
/**
* Security profile for certificate verification.
@@ -173,24 +236,22 @@ mbedtls_x509_subject_alternative_name;
* my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
* my_profile.rsa_min_bitlen = 3072;
*/
typedef struct mbedtls_x509_crt_profile
{
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
}
mbedtls_x509_crt_profile;
typedef struct mbedtls_x509_crt_profile {
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
} mbedtls_x509_crt_profile;
#define MBEDTLS_X509_CRT_VERSION_1 0
#define MBEDTLS_X509_CRT_VERSION_2 1
#define MBEDTLS_X509_CRT_VERSION_3 2
#define MBEDTLS_X509_CRT_VERSION_1 0
#define MBEDTLS_X509_CRT_VERSION_2 1
#define MBEDTLS_X509_CRT_VERSION_3 2
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
# define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
#endif
/* This macro unfolds to the concatenation of macro invocations
@@ -199,73 +260,71 @@ mbedtls_x509_crt_profile;
* human readable description )
* where X509_CRT_ERROR_INFO is defined by the user.
* See x509_crt.c for an example of how to use this. */
#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \
"MBEDTLS_X509_BADCERT_EXPIRED", \
"The certificate validity has expired" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \
"MBEDTLS_X509_BADCERT_REVOKED", \
"The certificate has been revoked (is on a CRL)" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \
"MBEDTLS_X509_BADCERT_CN_MISMATCH", \
"The certificate Common Name (CN) does not match with the expected CN" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
"MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
"The certificate is not correctly signed by the trusted CA" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
"MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
"The CRL is not correctly signed by the trusted CA" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \
"MBEDTLS_X509_BADCRL_EXPIRED", \
"The CRL is expired" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \
"MBEDTLS_X509_BADCERT_MISSING", \
"Certificate was missing" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
"MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
"Certificate verification was skipped" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \
"MBEDTLS_X509_BADCERT_OTHER", \
"Other reason (can be used by verify callback)" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \
"MBEDTLS_X509_BADCERT_FUTURE", \
"The certificate validity starts in the future" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \
"MBEDTLS_X509_BADCRL_FUTURE", \
"The CRL is from the future" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \
"MBEDTLS_X509_BADCERT_KEY_USAGE", \
"Usage does not match the keyUsage extension" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
"MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
"Usage does not match the extendedKeyUsage extension" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
"MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
"Usage does not match the nsCertType extension" ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \
"MBEDTLS_X509_BADCERT_BAD_MD", \
"The certificate is signed with an unacceptable hash." ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \
"MBEDTLS_X509_BADCERT_BAD_PK", \
"The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \
"MBEDTLS_X509_BADCERT_BAD_KEY", \
"The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \
"MBEDTLS_X509_BADCRL_BAD_MD", \
"The CRL is signed with an unacceptable hash." ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \
"MBEDTLS_X509_BADCRL_BAD_PK", \
"The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \
"MBEDTLS_X509_BADCRL_BAD_KEY", \
"The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \
"MBEDTLS_X509_BADCERT_EXPIRED", \
"The certificate validity has expired") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \
"MBEDTLS_X509_BADCERT_REVOKED", \
"The certificate has been revoked (is on a CRL)") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCERT_CN_MISMATCH, "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
"The certificate Common Name (CN) does not match with the expected CN") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCERT_NOT_TRUSTED, "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
"The certificate is not correctly signed by the trusted CA") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
"MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
"The CRL is not correctly signed by the trusted CA") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \
"MBEDTLS_X509_BADCRL_EXPIRED", "The CRL is expired") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \
"MBEDTLS_X509_BADCERT_MISSING", \
"Certificate was missing") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
"MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
"Certificate verification was skipped") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \
"MBEDTLS_X509_BADCERT_OTHER", \
"Other reason (can be used by verify callback)") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \
"MBEDTLS_X509_BADCERT_FUTURE", \
"The certificate validity starts in the future") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \
"MBEDTLS_X509_BADCRL_FUTURE", \
"The CRL is from the future") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \
"MBEDTLS_X509_BADCERT_KEY_USAGE", \
"Usage does not match the keyUsage extension") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
"MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
"Usage does not match the extendedKeyUsage extension") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
"MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
"Usage does not match the nsCertType extension") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCERT_BAD_MD, "MBEDTLS_X509_BADCERT_BAD_MD", \
"The certificate is signed with an unacceptable hash.") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCERT_BAD_PK, "MBEDTLS_X509_BADCERT_BAD_PK", \
"The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCERT_BAD_KEY, "MBEDTLS_X509_BADCERT_BAD_KEY", \
"The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \
"MBEDTLS_X509_BADCRL_BAD_MD", \
"The CRL is signed with an unacceptable hash.") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCRL_BAD_PK, "MBEDTLS_X509_BADCRL_BAD_PK", \
"The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
X509_CRT_ERROR_INFO( \
MBEDTLS_X509_BADCRL_BAD_KEY, "MBEDTLS_X509_BADCRL_BAD_KEY", \
"The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
/**
* Container for writing a certificate (CRT)
*/
typedef struct mbedtls_x509write_cert
{
typedef struct mbedtls_x509write_cert {
int MBEDTLS_PRIVATE(version);
mbedtls_mpi MBEDTLS_PRIVATE(serial);
mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
@@ -276,8 +335,7 @@ typedef struct mbedtls_x509write_cert
char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_cert;
} mbedtls_x509write_cert;
/**
* Item in a verification chain: cert and flags for it
@@ -290,14 +348,15 @@ typedef struct {
/**
* Max size of verification chain: end-entity + intermediates + trusted root
*/
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE \
(MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
typedef struct
{
mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
typedef struct {
mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)
[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -314,24 +373,26 @@ typedef struct
/**
* \brief Context for resuming X.509 verify operations
*/
typedef struct
{
typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */
mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in
progress */
mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */
int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in
progress */
/* for verify_chain() */
enum {
enum
{
x509_crt_rs_none,
x509_crt_rs_find_parent,
} MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
} MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
int MBEDTLS_PRIVATE(self_cnt);
mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
@@ -398,9 +459,9 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none;
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen);
/**
* \brief The type of certificate extension callbacks.
@@ -432,12 +493,12 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *p,
const unsigned char *end );
typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *p,
const unsigned char *end);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -479,12 +540,12 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx );
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -513,9 +574,9 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen);
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
@@ -547,9 +608,11 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
* \return A negative X509 or PEM error code otherwise.
*
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen);
#if defined(MBEDTLS_FS_IO)
# if defined(MBEDTLS_FS_IO)
/**
* \brief Load one or more certificates and add them
* to the chained list. Parses permissively. If some
@@ -563,7 +626,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
/**
* \brief Load one or more certificate files from a path and add them
@@ -578,9 +641,9 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
# endif /* MBEDTLS_FS_IO */
/**
* \brief This function parses an item in the SubjectAlternativeNames
* extension.
@@ -608,10 +671,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
* SAN type.
* \return Another negative value for any other failure.
*/
int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san );
int mbedtls_x509_parse_subject_alt_name(
const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
# if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Returns an informational string about the
* certificate.
@@ -624,8 +688,10 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_crt *crt );
int mbedtls_x509_crt_info(char *buf,
size_t size,
const char *prefix,
const mbedtls_x509_crt *crt);
/**
* \brief Returns an informational string about the
@@ -639,9 +705,11 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
uint32_t flags );
#endif /* !MBEDTLS_X509_REMOVE_INFO */
int mbedtls_x509_crt_verify_info(char *buf,
size_t size,
const char *prefix,
uint32_t flags);
# endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
* \brief Verify a chain of certificates.
@@ -709,12 +777,14 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify(
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn,
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
/**
* \brief Verify a chain of certificates with respect to
@@ -750,13 +820,15 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify_with_profile(
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn,
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
/**
* \brief Restartable version of \c mbedtls_crt_verify_with_profile()
@@ -784,14 +856,16 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
mbedtls_x509_crt_restart_ctx *rs_ctx );
int mbedtls_x509_crt_verify_restartable(
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn,
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
mbedtls_x509_crt_restart_ctx *rs_ctx);
/**
* \brief The type of trusted certificate callbacks.
@@ -823,11 +897,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
* to the caller.
* \return A negative error code on failure.
*/
typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidate_cas );
typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidate_cas);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
* \brief Version of \c mbedtls_x509_crt_verify_with_profile() which
* uses a callback to acquire the list of trusted CA
@@ -850,15 +924,17 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
*
* \return See \c mbedtls_crt_verify_with_profile().
*/
int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
mbedtls_x509_crt_ca_cb_t f_ca_cb,
void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify_with_ca_cb(
mbedtls_x509_crt *crt,
mbedtls_x509_crt_ca_cb_t f_ca_cb,
void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
const char *cn,
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/**
* \brief Check usage of certificate against keyUsage extension.
@@ -881,8 +957,8 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c mbedtls_x509_crt_verify().
*/
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage );
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
unsigned int usage);
/**
* \brief Check usage of certificate against extendedKeyUsage.
@@ -897,11 +973,11 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
*
* \note Usually only makes sense on leaf certificates.
*/
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len );
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
# if defined(MBEDTLS_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate revocation status
*
@@ -911,34 +987,35 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
#endif /* MBEDTLS_X509_CRL_PARSE_C */
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt,
const mbedtls_x509_crl *crl);
# endif /* MBEDTLS_X509_CRL_PARSE_C */
/**
* \brief Initialize a certificate (chain)
*
* \param crt Certificate chain to initialize
*/
void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt);
/**
* \brief Unallocate all certificate data
*
* \param crt Certificate chain to free
*/
void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
# if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Initialize a restart context
*/
void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
*/
void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
# endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* \} name */
@@ -950,7 +1027,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
*
* \param ctx CRT context to initialize
*/
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
/**
* \brief Set the verion for a Certificate
@@ -960,7 +1037,8 @@ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
* \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
* MBEDTLS_X509_CRT_VERSION_3)
*/
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
int version);
/**
* \brief Set the serial number for a Certificate.
@@ -970,7 +1048,8 @@ void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version
*
* \return 0 if successful
*/
int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
const mbedtls_mpi *serial);
/**
* \brief Set the validity period for a Certificate
@@ -986,8 +1065,9 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls
* \return 0 if timestamp was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
const char *not_after );
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
const char *not_before,
const char *not_after);
/**
* \brief Set the issuer name for a Certificate
@@ -1001,8 +1081,8 @@ int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char
* \return 0 if issuer name was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
const char *issuer_name );
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
const char *issuer_name);
/**
* \brief Set the subject name for a Certificate
@@ -1016,8 +1096,8 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
const char *subject_name );
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
const char *subject_name);
/**
* \brief Set the subject public key for the certificate
@@ -1025,7 +1105,8 @@ int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
* \param ctx CRT context to use
* \param key public key to include
*/
void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
mbedtls_pk_context *key);
/**
* \brief Set the issuer key used for signing the certificate
@@ -1033,7 +1114,8 @@ void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls
* \param ctx CRT context to use
* \param key private key to sign with
*/
void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -1042,7 +1124,8 @@ void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_
* \param ctx CRT context to use
* \param md_alg MD algorithm to use
*/
void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
mbedtls_md_type_t md_alg);
/**
* \brief Generic function to add to or replace an extension in the
@@ -1057,10 +1140,12 @@ void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_t
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
int critical,
const unsigned char *val, size_t val_len );
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
const char *oid,
size_t oid_len,
int critical,
const unsigned char *val,
size_t val_len);
/**
* \brief Set the basicConstraints extension for a CRT
@@ -1073,10 +1158,11 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen );
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
int is_ca,
int max_pathlen);
#if defined(MBEDTLS_SHA1_C)
# if defined(MBEDTLS_SHA1_C)
/**
* \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1086,7 +1172,8 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
int mbedtls_x509write_crt_set_subject_key_identifier(
mbedtls_x509write_cert *ctx);
/**
* \brief Set the authorityKeyIdentifier extension for a CRT
@@ -1097,8 +1184,9 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
#endif /* MBEDTLS_SHA1_C */
int mbedtls_x509write_crt_set_authority_key_identifier(
mbedtls_x509write_cert *ctx);
# endif /* MBEDTLS_SHA1_C */
/**
* \brief Set the Key Usage Extension flags
@@ -1109,8 +1197,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage );
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
unsigned int key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -1121,15 +1209,15 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type );
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type);
/**
* \brief Free the contents of a CRT write context
*
* \param ctx CRT context to free
*/
void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
/**
* \brief Write a built up certificate to a X509 DER structure
@@ -1148,11 +1236,13 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
unsigned char *buf,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a built up certificate to a X509 PEM string
*
@@ -1166,10 +1256,12 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#endif /* MBEDTLS_PEM_WRITE_C */
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx,
unsigned char *buf,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
#ifdef __cplusplus

123
include/mbedtls/x509_csr.h
View File

@@ -43,37 +43,46 @@ extern "C" {
/**
* Certificate Signing Request (CSR) structure.
*/
typedef struct mbedtls_x509_csr
{
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
typedef struct mbedtls_x509_csr {
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo
body (DER). */
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
(DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
(named information object).
*/
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
}
mbedtls_x509_csr;
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
the MD algorithm of the
signature algorithm, e.g.
MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
the Public Key algorithm of
the signature algorithm, e.g.
MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
mbedtls_pk_verify_ext(), e.g. for
RSASSA-PSS */
} mbedtls_x509_csr;
/**
* Container for writing a CSR
*/
typedef struct mbedtls_x509write_csr
{
typedef struct mbedtls_x509write_csr {
mbedtls_pk_context *MBEDTLS_PRIVATE(key);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_csr;
} mbedtls_x509write_csr;
#if defined(MBEDTLS_X509_CSR_PARSE_C)
/**
@@ -87,8 +96,9 @@ mbedtls_x509write_csr;
*
* \return 0 if successful, or a specific X509 error code
*/
int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
const unsigned char *buf, size_t buflen );
int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
const unsigned char *buf,
size_t buflen);
/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
@@ -102,9 +112,11 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr,
const unsigned char *buf,
size_t buflen);
#if defined(MBEDTLS_FS_IO)
# if defined(MBEDTLS_FS_IO)
/**
* \brief Load a Certificate Signing Request (CSR)
*
@@ -115,10 +127,10 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
#endif /* MBEDTLS_FS_IO */
int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path);
# endif /* MBEDTLS_FS_IO */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
# if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Returns an informational string about the
* CSR.
@@ -131,23 +143,25 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_csr *csr );
#endif /* !MBEDTLS_X509_REMOVE_INFO */
int mbedtls_x509_csr_info(char *buf,
size_t size,
const char *prefix,
const mbedtls_x509_csr *csr);
# endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
* \brief Initialize a CSR
*
* \param csr CSR to initialize
*/
void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
void mbedtls_x509_csr_init(mbedtls_x509_csr *csr);
/**
* \brief Unallocate all CSR data
*
* \param csr CSR to free
*/
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
void mbedtls_x509_csr_free(mbedtls_x509_csr *csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
/* \} name */
@@ -159,7 +173,7 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
*
* \param ctx CSR context to initialize
*/
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx);
/**
* \brief Set the subject name for a CSR
@@ -173,8 +187,8 @@ void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
const char *subject_name );
int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
const char *subject_name);
/**
* \brief Set the key for a CSR (public key will be included,
@@ -183,7 +197,8 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
* \param ctx CSR context to use
* \param key Asymetric key to include
*/
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx,
mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -192,7 +207,8 @@ void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_conte
* \param ctx CSR context to use
* \param md_alg MD algorithm to use
*/
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx,
mbedtls_md_type_t md_alg);
/**
* \brief Set the Key Usage Extension flags
@@ -211,7 +227,8 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
* function.
*/
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx,
unsigned char key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -222,8 +239,8 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
unsigned char ns_cert_type );
int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
unsigned char ns_cert_type);
/**
* \brief Generic function to add to or replace an extension in the
@@ -238,17 +255,19 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,
int critical,
const unsigned char *val, size_t val_len );
int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
const char *oid,
size_t oid_len,
int critical,
const unsigned char *val,
size_t val_len);
/**
* \brief Free the contents of a CSR context
*
* \param ctx CSR context to free
*/
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
/**
* \brief Write a CSR (Certificate Signing Request) to a
@@ -268,11 +287,13 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a CSR (Certificate Signing Request) to a
* PEM string
@@ -287,10 +308,12 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#endif /* MBEDTLS_PEM_WRITE_C */
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
#ifdef __cplusplus

208
include/psa/crypto.h
View File

@@ -137,8 +137,8 @@ static psa_key_attributes_t psa_key_attributes_init(void);
* \param[out] attributes The attribute structure to write to.
* \param key The persistent identifier for the key.
*/
static void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key );
static void psa_set_key_id(psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key);
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/** Set the owner identifier of a key.
@@ -155,8 +155,8 @@ static void psa_set_key_id( psa_key_attributes_t *attributes,
* \param[out] attributes The attribute structure to write to.
* \param owner_id The key owner identifier.
*/
static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner_id );
static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner_id);
#endif
/** Set the location of a persistent key.
@@ -199,8 +199,8 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
* This value is unspecified if the attribute structure declares
* the key as volatile.
*/
static mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes);
static mbedtls_svc_key_id_t
psa_get_key_id(const psa_key_attributes_t *attributes);
/** Retrieve the lifetime from key attributes.
*
@@ -212,8 +212,8 @@ static mbedtls_svc_key_id_t psa_get_key_id(
*
* \return The lifetime value stored in the attribute structure.
*/
static psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes);
static psa_key_lifetime_t
psa_get_key_lifetime(const psa_key_attributes_t *attributes);
/** Declare usage flags for a key.
*
@@ -244,8 +244,8 @@ static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
*
* \return The usage flags stored in the attribute structure.
*/
static psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes);
static psa_key_usage_t
psa_get_key_usage_flags(const psa_key_attributes_t *attributes);
/** Declare the permitted algorithm policy for a key.
*
@@ -280,7 +280,6 @@ static psa_key_usage_t psa_get_key_usage_flags(
static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg);
/** Retrieve the algorithm policy from key attributes.
*
* This function may be declared as `static` (i.e. without external
@@ -291,8 +290,8 @@ static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
*
* \return The algorithm stored in the attribute structure.
*/
static psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes);
static psa_algorithm_t
psa_get_key_algorithm(const psa_key_attributes_t *attributes);
/** Declare the type of a key.
*
@@ -311,7 +310,6 @@ static psa_algorithm_t psa_get_key_algorithm(
static void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type);
/** Declare the size of a key.
*
* This function overwrites any key size previously set in \p attributes.
@@ -326,8 +324,7 @@ static void psa_set_key_type(psa_key_attributes_t *attributes,
* becomes unspecified. Keys of size 0 are
* not supported.
*/
static void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits);
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits);
/** Retrieve the key type from key attributes.
*
@@ -522,7 +519,6 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
const psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t *target_key);
/**
* \brief Destroy a key.
*
@@ -654,8 +650,6 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
size_t data_length,
mbedtls_svc_key_id_t *key);
/**
* \brief Export a key in binary format.
*
@@ -806,26 +800,20 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
* #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
* #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c
* type), \c bits) where \c type is the key type and \c bits is the key size in
* bits. \retval #PSA_ERROR_COMMUNICATION_FAILURE \retval
* #PSA_ERROR_HARDWARE_FAILURE \retval #PSA_ERROR_CORRUPTION_DETECTED \retval
* #PSA_ERROR_STORAGE_FAILURE \retval #PSA_ERROR_INSUFFICIENT_MEMORY \retval
* #PSA_ERROR_BAD_STATE The library has not been previously initialized by
* psa_crypto_init(). It is implementation-dependent whether a failure to
* initialize results in this error code.
*/
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
uint8_t *data,
size_t data_size,
size_t *data_length);
/**@}*/
/** \defgroup hash Message digests
@@ -889,16 +877,13 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p input_length or \p hash_length do not match the hash size for \p alg
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
* \p input_length or \p hash_length do not match the hash size for \p
* alg \retval #PSA_ERROR_INSUFFICIENT_MEMORY \retval
* #PSA_ERROR_COMMUNICATION_FAILURE \retval #PSA_ERROR_HARDWARE_FAILURE \retval
* #PSA_ERROR_CORRUPTION_DETECTED \retval #PSA_ERROR_INSUFFICIENT_MEMORY \retval
* #PSA_ERROR_BAD_STATE The library has not been previously initialized by
* psa_crypto_init(). It is implementation-dependent whether a failure to
* initialize results in this error code.
*/
psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input,
@@ -1522,11 +1507,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
/** Finish the calculation of the MAC of a message and compare it with
* an expected value.
*
* The application must call psa_mac_verify_setup() before calling this function.
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update(). It then
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
* The application must call psa_mac_verify_setup() before calling this
* function. This function calculates the MAC of the message formed by
* concatenating the inputs passed to preceding calls to psa_mac_update(). It
* then compares the calculated MAC with the expected MAC passed as a parameter
* to this function.
*
* When this function returns successfuly, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
@@ -2918,13 +2903,13 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
uint8_t * signature,
size_t signature_size,
size_t * signature_length );
psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
/** \brief Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
@@ -2970,12 +2955,12 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
const uint8_t * signature,
size_t signature_length );
psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
/**
* \brief Sign a hash or short message with a private key.
@@ -3218,11 +3203,10 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
* \code
* psa_key_derivation_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
* for example:
* \code
* psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
* \endcode
* - Initialize the structure to the initializer
* #PSA_KEY_DERIVATION_OPERATION_INIT, for example: \code
* psa_key_derivation_operation_t operation =
* PSA_KEY_DERIVATION_OPERATION_INIT; \endcode
* - Assign the result of the function psa_key_derivation_operation_init()
* to the structure, for example:
* \code
@@ -3305,9 +3289,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_setup(
psa_key_derivation_operation_t *operation,
psa_algorithm_t alg);
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
psa_algorithm_t alg);
/** Retrieve the current capacity of a key derivation operation.
*
@@ -3329,9 +3312,9 @@ psa_status_t psa_key_derivation_setup(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_get_capacity(
const psa_key_derivation_operation_t *operation,
size_t *capacity);
psa_status_t
psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
size_t *capacity);
/** Set the maximum capacity of a key derivation operation.
*
@@ -3358,9 +3341,9 @@ psa_status_t psa_key_derivation_get_capacity(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_set_capacity(
psa_key_derivation_operation_t *operation,
size_t capacity);
psa_status_t
psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
size_t capacity);
/** Use the maximum possible capacity for a key derivation operation.
*
@@ -3413,11 +3396,11 @@ psa_status_t psa_key_derivation_set_capacity(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
psa_status_t
psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
/** Provide a numeric input for key derivation or key agreement.
*
@@ -3458,10 +3441,10 @@ psa_status_t psa_key_derivation_input_bytes(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_integer(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
uint64_t value);
psa_status_t
psa_key_derivation_input_integer(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
uint64_t value);
/** Provide an input for key derivation in the form of a key.
*
@@ -3527,10 +3510,10 @@ psa_status_t psa_key_derivation_input_integer(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
mbedtls_svc_key_id_t key);
psa_status_t
psa_key_derivation_input_key(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
mbedtls_svc_key_id_t key);
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
@@ -3597,12 +3580,12 @@ psa_status_t psa_key_derivation_input_key(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_key_agreement(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
mbedtls_svc_key_id_t private_key,
const uint8_t *peer_key,
size_t peer_key_length);
psa_status_t
psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
mbedtls_svc_key_id_t private_key,
const uint8_t *peer_key,
size_t peer_key_length);
/** Read some data from a key derivation operation.
*
@@ -3645,10 +3628,10 @@ psa_status_t psa_key_derivation_key_agreement(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length);
psa_status_t
psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length);
/** Derive a key from an ongoing key derivation operation.
*
@@ -3795,10 +3778,10 @@ psa_status_t psa_key_derivation_output_bytes(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_output_key(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t *key);
psa_status_t
psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t *key);
/** Compare output data from a key derivation operation to an expected value.
*
@@ -3854,10 +3837,10 @@ psa_status_t psa_key_derivation_output_key(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_verify_bytes(
psa_key_derivation_operation_t *operation,
const uint8_t *expected_output,
size_t output_length);
psa_status_t
psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation,
const uint8_t *expected_output,
size_t output_length);
/** Compare output data from a key derivation operation to an expected value
* stored in a key object.
@@ -3919,9 +3902,9 @@ psa_status_t psa_key_derivation_verify_bytes(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_verify_key(
psa_key_derivation_operation_t *operation,
psa_key_id_t expected);
psa_status_t
psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
psa_key_id_t expected);
/** Abort a key derivation operation.
*
@@ -3946,8 +3929,8 @@ psa_status_t psa_key_derivation_verify_key(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_abort(
psa_key_derivation_operation_t *operation);
psa_status_t
psa_key_derivation_abort(psa_key_derivation_operation_t *operation);
/** Perform a key agreement and return the raw shared secret.
*
@@ -4038,8 +4021,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
psa_status_t psa_generate_random(uint8_t *output, size_t output_size);
/**
* \brief Generate a key or key pair.

39
include/psa/crypto_builtin_composites.h
View File

@@ -41,12 +41,11 @@
*/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
#define MBEDTLS_PSA_BUILTIN_MAC
# define MBEDTLS_PSA_BUILTIN_MAC
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
typedef struct
{
typedef struct {
/** The HMAC algorithm in use */
psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */
@@ -55,17 +54,22 @@ typedef struct
uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
# define MBEDTLS_PSA_HMAC_OPERATION_INIT \
{ \
0, PSA_HASH_OPERATION_INIT, \
{ \
0 \
} \
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#include "mbedtls/cmac.h"
typedef struct
{
typedef struct {
psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
union {
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with
no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
@@ -75,18 +79,27 @@ typedef struct
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
#define MBEDTLS_PSA_MAC_OPERATION_INIT \
{ \
0, \
{ \
0 \
} \
}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
typedef mbedtls_psa_mac_operation_t mbedtls_transparent_test_driver_mac_operation_t;
typedef mbedtls_psa_mac_operation_t
mbedtls_transparent_test_driver_mac_operation_t;
typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
# define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
MBEDTLS_PSA_MAC_OPERATION_INIT
# define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
MBEDTLS_PSA_MAC_OPERATION_INIT
#endif /* PSA_CRYPTO_DRIVER_TEST */

67
include/psa/crypto_builtin_primitives.h
View File

@@ -46,22 +46,21 @@
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
#define MBEDTLS_PSA_BUILTIN_HASH
# define MBEDTLS_PSA_BUILTIN_HASH
#endif
typedef struct
{
typedef struct {
psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
union {
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with
no supported algorithms. */
#if defined(MBEDTLS_MD5_C)
mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif
@@ -80,7 +79,13 @@ typedef struct
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
#define MBEDTLS_PSA_HASH_OPERATION_INIT \
{ \
0, \
{ \
0 \
} \
}
/*
* Cipher multi-part operation definitions.
@@ -88,15 +93,15 @@ typedef struct
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
#define MBEDTLS_PSA_BUILTIN_CIPHER 1
# define MBEDTLS_PSA_BUILTIN_CIPHER 1
#endif
typedef struct {
@@ -110,30 +115,40 @@ typedef struct {
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT \
{ \
0, 0, 0, \
{ \
0 \
} \
}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operation_t;
typedef mbedtls_psa_hash_operation_t
mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT MBEDTLS_PSA_HASH_OPERATION_INIT
# define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
MBEDTLS_PSA_HASH_OPERATION_INIT
typedef mbedtls_psa_cipher_operation_t
mbedtls_transparent_test_driver_cipher_operation_t;
mbedtls_transparent_test_driver_cipher_operation_t;
typedef struct {
unsigned int initialised : 1;
mbedtls_transparent_test_driver_cipher_operation_t ctx;
} mbedtls_opaque_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
MBEDTLS_PSA_CIPHER_OPERATION_INIT
# define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
MBEDTLS_PSA_CIPHER_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
{ 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
# define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
{ \
0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
}
#endif /* PSA_CRYPTO_DRIVER_TEST */

7
include/psa/crypto_compat.h
View File

@@ -50,9 +50,9 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
*
* \return Non-zero if the handle is null, zero otherwise.
*/
static inline int psa_key_handle_is_null( psa_key_handle_t handle )
static inline int psa_key_handle_is_null(psa_key_handle_t handle)
{
return mbedtls_svc_key_id_is_null( handle ) ;
return mbedtls_svc_key_id_is_null(handle);
}
/** Open a handle to an existing persistent key.
@@ -115,8 +115,7 @@ static inline int psa_key_handle_is_null( psa_key_handle_t handle )
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
psa_key_handle_t *handle );
psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle);
/** Close a key handle.
*

110
include/psa/crypto_config.h
View File

@@ -48,76 +48,76 @@
*/
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
# define PSA_CRYPTO_CONFIG_H
/*
* CBC-MAC is not yet supported via the PSA API in Mbed TLS.
*/
//#define PSA_WANT_ALG_CBC_MAC 1
#define PSA_WANT_ALG_CBC_NO_PADDING 1
#define PSA_WANT_ALG_CBC_PKCS7 1
#define PSA_WANT_ALG_CCM 1
#define PSA_WANT_ALG_CMAC 1
#define PSA_WANT_ALG_CFB 1
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
#define PSA_WANT_ALG_CMAC 1
#define PSA_WANT_ALG_CTR 1
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_ECDH 1
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_HKDF 1
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1
# define PSA_WANT_ALG_CBC_NO_PADDING 1
# define PSA_WANT_ALG_CBC_PKCS7 1
# define PSA_WANT_ALG_CCM 1
# define PSA_WANT_ALG_CMAC 1
# define PSA_WANT_ALG_CFB 1
# define PSA_WANT_ALG_CHACHA20_POLY1305 1
# define PSA_WANT_ALG_CMAC 1
# define PSA_WANT_ALG_CTR 1
# define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
# define PSA_WANT_ALG_ECB_NO_PADDING 1
# define PSA_WANT_ALG_ECDH 1
# define PSA_WANT_ALG_ECDSA 1
# define PSA_WANT_ALG_GCM 1
# define PSA_WANT_ALG_HKDF 1
# define PSA_WANT_ALG_HMAC 1
# define PSA_WANT_ALG_MD5 1
# define PSA_WANT_ALG_OFB 1
/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
//#define PSA_WANT_ALG_PBKDF2_HMAC 1
#define PSA_WANT_ALG_RIPEMD160 1
#define PSA_WANT_ALG_RSA_OAEP 1
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
#define PSA_WANT_ALG_RSA_PSS 1
#define PSA_WANT_ALG_SHA_1 1
#define PSA_WANT_ALG_SHA_224 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_ALG_XTS 1
# define PSA_WANT_ALG_RIPEMD160 1
# define PSA_WANT_ALG_RSA_OAEP 1
# define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
# define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
# define PSA_WANT_ALG_RSA_PSS 1
# define PSA_WANT_ALG_SHA_1 1
# define PSA_WANT_ALG_SHA_224 1
# define PSA_WANT_ALG_SHA_256 1
# define PSA_WANT_ALG_SHA_384 1
# define PSA_WANT_ALG_SHA_512 1
# define PSA_WANT_ALG_STREAM_CIPHER 1
# define PSA_WANT_ALG_TLS12_PRF 1
# define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
# define PSA_WANT_ALG_XTS 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
#define PSA_WANT_ECC_MONTGOMERY_255 1
#define PSA_WANT_ECC_MONTGOMERY_448 1
#define PSA_WANT_ECC_SECP_K1_192 1
# define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
# define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
# define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
# define PSA_WANT_ECC_MONTGOMERY_255 1
# define PSA_WANT_ECC_MONTGOMERY_448 1
# define PSA_WANT_ECC_SECP_K1_192 1
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
* (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
* default.
*/
//#define PSA_WANT_ECC_SECP_K1_224 1
#define PSA_WANT_ECC_SECP_K1_256 1
#define PSA_WANT_ECC_SECP_R1_192 1
#define PSA_WANT_ECC_SECP_R1_224 1
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_ECC_SECP_R1_384 1
#define PSA_WANT_ECC_SECP_R1_521 1
# define PSA_WANT_ECC_SECP_K1_256 1
# define PSA_WANT_ECC_SECP_R1_192 1
# define PSA_WANT_ECC_SECP_R1_224 1
# define PSA_WANT_ECC_SECP_R1_256 1
# define PSA_WANT_ECC_SECP_R1_384 1
# define PSA_WANT_ECC_SECP_R1_521 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
#define PSA_WANT_KEY_TYPE_CHACHA20 1
#define PSA_WANT_KEY_TYPE_DES 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
# define PSA_WANT_KEY_TYPE_DERIVE 1
# define PSA_WANT_KEY_TYPE_HMAC 1
# define PSA_WANT_KEY_TYPE_AES 1
# define PSA_WANT_KEY_TYPE_CAMELLIA 1
# define PSA_WANT_KEY_TYPE_CHACHA20 1
# define PSA_WANT_KEY_TYPE_DES 1
# define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
# define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
# define PSA_WANT_KEY_TYPE_RAW_DATA 1
# define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
# define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
#endif /* PSA_CRYPTO_CONFIG_H */

3
include/psa/crypto_driver_common.h
View File

@@ -45,7 +45,8 @@
/** For encrypt-decrypt functions, whether the operation is an encryption
* or a decryption. */
typedef enum {
typedef enum
{
PSA_CRYPTO_DRIVER_DECRYPT,
PSA_CRYPTO_DRIVER_ENCRYPT
} psa_encrypt_or_decrypt_t;

13
include/psa/crypto_driver_contexts_composites.h
View File

@@ -32,15 +32,16 @@
*/
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
#define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
# define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
#include "psa/crypto_driver_common.h"
# include "psa/crypto_driver_common.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_composites.h"
/* Include the context structure definitions for the Mbed TLS software drivers
*/
# include "psa/crypto_builtin_composites.h"
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.
@@ -52,10 +53,10 @@
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
mbedtls_psa_mac_operation_t mbedtls_ctx;
#if defined(PSA_CRYPTO_DRIVER_TEST)
# if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
#endif
# endif
} psa_driver_mac_context_t;
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */

20
include/psa/crypto_driver_contexts_primitives.h
View File

@@ -31,15 +31,16 @@
*/
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
#define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
# define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
#include "psa/crypto_driver_common.h"
# include "psa/crypto_driver_common.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_primitives.h"
/* Include the context structure definitions for the Mbed TLS software drivers
*/
# include "psa/crypto_builtin_primitives.h"
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.
@@ -51,18 +52,19 @@
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
mbedtls_psa_hash_operation_t mbedtls_ctx;
#if defined(PSA_CRYPTO_DRIVER_TEST)
# if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
#endif
# endif
} psa_driver_hash_context_t;
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
mbedtls_psa_cipher_operation_t mbedtls_ctx;
#if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
# if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_cipher_operation_t
transparent_test_driver_ctx;
mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
#endif
# endif
} psa_driver_cipher_context_t;
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */

316
include/psa/crypto_extra.h
View File

@@ -42,7 +42,7 @@ extern "C" {
/* See mbedtls_config.h for definition */
#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
# define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
/** \addtogroup attributes
@@ -68,11 +68,13 @@ extern "C" {
* verified that the usage of the key with multiple algorithms
* is safe.
*/
static inline void psa_set_key_enrollment_algorithm(
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
static inline void
psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
attributes->MBEDTLS_PRIVATE(core)
.MBEDTLS_PRIVATE(policy)
.MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@@ -81,10 +83,12 @@ static inline void psa_set_key_enrollment_algorithm(
*
* \return The enrollment algorithm stored in the attribute structure.
*/
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
static inline psa_algorithm_t
psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
{
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
return (attributes->MBEDTLS_PRIVATE(core)
.MBEDTLS_PRIVATE(policy)
.MBEDTLS_PRIVATE(alg2));
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -111,9 +115,8 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is not located in a secure element.
*/
psa_status_t psa_get_key_slot_number(
const psa_key_attributes_t *attributes,
psa_key_slot_number_t *slot_number );
psa_status_t psa_get_key_slot_number(const psa_key_attributes_t *attributes,
psa_key_slot_number_t *slot_number);
/** Choose the slot number where a key is stored.
*
@@ -138,11 +141,11 @@ psa_status_t psa_get_key_slot_number(
* \param[out] attributes The attribute structure to write to.
* \param slot_number The slot number to set.
*/
static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number )
static inline void psa_set_key_slot_number(psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |=
MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
@@ -152,10 +155,10 @@ static inline void psa_set_key_slot_number(
*
* \param[out] attributes The attribute structure to write to.
*/
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes )
static inline void psa_clear_key_slot_number(psa_key_attributes_t *attributes)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &=
~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@@ -201,8 +204,8 @@ static inline void psa_clear_key_slot_number(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_register_se_key(
const psa_key_attributes_t *attributes);
psa_status_t
mbedtls_psa_register_se_key(const psa_key_attributes_t *attributes);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
@@ -216,7 +219,7 @@ psa_status_t mbedtls_psa_register_se_key(
*
* This is an Mbed TLS extension.
*/
void mbedtls_psa_crypto_free( void );
void mbedtls_psa_crypto_free(void);
/** \brief Statistics about
* resource consumption related to the PSA keystore.
@@ -224,8 +227,7 @@ void mbedtls_psa_crypto_free( void );
* \note The content of this structure is not part of the stable API and ABI
* of Mbed Crypto and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s
{
typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
@@ -256,7 +258,7 @@ typedef struct mbedtls_psa_stats_s
* between the application and the keystore, the service may or
* may not expose this function.
*/
void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats);
/**
* \brief Inject an initial entropy seed for the random generator into
@@ -327,8 +329,7 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
* The library has already been initialized. It is no longer
* possible to call this function.
*/
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
size_t seed_size);
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size);
/** \addtogroup crypto_types
* @{
@@ -341,7 +342,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
*/
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
/** DSA key pair (private and public key).
*
@@ -359,13 +360,13 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* Add 1 to the resulting integer and use this as the private key *x*.
*
*/
#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
/** Whether a key type is an DSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_DSA(type) \
#define PSA_KEY_TYPE_IS_DSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
/** DSA signature with hashing.
*
* This is the signature scheme defined by FIPS 186-4,
@@ -380,9 +381,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_DSA(hash_alg) \
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
#define PSA_ALG_DSA(hash_alg) \
(PSA_ALG_DSA_BASE | ((hash_alg)&PSA_ALG_HASH_MASK))
#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
/** Deterministic DSA signature with hashing.
*
@@ -398,24 +399,22 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_IS_DSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg)&PSA_ALG_HASH_MASK))
#define PSA_ALG_IS_DSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
PSA_ALG_DSA_BASE)
#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
(((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
(((alg)&PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
(PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
(PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
/* We need to expand the sample definition of this macro from
* the API definition. */
#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
PSA_ALG_IS_DSA(alg)
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) PSA_ALG_IS_DSA(alg)
/**@}*/
@@ -429,8 +428,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes
* from domain parameters set by psa_set_key_domain_parameters().
*/
#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t)0x7e)
/**
* \brief Set domain parameters for a key.
@@ -526,11 +524,11 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
*/
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
uint8_t *data,
size_t data_size,
size_t *data_length);
psa_status_t
psa_get_key_domain_parameters(const psa_key_attributes_t *attributes,
uint8_t *data,
size_t data_size,
size_t *data_length);
/** Safe output buffer size for psa_get_key_domain_parameters().
*
@@ -557,14 +555,17 @@ psa_status_t psa_get_key_domain_parameters(
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
0)
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
sizeof(int) : \
PSA_KEY_TYPE_IS_DH(key_type) ? \
PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_DSA(key_type) ? \
PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
0)
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
/**@}*/
@@ -574,7 +575,7 @@ psa_status_t psa_get_key_domain_parameters(
*/
#if defined(MBEDTLS_ECP_C)
#include <mbedtls/ecp.h>
# include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
*
@@ -589,53 +590,52 @@ psa_status_t psa_get_key_domain_parameters(
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
size_t *bits )
static inline psa_ecc_family_t
mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
{
switch( grpid )
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1 ;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1 ;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1 ;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1 ;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1 ;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1 ;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1 ;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1 ;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY ;
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1 ;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1 ;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1 ;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY ;
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return 0 ;
return 0;
}
}
@@ -658,9 +658,9 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id gr
* \return #MBEDTLS_ECP_DP_NONE if \p bits is not
* correct for \p curve.
*/
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy );
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy);
#endif /* MBEDTLS_ECP_C */
/**@}*/
@@ -709,9 +709,11 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
* A failure of the random generator hardware that isn't covered
* by #PSA_ERROR_INSUFFICIENT_ENTROPY.
*/
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
uint8_t *output, size_t output_size, size_t *output_length );
psa_status_t
mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *context,
uint8_t *output,
size_t output_size,
size_t *output_length);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
/**@}*/
@@ -731,14 +733,14 @@ psa_status_t mbedtls_psa_external_get_random(
* This value is part of the library's ABI since changing it would invalidate
* the values of built-in key identifiers in applications.
*/
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
/** The maximum value for a key identifier that is built into the
* implementation.
*
* See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
*/
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
/** A slot number identifying a key in a driver.
*
@@ -756,10 +758,10 @@ typedef uint64_t psa_drv_slot_number_t;
* \retval 0
* The key identifier is not a builtin key identifier.
*/
static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
{
return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
return ((key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
(key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX));
}
/** Platform function to obtain the location and slot number of a built-in key.
@@ -806,10 +808,10 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
* - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner
* is not allowed to access it.
*/
psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
psa_drv_slot_number_t *slot_number );
psa_status_t
mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
psa_drv_slot_number_t *slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/** @} */
@@ -818,7 +820,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* @{
*/
#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
/** Whether the specified algorithm is a password-authenticated key exchange.
*
@@ -829,8 +831,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* This macro may return either 0 or 1 if \p alg is not a supported
* algorithm identifier.
*/
#define PSA_ALG_IS_PAKE(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
#define PSA_ALG_IS_PAKE(alg) \
(((alg)&PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm.
*
@@ -947,7 +949,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* of RFC 8236 for two examples.
*
*/
#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
/** @} */
@@ -1008,7 +1010,7 @@ typedef uint32_t psa_pake_primitive_t;
* need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are
* accepted.
*/
#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
/** The second peer in a balanced PAKE.
*
@@ -1017,19 +1019,19 @@ typedef uint32_t psa_pake_primitive_t;
* need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are
* accepted.
*/
#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
/** The client in an augmented PAKE.
*
* Augmented PAKE algorithms need to differentiate between client and server.
*/
#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
/** The server in an augmented PAKE.
*
* Augmented PAKE algorithms need to differentiate between client and server.
*/
#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
/** The PAKE primitive type indicating the use of elliptic curves.
*
@@ -1049,7 +1051,7 @@ typedef uint32_t psa_pake_primitive_t;
* curve would be. For more information, consult the documentation of
* psa_export_key().
*/
#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
/** The PAKE primitive type indicating the use of Diffie-Hellman groups.
*
@@ -1069,7 +1071,7 @@ typedef uint32_t psa_pake_primitive_t;
* group would be. For more information, consult the documentation of
* psa_export_key().
*/
#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
/** Construct a PAKE primitive from type, family and bit-size.
*
@@ -1090,10 +1092,11 @@ typedef uint32_t psa_pake_primitive_t;
* Return 0 if the requested primitive can't be encoded as
* ::psa_pake_primitive_t.
*/
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
((psa_pake_primitive_t) (((pake_type) << 24 | \
(pake_family) << 16) | (pake_bits)))
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
((pake_bits & 0xFFFF) != pake_bits) ? \
0 : \
((psa_pake_primitive_t)(((pake_type) << 24 | (pake_family) << 16) | \
(pake_bits)))
/** The key share being sent to or received from the peer.
*
@@ -1107,7 +1110,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
/** A Schnorr NIZKP public key.
*
@@ -1124,7 +1127,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
/** A Schnorr NIZKP proof.
*
@@ -1145,7 +1148,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
/** The type of the data strucure for PAKE cipher suites.
*
@@ -1165,9 +1168,8 @@ typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t;
*
* \return The PAKE algorithm stored in the cipher suite structure.
*/
static psa_algorithm_t psa_pake_cs_get_algorithm(
const psa_pake_cipher_suite_t* cipher_suite
);
static psa_algorithm_t
psa_pake_cs_get_algorithm(const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the PAKE algorithm for the cipher suite.
*
@@ -1185,10 +1187,8 @@ static psa_algorithm_t psa_pake_cs_get_algorithm(
* If this is 0, the PAKE algorithm in
* \p cipher_suite becomes unspecified.
*/
static void psa_pake_cs_set_algorithm(
psa_pake_cipher_suite_t* cipher_suite,
psa_algorithm_t algorithm
);
static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t algorithm);
/** Retrieve the primitive from a PAKE cipher suite.
*
@@ -1200,9 +1200,8 @@ static void psa_pake_cs_set_algorithm(
*
* \return The primitive stored in the cipher suite structure.
*/
static psa_pake_primitive_t psa_pake_cs_get_primitive(
const psa_pake_cipher_suite_t* cipher_suite
);
static psa_pake_primitive_t
psa_pake_cs_get_primitive(const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the primitive for a PAKE cipher suite.
*
@@ -1217,10 +1216,8 @@ static psa_pake_primitive_t psa_pake_cs_get_primitive(
* primitive type in \p cipher_suite becomes
* unspecified.
*/
static void psa_pake_cs_set_primitive(
psa_pake_cipher_suite_t* cipher_suite,
psa_pake_primitive_t primitive
);
static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite,
psa_pake_primitive_t primitive);
/** Retrieve the hash algorithm from a PAKE cipher suite.
*
@@ -1234,9 +1231,8 @@ static void psa_pake_cs_set_primitive(
* value is 0 if the PAKE is not parametrised by a hash algorithm or if
* the hash algorithm is not set.
*/
static psa_algorithm_t psa_pake_cs_get_hash(
const psa_pake_cipher_suite_t* cipher_suite
);
static psa_algorithm_t
psa_pake_cs_get_hash(const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the hash algorithm for a PAKE cipher suite.
*
@@ -1258,10 +1254,8 @@ static psa_algorithm_t psa_pake_cs_get_hash(
* If this is 0, the hash algorithm in
* \p cipher_suite becomes unspecified.
*/
static void psa_pake_cs_set_hash(
psa_pake_cipher_suite_t* cipher_suite,
psa_algorithm_t hash
);
static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t hash);
/** The type of the state data structure for PAKE operations.
*
@@ -1742,75 +1736,77 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
*/
#define PSA_PAKE_INPUT_MAX_SIZE 0
struct psa_pake_cipher_suite_s
{
struct psa_pake_cipher_suite_s {
psa_algorithm_t algorithm;
psa_pake_primitive_type_t type;
psa_pake_family_t family;
uint16_t bits;
uint16_t bits;
psa_algorithm_t hash;
};
static inline psa_algorithm_t psa_pake_cs_get_algorithm(
const psa_pake_cipher_suite_t *cipher_suite)
static inline psa_algorithm_t
psa_pake_cs_get_algorithm(const psa_pake_cipher_suite_t *cipher_suite)
{
return cipher_suite->algorithm;
}
static inline void psa_pake_cs_set_algorithm(
psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t algorithm)
static inline void
psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t algorithm)
{
if(!PSA_ALG_IS_PAKE(algorithm))
if (!PSA_ALG_IS_PAKE(algorithm))
cipher_suite->algorithm = 0;
else
cipher_suite->algorithm = algorithm;
}
static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
const psa_pake_cipher_suite_t *cipher_suite)
static inline psa_pake_primitive_t
psa_pake_cs_get_primitive(const psa_pake_cipher_suite_t *cipher_suite)
{
return(PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
cipher_suite->bits));
return (PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
cipher_suite->bits));
}
static inline void psa_pake_cs_set_primitive(
psa_pake_cipher_suite_t *cipher_suite,
psa_pake_primitive_t primitive)
static inline void
psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite,
psa_pake_primitive_t primitive)
{
cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
cipher_suite->type = (psa_pake_primitive_type_t)(primitive >> 24);
cipher_suite->family = (psa_pake_family_t)(0xFF & (primitive >> 16));
cipher_suite->bits = (uint16_t)(0xFFFF & primitive);
}
static inline psa_algorithm_t psa_pake_cs_get_hash(
const psa_pake_cipher_suite_t *cipher_suite)
static inline psa_algorithm_t
psa_pake_cs_get_hash(const psa_pake_cipher_suite_t *cipher_suite)
{
return cipher_suite->hash;
}
static inline void psa_pake_cs_set_hash(
psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t hash)
static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t hash)
{
if(!PSA_ALG_IS_HASH(hash))
if (!PSA_ALG_IS_HASH(hash))
cipher_suite->hash = 0;
else
cipher_suite->hash = hash;
}
struct psa_pake_operation_s
{
struct psa_pake_operation_s {
psa_algorithm_t alg;
union
{
union {
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
} ctx;
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
#define PSA_PAKE_OPERATION_INIT {0, {0}}
#define PSA_PAKE_OPERATION_INIT \
{ \
0, \
{ \
0 \
} \
}
static inline struct psa_pake_operation_s psa_pake_operation_init(void)
{
const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;

16
include/psa/crypto_platform.h
View File

@@ -45,9 +45,9 @@
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
!defined(__cplusplus)
# define inline __inline
#endif
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
@@ -70,10 +70,10 @@ typedef int32_t mbedtls_key_owner_id_t;
*
* \return Non-zero if the two key owner identifiers are equal, zero otherwise.
*/
static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
mbedtls_key_owner_id_t id2 )
static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1,
mbedtls_key_owner_id_t id2)
{
return id1 == id2 ;
return id1 == id2;
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@@ -86,8 +86,8 @@ static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
* included.
*/
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#define PSA_CRYPTO_SECURE 1
#include "crypto_spe.h"
# define PSA_CRYPTO_SECURE 1
# include "crypto_spe.h"
#endif // MBEDTLS_PSA_CRYPTO_SPM
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)

Some files were not shown because too many files have changed in this diff Show More