asgardius/virtualx-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mbedtls: Update to upstream version 2.28.3

Browse source 
Rediff patch from PR 1453, lstrlenW is no longer used upstream so
that part of the patch was dropped.

(cherry picked from commit 1fde2092d0)
This commit is contained in:
Rémi Verschelde 2023-04-18 10:38:24 +02:00
parent 1850325666
commit b7fe3c9c38
No known key found for this signature in database
GPG key ID: C3336907360768E1
174 changed files with 36064 additions and 35819 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
thirdparty/README.md vendored
View file

@ -277,7 +277,7 @@ Files extracted from upstream source:
## mbedtls
- Upstream: https://github.com/Mbed-TLS/mbedtls
- Version: 2.18.2 (89f040a5c938985c5f30728baed21e49d0846a53, 2022)
- Version: 2.18.3 (981743de6fcdbe672e482b6fd724d31d0a0d2476, 2023)
- License: Apache 2.0
File extracted from upstream release tarball:
@ -285,7 +285,7 @@ File extracted from upstream release tarball:
- All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` except `config_psa.h` and `psa_util.h`.
- All `*.c` and `*.h` from `library/` to `thirdparty/mbedtls/library/` except those starting with `psa_*`.
- The `LICENSE` file.
- Applied the patch in `patches/1453.diff` (upstream PR:
- Applied the patch in `patches/1453.diff` to fix UWP build (upstream PR:
https://github.com/ARMmbed/mbedtls/pull/1453).
Applied the patch in `patches/windows-arm64-hardclock.diff`
- Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h`

6
thirdparty/mbedtls/include/mbedtls/aes.h vendored
View file

@ -88,8 +88,7 @@ extern "C" {
/**
* \brief The AES context-type definition.
*/
typedef struct mbedtls_aes_context
{
typedef struct mbedtls_aes_context {
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
@ -107,8 +106,7 @@ mbedtls_aes_context;
/**
* \brief The AES XTS context-type definition.
*/
typedef struct mbedtls_aes_xts_context
{
typedef struct mbedtls_aes_xts_context {
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak

39
thirdparty/mbedtls/include/mbedtls/aesni.h vendored
View file

@ -36,13 +36,49 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__)) && \
!defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_HAVE_X86_64
#endif
#if defined(MBEDTLS_AESNI_C)
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
*
* NOTE: MBEDTLS_AESNI_HAVE_INTRINSICS and MBEDTLS_AESNI_HAVE_CODE are internal
* macros that may change in future releases.
*/
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
#if defined(_MSC_VER)
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
* VS 2013 and up for other reasons anyway, so no need to check the version. */
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
/* GCC-like compilers: currently, we only support intrinsics if the requisite
* target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2`
* or `clang -maes -mpclmul`). */
#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
/* Choose the implementation of AESNI, if one is available. */
#undef MBEDTLS_AESNI_HAVE_CODE
/* To minimize disruption when releasing the intrinsics-based implementation,
* favor the assembly-based implementation if it's available. We intend to
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
* likely remove the assembly implementation. */
#if defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#ifdef __cplusplus
extern "C" {
@ -131,6 +167,7 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
}
#endif
#endif /* MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */
#endif /* MBEDTLS_AESNI_H */

3
thirdparty/mbedtls/include/mbedtls/arc4.h vendored
View file

@ -53,8 +53,7 @@ extern "C" {
* security risk. We recommend considering stronger ciphers instead.
*
*/
typedef struct mbedtls_arc4_context
{
typedef struct mbedtls_arc4_context {
int x; /*!< permutation index */
int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */

3
thirdparty/mbedtls/include/mbedtls/aria.h vendored
View file

@ -76,8 +76,7 @@ extern "C" {
/**
* \brief The ARIA context-type definition.
*/
typedef struct mbedtls_aria_context
{
typedef struct mbedtls_aria_context {
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];

12
thirdparty/mbedtls/include/mbedtls/asn1.h vendored
View file

@ -152,8 +152,7 @@ extern "C" {
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct mbedtls_asn1_buf
{
typedef struct mbedtls_asn1_buf {
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
@ -163,8 +162,7 @@ mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct mbedtls_asn1_bitstring
{
typedef struct mbedtls_asn1_bitstring {
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
@ -174,8 +172,7 @@ mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct mbedtls_asn1_sequence
{
typedef struct mbedtls_asn1_sequence {
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
}
@ -184,8 +181,7 @@ mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct mbedtls_asn1_named_data
{
typedef struct mbedtls_asn1_named_data {
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */

2
thirdparty/mbedtls/include/mbedtls/asn1write.h vendored
View file

@ -34,7 +34,7 @@
do \
{ \
if ((ret = (f)) < 0) \
return( ret ); \
return ret; \
else \
(g) += ret; \
} while (0)

11
thirdparty/mbedtls/include/mbedtls/bignum.h vendored
View file

@ -66,7 +66,7 @@
#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
/*
* Maximum window size used for modular exponentiation. Default: 6
* Maximum window size used for modular exponentiation. Default: 2
* Minimum value: 1. Maximum value: 6.
*
* Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
@ -74,7 +74,7 @@
*
* Reduction in size, reduces speed.
*/
#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(MBEDTLS_MPI_MAX_SIZE)
@ -110,7 +110,9 @@
*/
#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
#define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \
MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6)
/*
* Define the base integer type, architecture-wise.
@ -203,8 +205,7 @@ extern "C" {
/**
* \brief MPI structure
*/
typedef struct mbedtls_mpi
{
typedef struct mbedtls_mpi {
/** Sign: -1 if the mpi is negative, 1 otherwise.
*
* The number 0 must be represented with `s = +1`. Although many library

3
thirdparty/mbedtls/include/mbedtls/blowfish.h vendored
View file

@ -65,8 +65,7 @@ extern "C" {
/**
* \brief Blowfish context structure
*/
typedef struct mbedtls_blowfish_context
{
typedef struct mbedtls_blowfish_context {
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
}

2
thirdparty/mbedtls/include/mbedtls/bn_mul.h vendored
View file

@ -84,6 +84,7 @@
#endif /* bits in mbedtls_mpi_uint */
/* *INDENT-OFF* */
#if defined(MBEDTLS_HAVE_ASM)
#ifndef asm
@ -1001,4 +1002,5 @@
#endif /* C (generic) */
#endif /* C (longlong) */
/* *INDENT-ON* */
#endif /* bn_mul.h */

3
thirdparty/mbedtls/include/mbedtls/camellia.h vendored
View file

@ -61,8 +61,7 @@ extern "C" {
/**
* \brief CAMELLIA context structure
*/
typedef struct mbedtls_camellia_context
{
typedef struct mbedtls_camellia_context {
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
}

3
thirdparty/mbedtls/include/mbedtls/ccm.h vendored
View file

@ -76,8 +76,7 @@ extern "C" {
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
typedef struct mbedtls_ccm_context
{
typedef struct mbedtls_ccm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;

3
thirdparty/mbedtls/include/mbedtls/chacha20.h vendored
View file

@ -60,8 +60,7 @@ extern "C" {
#if !defined(MBEDTLS_CHACHA20_ALT)
typedef struct mbedtls_chacha20_context
{
typedef struct mbedtls_chacha20_context {
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */

6
thirdparty/mbedtls/include/mbedtls/chachapoly.h vendored
View file

@ -50,8 +50,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
}
@ -61,8 +60,7 @@ mbedtls_chachapoly_mode_t;
#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
typedef struct mbedtls_chachapoly_context {
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */

11
thirdparty/mbedtls/include/mbedtls/check_config.h vendored
View file

@ -28,6 +28,7 @@
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
/* *INDENT-OFF* */
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.
@ -68,10 +69,6 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
@ -143,6 +140,11 @@
#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
!defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
@ -955,4 +957,5 @@
*/
typedef int mbedtls_iso_c_forbids_empty_translation_units;
/* *INDENT-ON* */
#endif /* MBEDTLS_CHECK_CONFIG_H */

72
thirdparty/mbedtls/include/mbedtls/cipher.h vendored
View file

@ -83,16 +83,16 @@ extern "C" {
/**
* \brief Supported cipher types.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* \warning RC4 and DES/3DES are considered weak ciphers and their use
* constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
@ -103,8 +103,8 @@ typedef enum {
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* \warning RC4 and DES/3DES are considered weak ciphers and their use
* constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
@ -140,12 +140,12 @@ typedef enum {
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
@ -226,11 +226,11 @@ typedef enum {
enum {
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys. */
/** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES = 64,
/** Key length in bits, including parity, for DES in two-key EDE. */
/** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
/** Key length in bits, including parity, for DES in three-key EDE. */
/** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
};
@ -273,8 +273,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef struct mbedtls_cipher_info_t
{
typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@ -315,8 +314,7 @@ typedef struct mbedtls_cipher_info_t
/**
* Generic cipher context.
*/
typedef struct mbedtls_cipher_context_t
{
typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
@ -506,8 +504,9 @@ static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
return ctx->cipher_info->block_size;
}
@ -525,8 +524,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_MODE_NONE;
}
return ctx->cipher_info->mode;
}
@ -545,11 +545,13 @@ static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
if( ctx->iv_size != 0 )
if (ctx->iv_size != 0) {
return (int) ctx->iv_size;
}
return (int) ctx->cipher_info->iv_size;
}
@ -567,8 +569,9 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_CIPHER_NONE;
}
return ctx->cipher_info->type;
}
@ -586,8 +589,9 @@ static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
return ctx->cipher_info->name;
}
@ -606,8 +610,9 @@ static inline int mbedtls_cipher_get_key_bitlen(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_KEY_LENGTH_NONE;
}
return (int) ctx->cipher_info->key_bitlen;
}
@ -625,8 +630,9 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_OPERATION_NONE;
}
return ctx->operation;
}
@ -917,13 +923,13 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt(
mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
MBEDTLS_DEPRECATED;
unsigned char *tag, size_t tag_len);
/**
* \brief The generic authenticated decryption (AEAD) function.
@ -976,13 +982,13 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt(
mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
MBEDTLS_DEPRECATED;
const unsigned char *tag, size_t tag_len);
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */

12
thirdparty/mbedtls/include/mbedtls/cipher_internal.h vendored
View file

@ -43,8 +43,7 @@ extern "C" {
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct mbedtls_cipher_base_t
{
struct mbedtls_cipher_base_t {
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
@ -110,15 +109,13 @@ struct mbedtls_cipher_base_t
};
typedef struct
{
typedef struct {
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef enum
{
typedef enum {
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
@ -131,8 +128,7 @@ typedef enum
/* destroyed when the context is freed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct
{
typedef struct {
psa_algorithm_t alg;
psa_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;

3
thirdparty/mbedtls/include/mbedtls/cmac.h vendored
View file

@ -56,8 +56,7 @@ extern "C" {
/**
* The CMAC context structure.
*/
struct mbedtls_cmac_context_t
{
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];

48
thirdparty/mbedtls/include/mbedtls/compat-1.3.h vendored
View file

@ -597,7 +597,8 @@
#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
#endif
#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION \
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@ -1554,10 +1555,14 @@
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
@ -1565,8 +1570,10 @@
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
@ -1578,10 +1585,14 @@
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
@ -1591,10 +1602,14 @@
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
@ -2492,7 +2507,8 @@
#define x509write_crt_free mbedtls_x509write_crt_free
#define x509write_crt_init mbedtls_x509write_crt_init
#define x509write_crt_pem mbedtls_x509write_crt_pem
#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
#define x509write_crt_set_authority_key_identifier \
mbedtls_x509write_crt_set_authority_key_identifier
#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key

61
thirdparty/mbedtls/include/mbedtls/config.h vendored
View file

@ -51,7 +51,7 @@
* include/mbedtls/bn_mul.h
*
* Required by:
* MBEDTLS_AESNI_C
* MBEDTLS_AESNI_C (on some platforms)
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
@ -859,12 +859,37 @@
* This is useful in non-threaded environments if you want to avoid blocking
* for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
*
* Uncomment this macro to enable restartable ECC computations.
* This option:
* - Adds xxx_restartable() variants of existing operations in the
* following modules, with corresponding restart context types:
* - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
* linear combination (muladd);
* - ECDSA: signature generation & verification;
* - PK: signature generation & verification;
* - X509: certificate chain verification.
* - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
* - Changes the behaviour of TLS 1.2 clients (not servers) when using the
* ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
* computations restartable:
* - ECDH operations from the key exchange, only for Short Weierstrass
* curves;
* - verification of the server's key exchange signature;
* - verification of the server's certificate chain;
* - generation of the client's signature if client authentication is used,
* with an ECC key/certificate.
*
* \note In the cases above, the usual SSL/TLS functions, such as
* mbedtls_ssl_handshake(), can now return
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
* and MBEDTLS_ECDH_LEGACY_CONTEXT.
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT,
* MBEDTLS_ECDH_LEGACY_CONTEXT, and MBEDTLS_USE_PSA_CRYPTO.
*
* Requires: MBEDTLS_ECP_C
*
* Uncomment this macro to enable restartable ECC computations.
*/
//#define MBEDTLS_ECP_RESTARTABLE
@ -2319,14 +2344,32 @@
/**
* \def MBEDTLS_AESNI_C
*
* Enable AES-NI support on x86-64.
* Enable AES-NI support on x86-64 or x86-32.
*
* \note AESNI is only supported with certain compilers and target options:
* - Visual Studio 2013: supported.
* - GCC, x86-64, target not explicitly supporting AESNI:
* requires MBEDTLS_HAVE_ASM.
* - GCC, x86-32, target not explicitly supporting AESNI:
* not supported.
* - GCC, x86-64 or x86-32, target supporting AESNI: supported.
* For this assembly-less implementation, you must currently compile
* `library/aesni.c` and `library/aes.c` with machine options to enable
* SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
* `clang -maes -mpclmul`.
* - Non-x86 targets: this option is silently ignored.
* - Other compilers: this option is silently ignored.
*
* \note
* Above, "GCC" includes compatible compilers such as Clang.
* The limitations on target support are likely to be relaxed in the future.
*
* Module: library/aesni.c
* Caller: library/aes.c
*
* Requires: MBEDTLS_HAVE_ASM
* Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
*
* This modules adds support for the AES-NI instructions on x86-64
* This modules adds support for the AES-NI instructions on x86.
*/
#define MBEDTLS_AESNI_C
@ -2740,7 +2783,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/
#define MBEDTLS_DES_C
@ -3724,7 +3767,7 @@
* comment in the specific module. */
/* MPI / BIGNUM options */
//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
/* CTR_DRBG options */

3
thirdparty/mbedtls/include/mbedtls/ctr_drbg.h vendored
View file

@ -170,8 +170,7 @@ extern "C" {
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
typedef struct mbedtls_ctr_drbg_context {
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter.
* This is the number of requests that have

9
thirdparty/mbedtls/include/mbedtls/debug.h vendored
View file

@ -124,10 +124,12 @@
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#else \
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#endif \
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
@ -275,8 +277,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
#endif
#if defined(MBEDTLS_ECDH_C)
typedef enum
{
typedef enum {
MBEDTLS_DEBUG_ECDH_Q,
MBEDTLS_DEBUG_ECDH_QP,
MBEDTLS_DEBUG_ECDH_Z,

66
thirdparty/mbedtls/include/mbedtls/des.h vendored
View file

@ -3,7 +3,7 @@
*
* \brief DES block cipher
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -60,21 +60,23 @@ extern "C" {
/**
* \brief DES context structure
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
typedef struct mbedtls_des_context
{
typedef struct mbedtls_des_context {
uint32_t sk[32]; /*!< DES subkeys */
}
mbedtls_des_context;
/**
* \brief Triple-DES context structure
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
typedef struct mbedtls_des3_context
{
typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
@ -88,7 +90,7 @@ mbedtls_des3_context;
*
* \param ctx DES context to be initialized
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -99,7 +101,7 @@ void mbedtls_des_init( mbedtls_des_context *ctx );
*
* \param ctx DES context to be cleared
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -109,6 +111,10 @@ void mbedtls_des_free( mbedtls_des_context *ctx );
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des3_init(mbedtls_des3_context *ctx);
@ -116,6 +122,10 @@ void mbedtls_des3_init( mbedtls_des3_context *ctx );
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
void mbedtls_des3_free(mbedtls_des3_context *ctx);
@ -127,7 +137,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx );
*
* \param key 8-byte secret key
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -143,7 +153,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
*
* \return 0 is parity was ok, 1 if parity was not correct.
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -157,7 +167,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
*
* \return 0 if no weak key was found, 1 if a weak key was identified.
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -172,7 +182,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
*
* \return 0
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -187,7 +197,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
*
* \return 0
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -201,6 +211,10 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
* \param key 16-byte secret key
*
* \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
@ -213,6 +227,10 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
* \param key 16-byte secret key
*
* \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
@ -225,6 +243,10 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
* \param key 24-byte secret key
*
* \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
@ -237,6 +259,10 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
* \param key 24-byte secret key
*
* \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
@ -251,7 +277,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
*
* \return 0 if successful
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -279,7 +305,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@ -300,6 +326,10 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
* \param output 64-bit output block
*
* \return 0 if successful
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
@ -326,6 +356,10 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
* \param output buffer holding the output data
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
@ -344,7 +378,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
* \param SK Round keys
* \param key Base key
*
* \warning DES is considered a weak cipher and its use constitutes a
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/

3
thirdparty/mbedtls/include/mbedtls/dhm.h vendored
View file

@ -108,8 +108,7 @@ extern "C" {
/**
* \brief The DHM context structure.
*/
typedef struct mbedtls_dhm_context
{
typedef struct mbedtls_dhm_context {
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */

15
thirdparty/mbedtls/include/mbedtls/ecdh.h vendored
View file

@ -52,8 +52,7 @@ extern "C" {
/**
* Defines the source of the imported EC key.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@ -65,8 +64,7 @@ typedef enum
* Later versions of the library may add new variants, therefore users should
* not make any assumptions about them.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
@ -81,8 +79,7 @@ typedef enum
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
typedef struct mbedtls_ecdh_context_mbed
{
typedef struct mbedtls_ecdh_context_mbed {
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
@ -101,8 +98,7 @@ typedef struct mbedtls_ecdh_context_mbed
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
typedef struct mbedtls_ecdh_context
{
typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
@ -122,8 +118,7 @@ typedef struct mbedtls_ecdh_context
as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
union
{
union {
mbedtls_ecdh_context_mbed mbed_ecdh;
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh;

3
thirdparty/mbedtls/include/mbedtls/ecdsa.h vendored
View file

@ -105,8 +105,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
/**
* \brief General context for resuming ECDSA operations
*/
typedef struct
{
typedef struct {
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */

3
thirdparty/mbedtls/include/mbedtls/ecjpake.h vendored
View file

@ -71,8 +71,7 @@ typedef enum {
* convention from the Thread v1.0 spec. Correspondence is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
{
typedef struct mbedtls_ecjpake_context {
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */

21
thirdparty/mbedtls/include/mbedtls/ecp.h vendored
View file

@ -117,8 +117,7 @@ extern "C" {
* - Add the curve to the ecp_supported_curves array in ecp.c.
* - Add the curve to applicable profiles in x509_crt.c if applicable.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
@ -145,8 +144,7 @@ typedef enum
/*
* Curve types
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
@ -155,8 +153,7 @@ typedef enum
/**
* Curve information, for use by other modules.
*/
typedef struct mbedtls_ecp_curve_info
{
typedef struct mbedtls_ecp_curve_info {
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
@ -174,8 +171,7 @@ typedef struct mbedtls_ecp_curve_info
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
typedef struct mbedtls_ecp_point
{
typedef struct mbedtls_ecp_point {
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
@ -257,8 +253,7 @@ mbedtls_ecp_point;
* identical.
*
*/
typedef struct mbedtls_ecp_group
{
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
@ -376,8 +371,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
/**
* \brief General context for resuming ECC operations
*/
typedef struct
{
typedef struct {
unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
@ -429,8 +423,7 @@ typedef void mbedtls_ecp_restart_ctx;
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
typedef struct mbedtls_ecp_keypair
{
typedef struct mbedtls_ecp_keypair {
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */

16
thirdparty/mbedtls/include/mbedtls/ecp_internal.h vendored
View file

@ -122,7 +122,9 @@ void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
* \return 0 if successful.
*/
int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
mbedtls_ecp_point *pt, int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
#endif
@ -249,8 +251,11 @@ int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
mbedtls_ecp_point *R,
mbedtls_ecp_point *S,
const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *d);
#endif
/**
@ -270,7 +275,9 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
*/
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
mbedtls_ecp_point *P, int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
#endif
@ -294,4 +301,3 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#endif /* ecp_internal.h */

6
thirdparty/mbedtls/include/mbedtls/entropy.h vendored
View file

@ -110,8 +110,7 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
/**
* \brief Entropy source state
*/
typedef struct mbedtls_entropy_source_state
{
typedef struct mbedtls_entropy_source_state {
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
void *p_source; /**< The callback data pointer */
size_t size; /**< Amount received in bytes */
@ -123,8 +122,7 @@ mbedtls_entropy_source_state;
/**
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context
{
typedef struct mbedtls_entropy_context {
int accumulator_started; /* 0 after init.
* 1 after the first update.
* -1 after free. */

5
thirdparty/mbedtls/include/mbedtls/error.h vendored
View file

@ -160,13 +160,14 @@ static inline int mbedtls_error_add( int high, int low,
const char *file, int line)
{
#if defined(MBEDTLS_TEST_HOOKS)
if( *mbedtls_test_hook_error_add != NULL )
if (*mbedtls_test_hook_error_add != NULL) {
(*mbedtls_test_hook_error_add)(high, low, file, line);
}
#endif
(void) file;
(void) line;
return( high + low );
return high + low;
}
/**

3
thirdparty/mbedtls/include/mbedtls/gcm.h vendored
View file

@ -63,8 +63,7 @@ extern "C" {
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context
{
typedef struct mbedtls_gcm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */

3
thirdparty/mbedtls/include/mbedtls/havege.h vendored
View file

@ -40,8 +40,7 @@ extern "C" {
/**
* \brief HAVEGE state structure
*/
typedef struct mbedtls_havege_state
{
typedef struct mbedtls_havege_state {
uint32_t PT1, PT2, offset[2];
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
uint32_t WALK[8192];

3
thirdparty/mbedtls/include/mbedtls/hmac_drbg.h vendored
View file

@ -86,8 +86,7 @@ extern "C" {
/**
* HMAC_DRBG context.
*/
typedef struct mbedtls_hmac_drbg_context
{
typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */

6
thirdparty/mbedtls/include/mbedtls/md.h vendored
View file

@ -92,8 +92,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
@ -188,7 +187,8 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx,
const mbedtls_md_info_t *md_info) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */

3
thirdparty/mbedtls/include/mbedtls/md2.h vendored
View file

@ -55,8 +55,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md2_context
{
typedef struct mbedtls_md2_context {
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */

3
thirdparty/mbedtls/include/mbedtls/md4.h vendored
View file

@ -56,8 +56,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md4_context
{
typedef struct mbedtls_md4_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
thirdparty/mbedtls/include/mbedtls/md5.h vendored
View file

@ -55,8 +55,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md5_context
{
typedef struct mbedtls_md5_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
thirdparty/mbedtls/include/mbedtls/md_internal.h vendored
View file

@ -42,8 +42,7 @@ extern "C" {
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
struct mbedtls_md_info_t
{
struct mbedtls_md_info_t {
/** Name of the message digest */
const char *name;

3
thirdparty/mbedtls/include/mbedtls/memory_buffer_alloc.h vendored
View file

@ -47,7 +47,8 @@
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | \
MBEDTLS_MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {

3
thirdparty/mbedtls/include/mbedtls/net_sockets.h vendored
View file

@ -95,8 +95,7 @@ extern "C" {
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
typedef struct mbedtls_net_context
{
typedef struct mbedtls_net_context {
int fd; /**< The underlying file descriptor */
}
mbedtls_net_context;

3
thirdparty/mbedtls/include/mbedtls/nist_kw.h vendored
View file

@ -47,8 +47,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_KW_MODE_KW = 0,
MBEDTLS_KW_MODE_KWP = 1
} mbedtls_nist_kw_mode_t;

21
thirdparty/mbedtls/include/mbedtls/oid.h vendored
View file

@ -96,15 +96,18 @@
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
@ -122,7 +125,8 @@
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \
"\x01"
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
@ -254,7 +258,8 @@
#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
@ -277,7 +282,8 @@
/*
* Encryption algorithms
*/
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
@ -439,8 +445,7 @@ extern "C" {
/**
* \brief Base OID descriptor structure
*/
typedef struct mbedtls_oid_descriptor_t
{
typedef struct mbedtls_oid_descriptor_t {
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */

3
thirdparty/mbedtls/include/mbedtls/pem.h vendored
View file

@ -64,8 +64,7 @@ extern "C" {
/**
* \brief PEM context structure
*/
typedef struct mbedtls_pem_context
{
typedef struct mbedtls_pem_context {
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */

42
thirdparty/mbedtls/include/mbedtls/pk.h vendored
View file

@ -107,8 +107,7 @@ typedef enum {
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@ -169,8 +168,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
/**
* \brief Types for interfacing with the debug module
*/
typedef enum
{
typedef enum {
MBEDTLS_PK_DEBUG_NONE = 0,
MBEDTLS_PK_DEBUG_MPI,
MBEDTLS_PK_DEBUG_ECP,
@ -179,8 +177,7 @@ typedef enum
/**
* \brief Item to send to the debug module
*/
typedef struct mbedtls_pk_debug_item
{
typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type type;
const char *name;
void *value;
@ -197,8 +194,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
/**
* \brief Public key container
*/
typedef struct mbedtls_pk_context
{
typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
@ -207,8 +203,7 @@ typedef struct mbedtls_pk_context
/**
* \brief Context for resuming operations
*/
typedef struct
{
typedef struct {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *rs_ctx; /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
@ -225,8 +220,10 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *ole
const unsigned char *input, unsigned char *output,
size_t output_max_len);
typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash, unsigned char *sig);
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
@ -369,7 +366,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
*/
static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
{
return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
}
/**
@ -405,6 +402,11 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function,
* if the key might be an ECC (ECDSA) key.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
@ -643,12 +645,11 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
{
switch( mbedtls_pk_get_type( &pk ) )
{
switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_RSA:
return( (mbedtls_rsa_context *) (pk).pk_ctx );
return (mbedtls_rsa_context *) (pk).pk_ctx;
default:
return( NULL );
return NULL;
}
}
#endif /* MBEDTLS_RSA_C */
@ -667,14 +668,13 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
{
switch( mbedtls_pk_get_type( &pk ) )
{
switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
return (mbedtls_ecp_keypair *) (pk).pk_ctx;
default:
return( NULL );
return NULL;
}
}
#endif /* MBEDTLS_ECP_C */

6
thirdparty/mbedtls/include/mbedtls/pk_internal.h vendored
View file

@ -31,8 +31,7 @@
#include "mbedtls/pk.h"
struct mbedtls_pk_info_t
{
struct mbedtls_pk_info_t {
/** Public key type */
mbedtls_pk_type_t type;
@ -107,8 +106,7 @@ struct mbedtls_pk_info_t
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
typedef struct
{
typedef struct {
void *key;
mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
mbedtls_pk_rsa_alt_sign_func sign_func;

21
thirdparty/mbedtls/include/mbedtls/pkcs11.h vendored
View file

@ -50,8 +50,7 @@ extern "C" {
/**
* Context for PKCS #11 private keys.
*/
typedef struct mbedtls_pkcs11_context
{
typedef struct mbedtls_pkcs11_context {
pkcs11h_certificate_t pkcs11h_cert;
int len;
} mbedtls_pkcs11_context;
@ -173,8 +172,10 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
* version of the library.
*/
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx,
int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
int mode,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len)
{
return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
@ -208,9 +209,15 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
* used.
*/
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig)
{
((void) f_rng);
((void) p_rng);

3
thirdparty/mbedtls/include/mbedtls/platform.h vendored
View file

@ -379,8 +379,7 @@ int mbedtls_platform_set_nv_seed(
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
typedef struct mbedtls_platform_context
{
typedef struct mbedtls_platform_context {
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;

2
thirdparty/mbedtls/include/mbedtls/platform_util.h vendored
View file

@ -89,7 +89,7 @@ void mbedtls_param_failed( const char *failure_condition,
if (!(cond)) \
{ \
MBEDTLS_PARAM_FAILED(cond); \
return( ret ); \
return ret; \
} \
} while (0)

3
thirdparty/mbedtls/include/mbedtls/poly1305.h vendored
View file

@ -60,8 +60,7 @@ extern "C" {
#if !defined(MBEDTLS_POLY1305_ALT)
typedef struct mbedtls_poly1305_context
{
typedef struct mbedtls_poly1305_context {
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */

3
thirdparty/mbedtls/include/mbedtls/ripemd160.h vendored
View file

@ -47,8 +47,7 @@ extern "C" {
/**
* \brief RIPEMD-160 context structure
*/
typedef struct mbedtls_ripemd160_context
{
typedef struct mbedtls_ripemd160_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
thirdparty/mbedtls/include/mbedtls/rsa.h vendored
View file

@ -106,8 +106,7 @@ extern "C" {
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
typedef struct mbedtls_rsa_context {
int ver; /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without

3
thirdparty/mbedtls/include/mbedtls/sha1.h vendored
View file

@ -60,8 +60,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_sha1_context
{
typedef struct mbedtls_sha1_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */

3
thirdparty/mbedtls/include/mbedtls/sha256.h vendored
View file

@ -55,8 +55,7 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts_ret().
*/
typedef struct mbedtls_sha256_context
{
typedef struct mbedtls_sha256_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */

3
thirdparty/mbedtls/include/mbedtls/sha512.h vendored
View file

@ -54,8 +54,7 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts_ret().
*/
typedef struct mbedtls_sha512_context
{
typedef struct mbedtls_sha512_context {
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */

48
thirdparty/mbedtls/include/mbedtls/ssl.h vendored
View file

@ -54,11 +54,13 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
#warning \
"Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
#endif
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
#error \
"Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
#endif
#include "zlib.h"
@ -491,8 +493,7 @@
#endif
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret
{
union mbedtls_ssl_premaster_secret {
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
@ -533,8 +534,7 @@ extern "C" {
/*
* SSL state machine
*/
typedef enum
{
typedef enum {
MBEDTLS_SSL_HELLO_REQUEST,
MBEDTLS_SSL_CLIENT_HELLO,
MBEDTLS_SSL_SERVER_HELLO,
@ -560,8 +560,7 @@ mbedtls_ssl_states;
/*
* The tls_prf function types.
*/
typedef enum
{
typedef enum {
MBEDTLS_SSL_TLS_PRF_NONE,
MBEDTLS_SSL_TLS_PRF_SSL3,
MBEDTLS_SSL_TLS_PRF_TLS1,
@ -948,8 +947,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
typedef uint16_t mbedtls_ssl_srtp_profile;
typedef struct mbedtls_dtls_srtp_info_t
{
typedef struct mbedtls_dtls_srtp_info_t {
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
/*! The length of mki_value. */
@ -972,8 +970,7 @@ mbedtls_dtls_srtp_info;
* mbedtls_ssl_session_save() and ssl_session_load()
* ssl_session_copy()
*/
struct mbedtls_ssl_session
{
struct mbedtls_ssl_session {
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@ -1018,8 +1015,7 @@ struct mbedtls_ssl_session
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
struct mbedtls_ssl_config
{
struct mbedtls_ssl_config {
/* Group items by size and reorder them to maximize usage of immediate offset access. */
/*
@ -1267,8 +1263,7 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_DTLS_SRTP */
};
struct mbedtls_ssl_context
{
struct mbedtls_ssl_context {
const mbedtls_ssl_config *conf; /*!< configuration information */
/*
@ -1549,6 +1544,10 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
* Calling mbedtls_ssl_setup again is not supported, even
* if no session is active.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param ssl SSL context
* \param conf SSL configuration to use
*
@ -3264,19 +3263,18 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_DEBUG_C)
static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
{
switch( profile )
{
switch (profile) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
default: break;
}
return( "" );
return "";
}
#endif /* MBEDTLS_DEBUG_C */
/**
@ -3986,6 +3984,10 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
* in which case the datagram of the underlying transport that is
* currently being processed might or might not contain further
* DTLS records.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*/
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);

6
thirdparty/mbedtls/include/mbedtls/ssl_cache.h vendored
View file

@ -62,8 +62,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
/**
* \brief This structure is used for storing cache entries
*/
struct mbedtls_ssl_cache_entry
{
struct mbedtls_ssl_cache_entry {
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t timestamp; /*!< entry timestamp */
#endif
@ -78,8 +77,7 @@ struct mbedtls_ssl_cache_entry
/**
* \brief Cache context
*/
struct mbedtls_ssl_cache_context
{
struct mbedtls_ssl_cache_context {
mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */

62
thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h vendored
View file

@ -385,8 +385,7 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/**
* \brief This structure is used for storing ciphersuite information
*/
struct mbedtls_ssl_ciphersuite_t
{
struct mbedtls_ssl_ciphersuite_t {
int id;
const char *name;
@ -418,18 +417,17 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
@ -437,17 +435,16 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@ -455,39 +452,36 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -495,24 +489,23 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
@ -520,31 +513,30 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */

3
thirdparty/mbedtls/include/mbedtls/ssl_cookie.h vendored
View file

@ -54,8 +54,7 @@ extern "C" {
/**
* \brief Context for the default cookie functions.
*/
typedef struct mbedtls_ssl_cookie_ctx
{
typedef struct mbedtls_ssl_cookie_ctx {
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */

118
thirdparty/mbedtls/include/mbedtls/ssl_internal.h vendored
View file

@ -234,11 +234,13 @@
#endif
#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#error \
"Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#error \
"Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
@ -331,7 +333,7 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct
static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
const uint8_t *end, size_t need)
{
return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
return (cur > end) || (need > (size_t) (end - cur));
}
/**
@ -348,7 +350,7 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
do { \
if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
{ \
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \
} \
} while (0)
@ -361,8 +363,7 @@ extern "C" {
/*
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
*/
struct mbedtls_ssl_sig_hash_set_t
{
struct mbedtls_ssl_sig_hash_set_t {
/* At the moment, we only need to remember a single suitable
* hash algorithm per signature algorithm. As long as that's
* the case - and we don't need a general lookup function -
@ -403,8 +404,7 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
*/
struct mbedtls_ssl_key_set
{
struct mbedtls_ssl_key_set {
/*! The key for client->server records. */
unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The key for server->client records. */
@ -424,8 +424,7 @@ typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
/*
* This structure contains the parameters only needed during handshake.
*/
struct mbedtls_ssl_handshake_params
{
struct mbedtls_ssl_handshake_params {
/*
* Handshake specific crypto variables
*/
@ -544,16 +543,14 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
struct
{
struct {
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
* buffers used for message buffering. */
uint8_t seen_ccs; /*!< Indicates if a CCS message has
* been seen in the current flight. */
struct mbedtls_ssl_hs_buffer
{
struct mbedtls_ssl_hs_buffer {
unsigned is_valid : 1;
unsigned is_fragmented : 1;
unsigned is_complete : 1;
@ -561,8 +558,7 @@ struct mbedtls_ssl_handshake_params
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
struct
{
struct {
unsigned char *data;
size_t len;
unsigned epoch;
@ -744,8 +740,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
* in other transformations.
*
*/
struct mbedtls_ssl_transform
{
struct mbedtls_ssl_transform {
/*
* Session specific crypto layer
*/
@ -809,10 +804,10 @@ static inline int mbedtls_ssl_transform_uses_aead(
const mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
return( transform->maclen == 0 && transform->taglen != 0 );
return transform->maclen == 0 && transform->taglen != 0;
#else
(void) transform;
return( 1 );
return 1;
#endif
}
@ -842,8 +837,7 @@ static inline int mbedtls_ssl_transform_uses_aead(
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
typedef struct
{
typedef struct {
uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
* In DTLS: The 2-byte epoch followed by
* the 6-byte sequence number.
@ -874,8 +868,7 @@ typedef struct
/*
* List of certificate + private key pairs
*/
struct mbedtls_ssl_key_cert
{
struct mbedtls_ssl_key_cert {
mbedtls_x509_crt *cert; /*!< cert */
mbedtls_pk_context *key; /*!< private key */
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
@ -886,8 +879,7 @@ struct mbedtls_ssl_key_cert
/*
* List of handshake messages kept around for resending
*/
struct mbedtls_ssl_flight_item
{
struct mbedtls_ssl_flight_item {
unsigned char *p; /*!< message, including handshake headers */
size_t len; /*!< length of p */
unsigned char type; /*!< type of the message: handshake or CCS */
@ -1073,26 +1065,19 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
const unsigned char **psk, size_t *psk_len)
{
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
{
if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
}
else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
{
} else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
}
else
{
} else {
*psk = NULL;
*psk_len = 0;
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
return( 0 );
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1106,13 +1091,15 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
const mbedtls_ssl_context *ssl)
{
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
return( ssl->handshake->psk_opaque );
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
return ssl->handshake->psk_opaque;
}
if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
return( ssl->conf->psk_opaque );
if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
return ssl->conf->psk_opaque;
}
return( MBEDTLS_SVC_KEY_ID_INIT );
return MBEDTLS_SVC_KEY_ID_INIT;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -1146,8 +1133,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
(const uint16_t srtp_profile_value)
{
switch( srtp_profile_value )
{
switch (srtp_profile_value) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
@ -1155,7 +1141,7 @@ static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
return srtp_profile_value;
default: break;
}
return( MBEDTLS_TLS_SRTP_UNSET );
return MBEDTLS_TLS_SRTP_UNSET;
}
#endif
@ -1164,24 +1150,26 @@ static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl
{
mbedtls_ssl_key_cert *key_cert;
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
else
} else {
key_cert = ssl->conf->key_cert;
}
return( key_cert == NULL ? NULL : key_cert->key );
return key_cert == NULL ? NULL : key_cert->key;
}
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
else
} else {
key_cert = ssl->conf->key_cert;
}
return( key_cert == NULL ? NULL : key_cert->cert );
return key_cert == NULL ? NULL : key_cert->cert;
}
/*
@ -1212,31 +1200,30 @@ static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
return( 13 );
}
else
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 13;
} else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
return( 5 );
return 5;
}
}
static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
{
return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
return (size_t) (ssl->out_iv - ssl->out_hdr);
}
static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 12 );
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 12;
}
#else
((void) ssl);
#endif
return( 4 );
return 4;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1299,12 +1286,13 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 2;
}
#else
((void) ssl);
#endif
return( 0 );
return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)

6
thirdparty/mbedtls/include/mbedtls/ssl_ticket.h vendored
View file

@ -48,8 +48,7 @@ extern "C" {
/**
* \brief Information for session ticket protection
*/
typedef struct mbedtls_ssl_ticket_key
{
typedef struct mbedtls_ssl_ticket_key {
unsigned char name[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
@ -59,8 +58,7 @@ mbedtls_ssl_ticket_key;
/**
* \brief Context for session ticket handling functions
*/
typedef struct mbedtls_ssl_ticket_context
{
typedef struct mbedtls_ssl_ticket_context {
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */

3
thirdparty/mbedtls/include/mbedtls/threading.h vendored
View file

@ -46,8 +46,7 @@ extern "C" {
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t mutex;
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public

6
thirdparty/mbedtls/include/mbedtls/timing.h vendored
View file

@ -41,16 +41,14 @@ extern "C" {
/**
* \brief timer structure
*/
struct mbedtls_timing_hr_time
{
struct mbedtls_timing_hr_time {
unsigned char opaque[32];
};
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
typedef struct mbedtls_timing_delay_context
{
typedef struct mbedtls_timing_delay_context {
struct mbedtls_timing_hr_time timer;
uint32_t int_ms;
uint32_t fin_ms;

8
thirdparty/mbedtls/include/mbedtls/version.h vendored
View file

@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
#define MBEDTLS_VERSION_PATCH 2
#define MBEDTLS_VERSION_PATCH 3
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x021C0200
#define MBEDTLS_VERSION_STRING "2.28.2"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.2"
#define MBEDTLS_VERSION_NUMBER 0x021C0300
#define MBEDTLS_VERSION_STRING "2.28.3"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.3"
#if defined(MBEDTLS_VERSION_C)

5
thirdparty/mbedtls/include/mbedtls/x509.h vendored
View file

@ -247,8 +247,7 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
typedef struct mbedtls_x509_time {
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
}
@ -367,7 +366,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if (ret < 0 || (size_t) ret >= n) \
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
\
n -= (size_t) ret; \
p += (size_t) ret; \

18
thirdparty/mbedtls/include/mbedtls/x509_crl.h vendored
View file

@ -47,8 +47,7 @@ extern "C" {
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct mbedtls_x509_crl_entry
{
typedef struct mbedtls_x509_crl_entry {
mbedtls_x509_buf raw;
mbedtls_x509_buf serial;
@ -65,8 +64,7 @@ mbedtls_x509_crl_entry;
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct mbedtls_x509_crl
{
typedef struct mbedtls_x509_crl {
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
@ -97,6 +95,10 @@ mbedtls_x509_crl;
/**
* \brief Parse a DER-encoded CRL and append it to the chained list
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in DER format
* \param buflen size of the buffer
@ -111,6 +113,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
*
* \note Multiple CRLs are accepted only if using PEM format
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in PEM or DER format
* \param buflen size of the buffer
@ -126,6 +132,10 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
*
* \note Multiple CRLs are accepted only if using PEM format
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain points to the start of the chain
* \param path filename to read the CRLs from (in PEM or DER encoding)
*

47
thirdparty/mbedtls/include/mbedtls/x509_crt.h vendored
View file

@ -49,8 +49,7 @@ extern "C" {
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct mbedtls_x509_crt
{
typedef struct mbedtls_x509_crt {
int own_buffer; /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
@ -104,24 +103,21 @@ mbedtls_x509_crt;
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
typedef struct mbedtls_x509_san_other_name
{
typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as defined in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
union
{
union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
struct
{
struct {
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
@ -134,8 +130,7 @@ mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name, according to type
*/
typedef struct mbedtls_x509_subject_alternative_name
{
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
@ -156,8 +151,7 @@ mbedtls_x509_subject_alternative_name;
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
typedef struct mbedtls_x509_crt_profile
{
typedef struct mbedtls_x509_crt_profile {
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
@ -181,8 +175,7 @@ mbedtls_x509_crt_profile;
/**
* Container for writing a certificate (CRT)
*/
typedef struct mbedtls_x509write_cert
{
typedef struct mbedtls_x509write_cert {
int version;
mbedtls_mpi serial;
mbedtls_pk_context *subject_key;
@ -212,8 +205,7 @@ typedef struct {
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
typedef struct
{
typedef struct {
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len;
@ -231,8 +223,7 @@ typedef struct
/**
* \brief Context for resuming X.509 verify operations
*/
typedef struct
{
typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx pk;
@ -292,6 +283,10 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@ -353,6 +348,10 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@ -403,6 +402,10 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
* temporary ownership of the CRT buffer until the CRT
* is destroyed.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@ -443,6 +446,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
* long as the certificates are enclosed in the PEM specific
* '-----{BEGIN/END} CERTIFICATE-----' delimiters.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The chain to which to add the parsed certificates.
* \param buf The buffer holding the certificate data in PEM or DER format.
* For certificates in PEM encoding, this may be a concatenation
@ -467,6 +474,10 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*

14
thirdparty/mbedtls/include/mbedtls/x509_csr.h vendored
View file

@ -46,8 +46,7 @@ extern "C" {
/**
* Certificate Signing Request (CSR) structure.
*/
typedef struct mbedtls_x509_csr
{
typedef struct mbedtls_x509_csr {
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
@ -69,8 +68,7 @@ mbedtls_x509_csr;
/**
* Container for writing a CSR
*/
typedef struct mbedtls_x509write_csr
{
typedef struct mbedtls_x509write_csr {
mbedtls_pk_context *key;
mbedtls_asn1_named_data *subject;
mbedtls_md_type_t md_alg;
@ -84,6 +82,10 @@ mbedtls_x509write_csr;
*
* \note CSR attributes (if any) are currently silently ignored.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
@ -98,6 +100,10 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
*
* \note See notes for \c mbedtls_x509_csr_parse_der()
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer

3
thirdparty/mbedtls/include/mbedtls/xtea.h vendored
View file

@ -52,8 +52,7 @@ extern "C" {
/**
* \brief XTEA context structure
*/
typedef struct mbedtls_xtea_context
{
typedef struct mbedtls_xtea_context {
uint32_t k[4]; /*!< key */
}
mbedtls_xtea_context;

626
thirdparty/mbedtls/library/aes.c vendored
View file

File diff suppressed because it is too large Load diff

476
thirdparty/mbedtls/library/aesni.c vendored
View file

@ -18,29 +18,32 @@
*/
/*
* [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
* [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
* [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encryption-standard-aes-instructions-set.html
* [CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode.html
*/
#include "common.h"
#if defined(MBEDTLS_AESNI_C)
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
#include "mbedtls/aesni.h"
#include <string.h>
/* *INDENT-OFF* */
#ifndef asm
#define asm __asm
#endif
/* *INDENT-ON* */
#if defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#if MBEDTLS_AESNI_HAVE_CODE == 2
#if !defined(_WIN32)
#include <cpuid.h>
#endif
#include <immintrin.h>
#endif
/*
* AES-NI support detection routine
@ -50,19 +53,356 @@ int mbedtls_aesni_has_support( unsigned int what )
static int done = 0;
static unsigned int c = 0;
if( ! done )
{
if (!done) {
#if MBEDTLS_AESNI_HAVE_CODE == 2
static unsigned info[4] = { 0, 0, 0, 0 };
#if defined(_MSC_VER)
__cpuid(info, 1);
#else
__cpuid(1, info[0], info[1], info[2], info[3]);
#endif
c = info[2];
#else /* AESNI using asm */
asm ("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
:
: "eax", "ebx", "edx");
#endif /* MBEDTLS_AESNI_HAVE_CODE */
done = 1;
}
return( ( c & what ) != 0 );
return (c & what) != 0;
}
#if MBEDTLS_AESNI_HAVE_CODE == 2
/*
* AES-NI AES-ECB block en(de)cryption
*/
int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16])
{
const __m128i *rk = (const __m128i *) (ctx->rk);
unsigned nr = ctx->nr; // Number of remaining rounds
// Load round key 0
__m128i state;
memcpy(&state, input, 16);
state = _mm_xor_si128(state, rk[0]); // state ^= *rk;
++rk;
--nr;
if (mode == 0) {
while (nr != 0) {
state = _mm_aesdec_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesdeclast_si128(state, *rk);
} else {
while (nr != 0) {
state = _mm_aesenc_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesenclast_si128(state, *rk);
}
memcpy(output, &state, 16);
return 0;
}
/*
* GCM multiplication: c = a times b in GF(2^128)
* Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
*/
static void gcm_clmul(const __m128i aa, const __m128i bb,
__m128i *cc, __m128i *dd)
{
/*
* Caryless multiplication dd:cc = aa * bb
* using [CLMUL-WP] algorithm 1 (p. 12).
*/
*cc = _mm_clmulepi64_si128(aa, bb, 0x00); // a0*b0 = c1:c0
*dd = _mm_clmulepi64_si128(aa, bb, 0x11); // a1*b1 = d1:d0
__m128i ee = _mm_clmulepi64_si128(aa, bb, 0x10); // a0*b1 = e1:e0
__m128i ff = _mm_clmulepi64_si128(aa, bb, 0x01); // a1*b0 = f1:f0
ff = _mm_xor_si128(ff, ee); // e1+f1:e0+f0
ee = ff; // e1+f1:e0+f0
ff = _mm_srli_si128(ff, 8); // 0:e1+f1
ee = _mm_slli_si128(ee, 8); // e0+f0:0
*dd = _mm_xor_si128(*dd, ff); // d1:d0+e1+f1
*cc = _mm_xor_si128(*cc, ee); // c1+e0+f0:c0
}
static void gcm_shift(__m128i *cc, __m128i *dd)
{
/* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 18). */
// // *cc = r1:r0
// // *dd = r3:r2
__m128i cc_lo = _mm_slli_epi64(*cc, 1); // r1<<1:r0<<1
__m128i dd_lo = _mm_slli_epi64(*dd, 1); // r3<<1:r2<<1
__m128i cc_hi = _mm_srli_epi64(*cc, 63); // r1>>63:r0>>63
__m128i dd_hi = _mm_srli_epi64(*dd, 63); // r3>>63:r2>>63
__m128i xmm5 = _mm_srli_si128(cc_hi, 8); // 0:r1>>63
cc_hi = _mm_slli_si128(cc_hi, 8); // r0>>63:0
dd_hi = _mm_slli_si128(dd_hi, 8); // 0:r1>>63
*cc = _mm_or_si128(cc_lo, cc_hi); // r1<<1|r0>>63:r0<<1
*dd = _mm_or_si128(_mm_or_si128(dd_lo, dd_hi), xmm5); // r3<<1|r2>>62:r2<<1|r1>>63
}
static __m128i gcm_reduce(__m128i xx)
{
// // xx = x1:x0
/* [CLMUL-WP] Algorithm 5 Step 2 */
__m128i aa = _mm_slli_epi64(xx, 63); // x1<<63:x0<<63 = stuff:a
__m128i bb = _mm_slli_epi64(xx, 62); // x1<<62:x0<<62 = stuff:b
__m128i cc = _mm_slli_epi64(xx, 57); // x1<<57:x0<<57 = stuff:c
__m128i dd = _mm_slli_si128(_mm_xor_si128(_mm_xor_si128(aa, bb), cc), 8); // a+b+c:0
return _mm_xor_si128(dd, xx); // x1+a+b+c:x0 = d:x0
}
static __m128i gcm_mix(__m128i dx)
{
/* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */
__m128i ee = _mm_srli_epi64(dx, 1); // e1:x0>>1 = e1:e0'
__m128i ff = _mm_srli_epi64(dx, 2); // f1:x0>>2 = f1:f0'
__m128i gg = _mm_srli_epi64(dx, 7); // g1:x0>>7 = g1:g0'
// e0'+f0'+g0' is almost e0+f0+g0, except for some missing
// bits carried from d. Now get those bits back in.
__m128i eh = _mm_slli_epi64(dx, 63); // d<<63:stuff
__m128i fh = _mm_slli_epi64(dx, 62); // d<<62:stuff
__m128i gh = _mm_slli_epi64(dx, 57); // d<<57:stuff
__m128i hh = _mm_srli_si128(_mm_xor_si128(_mm_xor_si128(eh, fh), gh), 8); // 0:missing bits of d
return _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(ee, ff), gg), hh), dx);
}
void mbedtls_aesni_gcm_mult(unsigned char c[16],
const unsigned char a[16],
const unsigned char b[16])
{
__m128i aa, bb, cc, dd;
/* The inputs are in big-endian order, so byte-reverse them */
for (size_t i = 0; i < 16; i++) {
((uint8_t *) &aa)[i] = a[15 - i];
((uint8_t *) &bb)[i] = b[15 - i];
}
gcm_clmul(aa, bb, &cc, &dd);
gcm_shift(&cc, &dd);
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
* using [CLMUL-WP] algorithm 5 (p. 18).
* Currently dd:cc holds x3:x2:x1:x0 (already shifted).
*/
__m128i dx = gcm_reduce(cc);
__m128i xh = gcm_mix(dx);
cc = _mm_xor_si128(xh, dd); // x3+h1:x2+h0
/* Now byte-reverse the outputs */
for (size_t i = 0; i < 16; i++) {
c[i] = ((uint8_t *) &cc)[15 - i];
}
return;
}
/*
* Compute decryption round keys from encryption round keys
*/
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey, int nr)
{
__m128i *ik = (__m128i *) invkey;
const __m128i *fk = (const __m128i *) fwdkey + nr;
*ik = *fk;
for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) {
*ik = _mm_aesimc_si128(*fk);
}
*ik = *fk;
}
/*
* Key expansion, 128-bit case
*/
static __m128i aesni_set_rk_128(__m128i state, __m128i xword)
{
/*
* Finish generating the next round key.
*
* On entry state is r3:r2:r1:r0 and xword is X:stuff:stuff:stuff
* with X = rot( sub( r3 ) ) ^ RCON (obtained with AESKEYGENASSIST).
*
* On exit, xword is r7:r6:r5:r4
* with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
* and this is returned, to be written to the round key buffer.
*/
xword = _mm_shuffle_epi32(xword, 0xff); // X:X:X:X
xword = _mm_xor_si128(xword, state); // X+r3:X+r2:X+r1:r4
state = _mm_slli_si128(state, 4); // r2:r1:r0:0
xword = _mm_xor_si128(xword, state); // X+r3+r2:X+r2+r1:r5:r4
state = _mm_slli_si128(state, 4); // r1:r0:0:0
xword = _mm_xor_si128(xword, state); // X+r3+r2+r1:r6:r5:r4
state = _mm_slli_si128(state, 4); // r0:0:0:0
state = _mm_xor_si128(xword, state); // r7:r6:r5:r4
return state;
}
static void aesni_setkey_enc_128(unsigned char *rk_bytes,
const unsigned char *key)
{
__m128i *rk = (__m128i *) rk_bytes;
memcpy(&rk[0], key, 16);
rk[1] = aesni_set_rk_128(rk[0], _mm_aeskeygenassist_si128(rk[0], 0x01));
rk[2] = aesni_set_rk_128(rk[1], _mm_aeskeygenassist_si128(rk[1], 0x02));
rk[3] = aesni_set_rk_128(rk[2], _mm_aeskeygenassist_si128(rk[2], 0x04));
rk[4] = aesni_set_rk_128(rk[3], _mm_aeskeygenassist_si128(rk[3], 0x08));
rk[5] = aesni_set_rk_128(rk[4], _mm_aeskeygenassist_si128(rk[4], 0x10));
rk[6] = aesni_set_rk_128(rk[5], _mm_aeskeygenassist_si128(rk[5], 0x20));
rk[7] = aesni_set_rk_128(rk[6], _mm_aeskeygenassist_si128(rk[6], 0x40));
rk[8] = aesni_set_rk_128(rk[7], _mm_aeskeygenassist_si128(rk[7], 0x80));
rk[9] = aesni_set_rk_128(rk[8], _mm_aeskeygenassist_si128(rk[8], 0x1B));
rk[10] = aesni_set_rk_128(rk[9], _mm_aeskeygenassist_si128(rk[9], 0x36));
}
/*
* Key expansion, 192-bit case
*/
static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
unsigned char *rk)
{
/*
* Finish generating the next 6 quarter-keys.
*
* On entry state0 is r3:r2:r1:r0, state1 is stuff:stuff:r5:r4
* and xword is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON
* (obtained with AESKEYGENASSIST).
*
* On exit, state0 is r9:r8:r7:r6 and state1 is stuff:stuff:r11:r10
* and those are written to the round key buffer.
*/
xword = _mm_shuffle_epi32(xword, 0x55); // X:X:X:X
xword = _mm_xor_si128(xword, *state0); // X+r3:X+r2:X+r1:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r2:r1:r0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2:X+r2+r1:X+r1+r0:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r1:r0:0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1:X+r2+r1+r0:X+r1+r0:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r0:0:0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1+r0:X+r2+r1+r0:X+r1+r0:X+r0
*state0 = xword; // = r9:r8:r7:r6
xword = _mm_shuffle_epi32(xword, 0xff); // r9:r9:r9:r9
xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5:r9+r4
*state1 = _mm_slli_si128(*state1, 4); // stuff:stuff:r4:0
xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5+r4:r9+r4
*state1 = xword; // = stuff:stuff:r11:r10
/* Store state0 and the low half of state1 into rk, which is conceptually
* an array of 24-byte elements. Since 24 is not a multiple of 16,
* rk is not necessarily aligned so just `*rk = *state0` doesn't work. */
memcpy(rk, state0, 16);
memcpy(rk + 16, state1, 8);
}
static void aesni_setkey_enc_192(unsigned char *rk,
const unsigned char *key)
{
/* First round: use original key */
memcpy(rk, key, 24);
/* aes.c guarantees that rk is aligned on a 16-byte boundary. */
__m128i state0 = ((__m128i *) rk)[0];
__m128i state1 = _mm_loadl_epi64(((__m128i *) rk) + 1);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x01), rk + 24 * 1);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x02), rk + 24 * 2);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x04), rk + 24 * 3);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x08), rk + 24 * 4);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x10), rk + 24 * 5);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x20), rk + 24 * 6);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
}
/*
* Key expansion, 256-bit case
*/
static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
__m128i *rk0, __m128i *rk1)
{
/*
* Finish generating the next two round keys.
*
* On entry state0 is r3:r2:r1:r0, state1 is r7:r6:r5:r4 and
* xword is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
* (obtained with AESKEYGENASSIST).
*
* On exit, *rk0 is r11:r10:r9:r8 and *rk1 is r15:r14:r13:r12
*/
xword = _mm_shuffle_epi32(xword, 0xff);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
state0 = _mm_xor_si128(state0, xword);
*rk0 = state0;
/* Set xword to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
xword = _mm_aeskeygenassist_si128(state0, 0x00);
xword = _mm_shuffle_epi32(xword, 0xaa);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
state1 = _mm_xor_si128(state1, xword);
*rk1 = state1;
}
static void aesni_setkey_enc_256(unsigned char *rk_bytes,
const unsigned char *key)
{
__m128i *rk = (__m128i *) rk_bytes;
memcpy(&rk[0], key, 16);
memcpy(&rk[1], key + 16, 16);
/*
* Main "loop" - Generating one more key than necessary,
* see definition of mbedtls_aes_context.buf
*/
aesni_set_rk_256(rk[0], rk[1], _mm_aeskeygenassist_si128(rk[1], 0x01), &rk[2], &rk[3]);
aesni_set_rk_256(rk[2], rk[3], _mm_aeskeygenassist_si128(rk[3], 0x02), &rk[4], &rk[5]);
aesni_set_rk_256(rk[4], rk[5], _mm_aeskeygenassist_si128(rk[5], 0x04), &rk[6], &rk[7]);
aesni_set_rk_256(rk[6], rk[7], _mm_aeskeygenassist_si128(rk[7], 0x08), &rk[8], &rk[9]);
aesni_set_rk_256(rk[8], rk[9], _mm_aeskeygenassist_si128(rk[9], 0x10), &rk[10], &rk[11]);
aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
}
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning \
"MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
/*
* Binutils needs to be at least 2.19 to support AES-NI instructions.
* Unfortunately, a lot of users have a lower version now (2014-04).
@ -73,13 +413,13 @@ int mbedtls_aesni_has_support( unsigned int what )
* Operand macros are in gas order (src, dst) as opposed to Intel order
* (dst, src) in order to blend better into the surrounding assembly code.
*/
#define AESDEC ".byte 0x66,0x0F,0x38,0xDE,"
#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF,"
#define AESENC ".byte 0x66,0x0F,0x38,0xDC,"
#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD,"
#define AESIMC ".byte 0x66,0x0F,0x38,0xDB,"
#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF,"
#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44,"
#define AESDEC(regs) ".byte 0x66,0x0F,0x38,0xDE," regs "\n\t"
#define AESDECLAST(regs) ".byte 0x66,0x0F,0x38,0xDF," regs "\n\t"
#define AESENC(regs) ".byte 0x66,0x0F,0x38,0xDC," regs "\n\t"
#define AESENCLAST(regs) ".byte 0x66,0x0F,0x38,0xDD," regs "\n\t"
#define AESIMC(regs) ".byte 0x66,0x0F,0x38,0xDB," regs "\n\t"
#define AESKEYGENA(regs, imm) ".byte 0x66,0x0F,0x3A,0xDF," regs "," imm "\n\t"
#define PCLMULQDQ(regs, imm) ".byte 0x66,0x0F,0x3A,0x44," regs "," imm "\n\t"
#define xmm0_xmm0 "0xC0"
#define xmm0_xmm1 "0xC8"
@ -107,22 +447,22 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
AESENC(xmm1_xmm0) // do round
"add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST xmm1_xmm0 "\n\t" // last round
AESENCLAST(xmm1_xmm0) // last round
"jmp 3f \n\t"
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
AESDEC(xmm1_xmm0) // do round
"add $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST xmm1_xmm0 "\n\t" // last round
AESDECLAST(xmm1_xmm0) // last round
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
@ -131,7 +471,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
: "memory", "cc", "xmm0", "xmm1");
return( 0 );
return 0;
}
/*
@ -146,8 +486,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
size_t i;
/* The inputs are in big-endian order, so byte-reverse them */
for( i = 0; i < 16; i++ )
{
for (i = 0; i < 16; i++) {
aa[i] = a[15 - i];
bb[i] = b[15 - i];
}
@ -157,15 +496,15 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
/*
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
* using [CLMUL-WP] algorithm 1 (p. 13).
* using [CLMUL-WP] algorithm 1 (p. 12).
*/
"movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
"movdqa %%xmm1, %%xmm3 \n\t" // same
"movdqa %%xmm1, %%xmm4 \n\t" // same
PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0
PCLMULQDQ(xmm0_xmm2, "0x11") // a1*b1 = d1:d0
PCLMULQDQ(xmm0_xmm3, "0x10") // a0*b1 = e1:e0
PCLMULQDQ(xmm0_xmm4, "0x01") // a1*b0 = f1:f0
"pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
"movdqa %%xmm4, %%xmm3 \n\t" // same
"psrldq $8, %%xmm4 \n\t" // 0:e1+f1
@ -175,7 +514,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
/*
* Now shift the result one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
* taking advantage of [CLMUL-WP] eq 27 (p. 18)
*/
"movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
"movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
@ -193,7 +532,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
* using [CLMUL-WP] algorithm 5 (p. 20).
* using [CLMUL-WP] algorithm 5 (p. 18).
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
@ -240,8 +579,9 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
/* Now byte-reverse the outputs */
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
c[i] = cc[15 - i];
}
return;
}
@ -257,13 +597,14 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey,
memcpy(ik, fk, 16);
for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
asm ("movdqu (%0), %%xmm0 \n\t"
AESIMC xmm0_xmm0 "\n\t"
AESIMC(xmm0_xmm0)
"movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0");
}
memcpy(ik, fk, 16);
}
@ -303,16 +644,16 @@ static void aesni_setkey_enc_128( unsigned char *rk,
/* Main "loop" */
"2: \n\t"
AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x01") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x02") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x04") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x08") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x10") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x20") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x40") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x80") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x1B") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
@ -361,14 +702,14 @@ static void aesni_setkey_enc_192( unsigned char *rk,
"ret \n\t"
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x80") "call 1b \n\t"
:
: "r" (rk), "r" (key)
@ -411,7 +752,7 @@ static void aesni_setkey_enc_256( unsigned char *rk,
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
AESKEYGENA(xmm0_xmm2, "0x00")
"pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
@ -429,18 +770,20 @@ static void aesni_setkey_enc_256( unsigned char *rk,
* see definition of mbedtls_aes_context.buf
*/
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
/*
* Key expansion, wrapper
*/
@ -448,17 +791,16 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
const unsigned char *key,
size_t bits)
{
switch( bits )
{
switch (bits) {
case 128: aesni_setkey_enc_128(rk, key); break;
case 192: aesni_setkey_enc_192(rk, key); break;
case 256: aesni_setkey_enc_256(rk, key); break;
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */

38
thirdparty/mbedtls/library/arc4.c vendored
View file

@ -42,8 +42,9 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
void mbedtls_arc4_free(mbedtls_arc4_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_arc4_context));
}
@ -62,14 +63,16 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
ctx->y = 0;
m = ctx->m;
for( i = 0; i < 256; i++ )
for (i = 0; i < 256; i++) {
m[i] = (unsigned char) i;
}
j = k = 0;
for( i = 0; i < 256; i++, k++ )
{
if( k >= keylen ) k = 0;
for (i = 0; i < 256; i++, k++) {
if (k >= keylen) {
k = 0;
}
a = m[i];
j = (j + a + key[k]) & 0xFF;
@ -92,8 +95,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
y = ctx->y;
m = ctx->m;
for( i = 0; i < length; i++ )
{
for (i = 0; i < length; i++) {
x = (x + 1) & 0xFF; a = m[x];
y = (y + a) & 0xFF; b = m[y];
@ -107,7 +109,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
ctx->x = x;
ctx->y = y;
return( 0 );
return 0;
}
#endif /* !MBEDTLS_ARC4_ALT */
@ -151,36 +153,38 @@ int mbedtls_arc4_self_test( int verbose )
mbedtls_arc4_init(&ctx);
for( i = 0; i < 3; i++ )
{
if( verbose != 0 )
for (i = 0; i < 3; i++) {
if (verbose != 0) {
mbedtls_printf(" ARC4 test #%d: ", i + 1);
}
memcpy(ibuf, arc4_test_pt[i], 8);
mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8);
mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf);
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
{
if( verbose != 0 )
if (memcmp(obuf, arc4_test_ct[i], 8) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
exit:
mbedtls_arc4_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

174
thirdparty/mbedtls/library/aria.c vendored
View file

@ -61,7 +61,7 @@ static inline uint32_t aria_p1( uint32_t x )
{
uint32_t r;
__asm("rev16 %0, %1" : "=l" (r) : "l" (x));
return( r );
return r;
}
#define ARIA_P1 aria_p1
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
@ -70,7 +70,7 @@ static inline uint32_t aria_p1( uint32_t x )
{
uint32_t r;
__asm("rev16 r, x");
return( r );
return r;
}
#define ARIA_P1 aria_p1
#endif
@ -112,7 +112,7 @@ static inline uint32_t aria_p3( uint32_t x )
{
uint32_t r;
__asm("rev %0, %1" : "=l" (r) : "l" (x));
return( r );
return r;
}
#define ARIA_P3 aria_p3
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
@ -121,7 +121,7 @@ static inline uint32_t aria_p3( uint32_t x )
{
uint32_t r;
__asm("rev r, x");
return( r );
return r;
}
#define ARIA_P3 aria_p3
#endif
@ -131,7 +131,7 @@ static inline uint32_t aria_p3( uint32_t x )
static inline uint32_t aria_p3(uint32_t x)
{
__asm("bswap %0" : "=r" (x) : "0" (x));
return( x );
return x;
}
#define ARIA_P3 aria_p3
#endif /* x86 gnuc */
@ -387,8 +387,7 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4],
j = (n / 32) % 4; // initial word offset
t = ARIA_P3(b[j]); // big endian
for( i = 0; i < 4; i++ )
{
for (i = 0; i < 4; i++) {
j = (j + 1) % 4; // get next word, big endian
u = ARIA_P3(b[j]);
t <<= n1; // rotate
@ -418,8 +417,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(ctx != NULL);
ARIA_VALIDATE_RET(key != NULL);
if( keybits != 128 && keybits != 192 && keybits != 256 )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (keybits != 128 && keybits != 192 && keybits != 256) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
/* Copy key to W0 (and potential remainder to W1) */
w[0][0] = MBEDTLS_GET_UINT32_LE(key, 0);
@ -428,13 +428,11 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12);
memset(w[1], 0, 16);
if( keybits >= 192 )
{
if (keybits >= 192) {
w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16); // 192 bit key
w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20);
}
if( keybits == 256 )
{
if (keybits == 256) {
w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24); // 256 bit key
w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28);
}
@ -448,8 +446,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
i = i < 2 ? i + 1 : 0;
aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1
for( i = 0; i < 4; i++ ) // create round keys
{
for (i = 0; i < 4; i++) { // create round keys
w2 = w[(i + 1) & 3];
aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);
aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31);
@ -461,7 +458,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
/* w holds enough info to reconstruct the round keys */
mbedtls_platform_zeroize(w, sizeof(w));
return( 0 );
return 0;
}
/*
@ -475,14 +472,13 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(key != NULL);
ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
/* flip the order of round keys */
for( i = 0, j = ctx->nr; i < j; i++, j-- )
{
for( k = 0; k < 4; k++ )
{
for (i = 0, j = ctx->nr; i < j; i++, j--) {
for (k = 0; k < 4; k++) {
uint32_t t = ctx->rk[i][k];
ctx->rk[i][k] = ctx->rk[j][k];
ctx->rk[j][k] = t;
@ -490,13 +486,12 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
}
/* apply affine transform to middle keys */
for( i = 1; i < ctx->nr; i++ )
{
for (i = 1; i < ctx->nr; i++) {
aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
&ctx->rk[i][2], &ctx->rk[i][3]);
}
return( 0 );
return 0;
}
/*
@ -519,8 +514,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
d = MBEDTLS_GET_UINT32_LE(input, 12);
i = 0;
while( 1 )
{
while (1) {
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
c ^= ctx->rk[i][2];
@ -537,8 +531,9 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
i++;
aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
if( i >= ctx->nr )
if (i >= ctx->nr) {
break;
}
aria_a(&a, &b, &c, &d);
}
@ -553,7 +548,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
MBEDTLS_PUT_UINT32_LE(c, output, 8);
MBEDTLS_PUT_UINT32_LE(d, output, 12);
return( 0 );
return 0;
}
/* Initialize context */
@ -566,8 +561,9 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx )
/* Clear context */
void mbedtls_aria_free(mbedtls_aria_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context));
}
@ -593,18 +589,18 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(length == 0 || output != NULL);
ARIA_VALIDATE_RET(iv != NULL);
if( length % MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
if (length % MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
mbedtls_aria_crypt_ecb(ctx, input, output);
for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE);
@ -612,13 +608,11 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
output += MBEDTLS_ARIA_BLOCKSIZE;
length -= MBEDTLS_ARIA_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_aria_crypt_ecb(ctx, output, output);
memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE);
@ -629,7 +623,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -661,15 +655,15 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, iv, iv);
}
c = *input++;
*output++ = c ^ iv[n];
@ -677,13 +671,11 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -693,7 +685,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -723,19 +715,21 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, nonce_counter,
stream_block);
for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -744,7 +738,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_ARIA_ALT */
@ -920,11 +914,11 @@ int mbedtls_aria_self_test( int verbose )
/*
* Test set 1
*/
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* test ECB encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);
mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk);
ARIA_SELF_TEST_ASSERT(
@ -932,26 +926,28 @@ int mbedtls_aria_self_test( int verbose )
!= 0);
/* test ECB decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
ARIA_SELF_TEST_ASSERT(
memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
!= 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
/*
* Test set 2
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CBC encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0x55, sizeof(buf));
@ -961,8 +957,9 @@ int mbedtls_aria_self_test( int verbose )
!= 0);
/* Test CBC decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0xAA, sizeof(buf));
@ -970,17 +967,18 @@ int mbedtls_aria_self_test( int verbose )
aria_test2_cbc_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CFB encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0x55, sizeof(buf));
@ -990,8 +988,9 @@ int mbedtls_aria_self_test( int verbose )
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);
/* Test CFB decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0xAA, sizeof(buf));
@ -1000,16 +999,17 @@ int mbedtls_aria_self_test( int verbose )
iv, aria_test2_cfb_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CTR encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
memset(buf, 0x55, sizeof(buf));
@ -1019,8 +1019,9 @@ int mbedtls_aria_self_test( int verbose )
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);
/* Test CTR decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
memset(buf, 0xAA, sizeof(buf));
@ -1029,15 +1030,16 @@ int mbedtls_aria_self_test( int verbose )
aria_test2_ctr_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
mbedtls_aria_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

263
thirdparty/mbedtls/library/asn1parse.c vendored
View file

@ -40,34 +40,36 @@ int mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
size_t *len)
{
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
if( ( **p & 0x80 ) == 0 )
if ((**p & 0x80) == 0) {
*len = *(*p)++;
else
{
switch( **p & 0x7F )
{
} else {
switch (**p & 0x7F) {
case 1:
if( ( end - *p ) < 2 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 2) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = (*p)[1];
(*p) += 2;
break;
case 2:
if( ( end - *p ) < 3 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 3) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 8) | (*p)[2];
(*p) += 3;
break;
case 3:
if( ( end - *p ) < 4 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 4) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 16) |
((size_t) (*p)[2] << 8) | (*p)[3];
@ -75,8 +77,9 @@ int mbedtls_asn1_get_len( unsigned char **p,
break;
case 4:
if( ( end - *p ) < 5 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 5) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
((size_t) (*p)[3] << 8) | (*p)[4];
@ -84,29 +87,32 @@ int mbedtls_asn1_get_len( unsigned char **p,
break;
default:
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
}
if( *len > (size_t) ( end - *p ) )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if (*len > (size_t) (end - *p)) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag)
{
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
if( **p != tag )
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if (**p != tag) {
return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
}
(*p)++;
return( mbedtls_asn1_get_len( p, end, len ) );
return mbedtls_asn1_get_len(p, end, len);
}
int mbedtls_asn1_get_bool(unsigned char **p,
@ -116,16 +122,18 @@ int mbedtls_asn1_get_bool( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) {
return ret;
}
if( len != 1 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len != 1) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
*val = (**p != 0) ? 1 : 0;
(*p)++;
return( 0 );
return 0;
}
static int asn1_get_tagged_int(unsigned char **p,
@ -135,55 +143,58 @@ static int asn1_get_tagged_int( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) {
return ret;
}
/*
* len==0 is malformed (0 must be represented as 020100 for INTEGER,
* or 0A0100 for ENUMERATED tags
*/
if( len == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len == 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
/* This is a cryptography library. Reject negative integers. */
if( ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if ((**p & 0x80) != 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
/* Skip leading zeros. */
while( len > 0 && **p == 0 )
{
while (len > 0 && **p == 0) {
++(*p);
--len;
}
/* Reject integers that don't fit in an int. This code assumes that
* the int type has no padding bit. */
if( len > sizeof( int ) )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len > sizeof(int)) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
if (len == sizeof(int) && (**p & 0x80) != 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
*val = 0;
while( len-- > 0 )
{
while (len-- > 0) {
*val = (*val << 8) | **p;
(*p)++;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_int(unsigned char **p,
const unsigned char *end,
int *val)
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val);
}
int mbedtls_asn1_get_enum(unsigned char **p,
const unsigned char *end,
int *val)
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val);
}
#if defined(MBEDTLS_BIGNUM_C)
@ -194,14 +205,15 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
return ret;
}
ret = mbedtls_mpi_read_binary(X, *p, len);
*p += len;
return( ret );
return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -211,28 +223,32 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Certificate type is a single byte bitstring */
if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
return ret;
}
/* Check length, subtract one for actual bit string length */
if( bs->len < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if (bs->len < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
bs->len -= 1;
/* Get number of unused bits, ensure unused bits <= 7 */
bs->unused_bits = **p;
if( bs->unused_bits > 7 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (bs->unused_bits > 7) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
(*p)++;
/* Get actual bitstring */
bs->p = *p;
*p += bs->len;
if( *p != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
return( 0 );
return 0;
}
/*
@ -253,38 +269,38 @@ int mbedtls_asn1_traverse_sequence_of(
/* Get main sequence tag */
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( ret );
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return ret;
}
if( *p + len != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p + len != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
while( *p < end )
{
while (*p < end) {
unsigned char const tag = *(*p)++;
if( ( tag & tag_must_mask ) != tag_must_val )
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if ((tag & tag_must_mask) != tag_must_val) {
return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
}
if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) {
return ret;
}
if( ( tag & tag_may_mask ) == tag_may_val )
{
if( cb != NULL )
{
if ((tag & tag_may_mask) == tag_may_val) {
if (cb != NULL) {
ret = cb(ctx, tag, *p, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
}
*p += len;
}
return( 0 );
return 0;
}
/*
@ -295,24 +311,26 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
return ret;
}
if( *len == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if (*len == 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
--(*len);
if( **p != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if (**p != 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
++(*p);
return( 0 );
return 0;
}
void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq)
{
while( seq != NULL )
{
while (seq != NULL) {
mbedtls_asn1_sequence *next = seq->next;
mbedtls_platform_zeroize(seq, sizeof(*seq));
mbedtls_free(seq);
@ -320,8 +338,7 @@ void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
}
}
typedef struct
{
typedef struct {
int tag;
mbedtls_asn1_sequence *cur;
} asn1_get_sequence_of_cb_ctx_t;
@ -336,13 +353,13 @@ static int asn1_get_sequence_of_cb( void *ctx,
mbedtls_asn1_sequence *cur =
cb_ctx->cur;
if( cur->buf.p != NULL )
{
if (cur->buf.p != NULL) {
cur->next =
mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
if( cur->next == NULL )
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
if (cur->next == NULL) {
return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
}
cur = cur->next;
}
@ -352,7 +369,7 @@ static int asn1_get_sequence_of_cb( void *ctx,
cur->buf.tag = tag;
cb_ctx->cur = cur;
return( 0 );
return 0;
}
/*
@ -365,9 +382,9 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
{
asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
memset(cur, 0, sizeof(mbedtls_asn1_sequence));
return( mbedtls_asn1_traverse_sequence_of(
return mbedtls_asn1_traverse_sequence_of(
p, end, 0xFF, tag, 0, 0,
asn1_get_sequence_of_cb, &cb_ctx ) );
asn1_get_sequence_of_cb, &cb_ctx);
}
int mbedtls_asn1_get_alg(unsigned char **p,
@ -378,40 +395,44 @@ int mbedtls_asn1_get_alg( unsigned char **p,
size_t len;
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( ret );
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return ret;
}
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
alg->tag = **p;
end = *p + len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) {
return ret;
}
alg->p = *p;
*p += alg->len;
if( *p == end )
{
if (*p == end) {
mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
return( 0 );
return 0;
}
params->tag = **p;
(*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_len(p, end, &params->len)) != 0) {
return ret;
}
params->p = *p;
*p += params->len;
if( *p != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_alg_null(unsigned char **p,
@ -423,19 +444,22 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
memset(&params, 0, sizeof(mbedtls_asn1_buf));
if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_alg(p, end, alg, &params)) != 0) {
return ret;
}
if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
return( 0 );
return 0;
}
void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur)
{
if( cur == NULL )
if (cur == NULL) {
return;
}
mbedtls_free(cur->oid.p);
mbedtls_free(cur->val.p);
@ -447,8 +471,7 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
{
mbedtls_asn1_named_data *cur;
while( ( cur = *head ) != NULL )
{
while ((cur = *head) != NULL) {
*head = cur->next;
mbedtls_asn1_free_named_data(cur);
mbedtls_free(cur);
@ -458,18 +481,16 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list,
const char *oid, size_t len)
{
while( list != NULL )
{
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
return( list );
return list;
}
#endif /* MBEDTLS_ASN1_PARSE_C */

222
thirdparty/mbedtls/library/asn1write.c vendored
View file

@ -30,76 +30,77 @@
int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
{
if( len < 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = (unsigned char) len;
return( 1 );
if (len < 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
if( len <= 0xFF )
{
if( *p - start < 2 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = (unsigned char) len;
return 1;
}
if (len <= 0xFF) {
if (*p - start < 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (unsigned char) len;
*--(*p) = 0x81;
return( 2 );
return 2;
}
if( len <= 0xFFFF )
{
if( *p - start < 3 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len <= 0xFFFF) {
if (*p - start < 3) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = 0x82;
return( 3 );
return 3;
}
if( len <= 0xFFFFFF )
{
if( *p - start < 4 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len <= 0xFFFFFF) {
if (*p - start < 4) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = 0x83;
return( 4 );
return 4;
}
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
len_is_valid = (len <= 0xFFFFFFFF);
#endif
if( len_is_valid )
{
if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len_is_valid) {
if (*p - start < 5) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = MBEDTLS_BYTE_3(len);
*--(*p) = 0x84;
return( 5 );
return 5;
}
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = tag;
return( 1 );
return 1;
}
int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start,
@ -107,14 +108,15 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
{
size_t len = 0;
if( *p < start || (size_t)( *p - start ) < size )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < size) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len = size;
(*p) -= len;
memcpy(*p, buf, len);
return( (int) len );
return (int) len;
}
#if defined(MBEDTLS_BIGNUM_C)
@ -129,11 +131,13 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
/* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
* as 0 digits. We need to end up with 020100, not with 0200. */
if( len == 0 )
if (len == 0) {
len = 1;
}
if( *p < start || (size_t)( *p - start ) < len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < len) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
(*p) -= len;
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len));
@ -141,10 +145,10 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
if( X->s ==1 && **p & 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (X->s == 1 && **p & 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = 0x00;
len += 1;
@ -156,7 +160,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
ret = (int) len;
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -170,7 +174,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
@ -184,7 +188,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start,
@ -194,18 +198,20 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( par_len == 0 )
if (par_len == 0) {
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
else
} else {
len += par_len;
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
@ -213,8 +219,9 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (boolean) ? 255 : 0;
len++;
@ -222,7 +229,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
return( (int) len );
return (int) len;
}
static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag)
@ -230,20 +237,19 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
do {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len += 1;
*--(*p) = val & 0xff;
val >>= 8;
}
while( val > 0 );
} while (val > 0);
if( **p & 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (**p & 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = 0x00;
len += 1;
}
@ -251,17 +257,17 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val)
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER);
}
int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val)
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED);
}
int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag,
@ -271,30 +277,32 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, i
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
(const unsigned char *) text, text_len ) );
(const unsigned char *) text,
text_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len);
}
int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text,
text_len);
}
int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len);
}
int mbedtls_asn1_write_named_bitstring(unsigned char **p,
@ -315,29 +323,30 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
* when encoding this value in the first content octet
*/
if( bits != 0 )
{
if (bits != 0) {
cur_byte = buf + byte_len - 1;
cur_byte_shifted = *cur_byte >> unused_bits;
for( ; ; )
{
for (;;) {
bit = cur_byte_shifted & 0x1;
cur_byte_shifted >>= 1;
if( bit != 0 )
if (bit != 0) {
break;
}
bits--;
if( bits == 0 )
if (bits == 0) {
break;
}
if( bits % 8 == 0 )
if (bits % 8 == 0) {
cur_byte_shifted = *--cur_byte;
}
}
}
return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
return mbedtls_asn1_write_bitstring(p, start, buf, bits);
}
int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start,
@ -350,14 +359,14 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
byte_len = (bits + 7) / 8;
unused_bits = (byte_len * 8) - bits;
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < byte_len + 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len = byte_len + 1;
/* Write the bitstring. Ensure the unused bits are zeroed */
if( byte_len > 0 )
{
if (byte_len > 0) {
byte_len--;
*--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
(*p) -= byte_len;
@ -370,7 +379,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start,
@ -384,7 +393,7 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
return( (int) len );
return (int) len;
}
@ -394,18 +403,16 @@ static mbedtls_asn1_named_data *asn1_find_named_data(
mbedtls_asn1_named_data *list,
const char *oid, size_t len)
{
while( list != NULL )
{
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
return( list );
return list;
}
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
@ -416,64 +423,59 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
{
mbedtls_asn1_named_data *cur;
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
{
if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
// Add new entry if not present yet based on OID
//
cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1,
sizeof(mbedtls_asn1_named_data));
if( cur == NULL )
return( NULL );
if (cur == NULL) {
return NULL;
}
cur->oid.len = oid_len;
cur->oid.p = mbedtls_calloc(1, oid_len);
if( cur->oid.p == NULL )
{
if (cur->oid.p == NULL) {
mbedtls_free(cur);
return( NULL );
return NULL;
}
memcpy(cur->oid.p, oid, oid_len);
cur->val.len = val_len;
if( val_len != 0 )
{
if (val_len != 0) {
cur->val.p = mbedtls_calloc(1, val_len);
if( cur->val.p == NULL )
{
if (cur->val.p == NULL) {
mbedtls_free(cur->oid.p);
mbedtls_free(cur);
return( NULL );
return NULL;
}
}
cur->next = *head;
*head = cur;
}
else if( val_len == 0 )
{
} else if (val_len == 0) {
mbedtls_free(cur->val.p);
cur->val.p = NULL;
}
else if( cur->val.len != val_len )
{
} else if (cur->val.len != val_len) {
/*
* Enlarge existing value buffer if needed
* Preserve old data until the allocation succeeded, to leave list in
* a consistent state in case allocation fails.
*/
void *p = mbedtls_calloc(1, val_len);
if( p == NULL )
return( NULL );
if (p == NULL) {
return NULL;
}
mbedtls_free(cur->val.p);
cur->val.p = p;
cur->val.len = val_len;
}
if( val != NULL && val_len != 0 )
if (val != NULL && val_len != 0) {
memcpy(cur->val.p, val, val_len);
}
return( cur );
return cur;
}
#endif /* MBEDTLS_ASN1_WRITE_C */

145
thirdparty/mbedtls/library/base64.c vendored
View file

@ -43,32 +43,28 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
int C1, C2, C3;
unsigned char *p;
if( slen == 0 )
{
if (slen == 0) {
*olen = 0;
return( 0 );
return 0;
}
n = slen / 3 + (slen % 3 != 0);
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
{
if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
*olen = BASE64_SIZE_T_MAX;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
n *= 4;
if( ( dlen < n + 1 ) || ( NULL == dst ) )
{
if ((dlen < n + 1) || (NULL == dst)) {
*olen = n + 1;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
n = (slen / 3) * 3;
for( i = 0, p = dst; i < n; i += 3 )
{
for (i = 0, p = dst; i < n; i += 3) {
C1 = *src++;
C2 = *src++;
C3 = *src++;
@ -81,8 +77,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F);
}
if( i < slen )
{
if (i < slen) {
C1 = *src++;
C2 = ((i + 1) < slen) ? *src++ : 0;
@ -90,9 +85,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
& 0x3F);
if( ( i + 1 ) < slen )
if ((i + 1) < slen) {
*p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F);
else *p++ = '=';
} else {
*p++ = '=';
}
*p++ = '=';
}
@ -100,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*olen = p - dst;
*p = 0;
return( 0 );
return 0;
}
/*
@ -118,53 +115,55 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
unsigned char *p;
/* First pass: check for validity and get output length */
for( i = n = 0; i < slen; i++ )
{
for (i = n = 0; i < slen; i++) {
/* Skip spaces before checking for EOL */
spaces_present = 0;
while( i < slen && src[i] == ' ' )
{
while (i < slen && src[i] == ' ') {
++i;
spaces_present = 1;
}
/* Spaces at end of buffer are OK */
if( i == slen )
if (i == slen) {
break;
}
if ((slen - i) >= 2 &&
src[i] == '\r' && src[i + 1] == '\n' )
src[i] == '\r' && src[i + 1] == '\n') {
continue;
}
if( src[i] == '\n' )
if (src[i] == '\n') {
continue;
}
/* Space inside a line is an error */
if( spaces_present )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] > 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] == '=' )
{
if( ++equals > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if (spaces_present) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (src[i] > 127) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (src[i] == '=') {
if (++equals > 2) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
} else {
if (equals != 0) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (mbedtls_ct_base64_dec_value(src[i]) < 0) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
else
{
if( equals != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
}
n++;
}
if( n == 0 )
{
if (n == 0) {
*olen = 0;
return( 0 );
return 0;
}
/* The following expression is to calculate the following formula without
@ -174,36 +173,39 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
n -= equals;
if( dst == NULL || dlen < n )
{
if (dst == NULL || dlen < n) {
*olen = n;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
equals = 0;
for( x = 0, p = dst; i > 0; i--, src++ )
{
if( *src == '\r' || *src == '\n' || *src == ' ' )
for (x = 0, p = dst; i > 0; i--, src++) {
if (*src == '\r' || *src == '\n' || *src == ' ') {
continue;
}
x = x << 6;
if( *src == '=' )
if (*src == '=') {
++equals;
else
} else {
x |= mbedtls_ct_base64_dec_value(*src);
}
if( ++accumulated_digits == 4 )
{
if (++accumulated_digits == 4) {
accumulated_digits = 0;
*p++ = MBEDTLS_BYTE_2(x);
if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
if (equals <= 1) {
*p++ = MBEDTLS_BYTE_1(x);
}
if (equals <= 0) {
*p++ = MBEDTLS_BYTE_0(x);
}
}
}
*olen = p - dst;
return( 0 );
return 0;
}
#if defined(MBEDTLS_SELF_TEST)
@ -233,38 +235,41 @@ int mbedtls_base64_self_test( int verbose )
const unsigned char *src;
unsigned char buffer[128];
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" Base64 encoding test: ");
}
src = base64_test_dec;
if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
if( verbose != 0 )
memcmp(base64_test_enc, buffer, 88) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
return 1;
}
if (verbose != 0) {
mbedtls_printf("passed\n Base64 decoding test: ");
}
src = base64_test_enc;
if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
{
if( verbose != 0 )
memcmp(base64_test_dec, buffer, 64) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
mbedtls_printf( "passed\n\n" );
return 1;
}
return( 0 );
if (verbose != 0) {
mbedtls_printf("passed\n\n");
}
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

1220
thirdparty/mbedtls/library/bignum.c vendored
View file

File diff suppressed because it is too large Load diff

119
thirdparty/mbedtls/library/blowfish.c vendored
View file

@ -67,7 +67,7 @@ static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
y = y ^ ctx->S[2][c];
y = y + ctx->S[3][d];
return( y );
return y;
}
static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
@ -78,8 +78,7 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
Xl = *xl;
Xr = *xr;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -107,8 +106,7 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
Xl = *xl;
Xr = *xr;
for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
{
for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -136,8 +134,9 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_blowfish_context));
}
@ -156,52 +155,47 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
keybits % 8 != 0 )
{
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
keybits % 8 != 0) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
keybits >>= 3;
for( i = 0; i < 4; i++ )
{
for( j = 0; j < 256; j++ )
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j++) {
ctx->S[i][j] = S[i][j];
}
}
j = 0;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) {
data = 0x00000000;
for( k = 0; k < 4; ++k )
{
for (k = 0; k < 4; ++k) {
data = (data << 8) | key[j++];
if( j >= keybits )
if (j >= keybits) {
j = 0;
}
}
ctx->P[i] = P[i] ^ data;
}
datal = 0x00000000;
datar = 0x00000000;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->P[i] = datal;
ctx->P[i + 1] = datar;
}
for( i = 0; i < 4; i++ )
{
for( j = 0; j < 256; j += 2 )
{
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->S[i][j] = datal;
ctx->S[i][j + 1] = datar;
}
}
return( 0 );
return 0;
}
/*
@ -222,19 +216,16 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
X0 = MBEDTLS_GET_UINT32_BE(input, 0);
X1 = MBEDTLS_GET_UINT32_BE(input, 4);
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
blowfish_dec(ctx, &X0, &X1);
}
else /* MBEDTLS_BLOWFISH_ENCRYPT */
{
} else { /* MBEDTLS_BLOWFISH_ENCRYPT */
blowfish_enc(ctx, &X0, &X1);
}
MBEDTLS_PUT_UINT32_BE(X0, output, 0);
MBEDTLS_PUT_UINT32_BE(X1, output, 4);
return( 0 );
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@ -257,18 +248,18 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || input != NULL);
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
if (length % MBEDTLS_BLOWFISH_BLOCKSIZE) {
return MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE);
mbedtls_blowfish_crypt_ecb(ctx, mode, input, output);
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE);
@ -276,13 +267,11 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_blowfish_crypt_ecb(ctx, mode, output, output);
memcpy(iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE);
@ -293,7 +282,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -321,15 +310,15 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
if( n >= 8 )
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
if (n >= 8) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
}
c = *input++;
*output++ = (unsigned char) (c ^ iv[n]);
@ -337,13 +326,11 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -353,7 +340,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /*MBEDTLS_CIPHER_MODE_CFB */
@ -379,19 +366,21 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
if( n >= 8 )
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
if (n >= 8) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
stream_block);
for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -400,7 +389,7 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */

172
thirdparty/mbedtls/library/camellia.c vendored
View file

@ -297,8 +297,9 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
}
@ -326,21 +327,22 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
memset(t, 0, 64);
memset(RK, 0, sizeof(ctx->rk));
switch( keybits )
{
switch (keybits) {
case 128: ctx->nr = 3; idx = 0; break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
for( i = 0; i < keybits / 8; ++i )
for (i = 0; i < keybits / 8; ++i) {
t[i] = key[i];
}
if (keybits == 192) {
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
t[24 + i] = ~t[16 + i];
}
}
/*
* Prepare SIGMA values
@ -357,26 +359,30 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
memset(KC, 0, sizeof(KC));
/* Store KL, KR */
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
}
/* Generate KA */
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[8 + i] = KC[i] ^ KC[4 + i];
}
camellia_feistel(KC + 8, SIGMA[0], KC + 10);
camellia_feistel(KC + 10, SIGMA[1], KC + 8);
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[8 + i] ^= KC[i];
}
camellia_feistel(KC + 8, SIGMA[2], KC + 10);
camellia_feistel(KC + 10, SIGMA[3], KC + 8);
if (keybits > 128) {
/* Generate KB */
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[12 + i] = KC[4 + i] ^ KC[8 + i];
}
camellia_feistel(KC + 12, SIGMA[4], KC + 14);
camellia_feistel(KC + 14, SIGMA[5], KC + 12);
@ -409,7 +415,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
}
}
return( 0 );
return 0;
}
/*
@ -430,8 +436,9 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
mbedtls_camellia_init(&cty);
/* Also checks keybits */
if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
goto exit;
}
ctx->nr = cty.nr;
idx = (ctx->nr == 4);
@ -444,8 +451,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
*RK++ = *SK++;
*RK++ = *SK++;
for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
{
for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
*RK++ = *SK++;
*RK++ = *SK++;
}
@ -460,7 +466,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
exit:
mbedtls_camellia_free(&cty);
return( ret );
return ret;
}
/*
@ -527,7 +533,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
return( 0 );
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@ -550,18 +556,18 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
if (length % 16) {
return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, 16);
mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 16);
@ -569,13 +575,11 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
output += 16;
length -= 16;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < 16; i++ )
} else {
while (length > 0) {
for (i = 0; i < 16; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
memcpy(iv, output, 16);
@ -586,7 +590,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -613,15 +617,15 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
if( n >= 16 )
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
if (n >= 16) {
return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
}
c = *input++;
*output++ = (unsigned char) (c ^ iv[n]);
@ -629,13 +633,11 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -645,7 +647,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -671,19 +673,21 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
if( n >= 16 )
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
if (n >= 16) {
return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
stream_block);
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = 16; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -692,7 +696,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_CAMELLIA_ALT */
@ -923,9 +927,10 @@ int mbedtls_camellia_self_test( int verbose )
u = j >> 1;
v = j & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
@ -942,33 +947,35 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
for( j = 0; j < 6; j++ )
{
for (j = 0; j < 6; j++) {
u = j >> 1;
v = j & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
memcpy(src, camellia_test_cbc_iv, 16);
memcpy(dst, camellia_test_cbc_iv, 16);
@ -994,34 +1001,36 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* CTR mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
memcpy(key, camellia_test_ctr_key[u], 16);
@ -1029,50 +1038,49 @@ int mbedtls_camellia_self_test( int verbose )
offset = 0;
mbedtls_camellia_setkey_enc(&ctx, key, 128);
if( v == MBEDTLS_CAMELLIA_DECRYPT )
{
if (v == MBEDTLS_CAMELLIA_DECRYPT) {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_ct[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
else
{
} else {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_pt[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
mbedtls_camellia_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

165
thirdparty/mbedtls/library/ccm.c vendored
View file

@ -70,24 +70,26 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
MBEDTLS_MODE_ECB);
if( cipher_info == NULL )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (cipher_info == NULL) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( cipher_info->block_size != 16 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (cipher_info->block_size != 16) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
return( ret );
if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
return ret;
}
return( 0 );
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
return 0;
}
/*
@ -95,8 +97,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
*/
void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
@ -115,7 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
y[i] ^= b[i]; \
\
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, y, 16, y, &olen)) != 0) \
return( ret );
return ret;
/*
* Encrypt or decrypt a partial block with CTR
@ -128,7 +131,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctr, \
16, b, &olen)) != 0) \
{ \
return( ret ); \
return ret; \
} \
\
for (i = 0; i < (len); i++) \
@ -161,15 +164,18 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
*
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
*/
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
/* Also implies q is within bounds */
if( iv_len < 7 || iv_len > 13 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (iv_len < 7 || iv_len > 13) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( add_len >= 0xFF00 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (add_len >= 0xFF00) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
q = 16 - 1 - (unsigned char) iv_len;
@ -192,11 +198,13 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
memcpy(b + 1, iv, iv_len);
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
for (i = 0, len_left = length; i < q; i++, len_left >>= 8) {
b[15-i] = MBEDTLS_BYTE_0(len_left);
}
if( len_left > 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (len_left > 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
/* Start CBC-MAC with first block */
@ -207,8 +215,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
if( add_len > 0 )
{
if (add_len > 0) {
size_t use_len;
len_left = add_len;
src = add;
@ -223,8 +230,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
UPDATE_CBC_MAC;
while( len_left > 0 )
{
while (len_left > 0) {
use_len = len_left > 16 ? 16 : len_left;
memset(b, 0, 16);
@ -261,12 +267,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
src = input;
dst = output;
while( len_left > 0 )
{
while (len_left > 0) {
size_t use_len = len_left > 16 ? 16 : len_left;
if( mode == CCM_ENCRYPT )
{
if (mode == CCM_ENCRYPT) {
memset(b, 0, 16);
memcpy(b, src, use_len);
UPDATE_CBC_MAC;
@ -274,8 +278,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
CTR_CRYPT(dst, src, use_len);
if( mode == CCM_DECRYPT )
{
if (mode == CCM_DECRYPT) {
memset(b, 0, 16);
memcpy(b, dst, use_len);
UPDATE_CBC_MAC;
@ -289,21 +292,24 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* Increment counter.
* No need to check for overflow thanks to the length check above.
*/
for( i = 0; i < q; i++ )
if( ++ctr[15-i] != 0 )
for (i = 0; i < q; i++) {
if (++ctr[15-i] != 0) {
break;
}
}
}
/*
* Authentication: reset counter and crypt/mask internal tag
*/
for( i = 0; i < q; i++ )
for (i = 0; i < q; i++) {
ctr[15-i] = 0;
}
CTR_CRYPT(y, y, 16);
memcpy(tag, y, tag_len);
return( 0 );
return 0;
}
/*
@ -321,8 +327,8 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || input != NULL);
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
return ccm_auth_crypt(ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len);
}
int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
@ -337,11 +343,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || input != NULL);
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
return mbedtls_ccm_star_encrypt_and_tag(ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len);
}
/*
@ -367,22 +374,21 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
return( ret );
input, output, check_tag, tag_len)) != 0) {
return ret;
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
for (diff = 0, i = 0; i < tag_len; i++) {
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}
return( 0 );
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return MBEDTLS_ERR_CCM_AUTH_FAILED;
}
return 0;
}
int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
@ -398,11 +404,12 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
return mbedtls_ccm_star_auth_decrypt(ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len);
}
#endif /* !MBEDTLS_CCM_ALT */
@ -471,18 +478,18 @@ int mbedtls_ccm_self_test( int verbose )
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
8 * sizeof key_test_data ) != 0 )
{
if( verbose != 0 )
8 * sizeof(key_test_data)) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
return( 1 );
}
for( i = 0; i < NB_TESTS; i++ )
{
if( verbose != 0 )
return 1;
}
for (i = 0; i < NB_TESTS; i++) {
if (verbose != 0) {
mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1);
}
memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN);
@ -497,12 +504,12 @@ int mbedtls_ccm_self_test( int verbose )
if (ret != 0 ||
memcmp(ciphertext, res_test_data[i],
msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
return( 1 );
return 1;
}
memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
@ -514,24 +521,26 @@ int mbedtls_ccm_self_test( int verbose )
tag_len_test_data[i]);
if (ret != 0 ||
memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
return 1;
}
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
mbedtls_ccm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

54
thirdparty/mbedtls/library/chacha20.c vendored
View file

@ -128,8 +128,9 @@ static void chacha20_block( const uint32_t initial_state[16],
initial_state,
CHACHA20_BLOCK_SIZE_BYTES);
for( i = 0U; i < 10U; i++ )
for (i = 0U; i < 10U; i++) {
chacha20_inner_block(working_state);
}
working_state[0] += initial_state[0];
working_state[1] += initial_state[1];
@ -148,8 +149,7 @@ static void chacha20_block( const uint32_t initial_state[16],
working_state[14] += initial_state[14];
working_state[15] += initial_state[15];
for( i = 0U; i < 16; i++ )
{
for (i = 0U; i < 16; i++) {
size_t offset = i * 4U;
MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
@ -171,8 +171,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
{
if( ctx != NULL )
{
if (ctx != NULL) {
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
}
}
@ -199,7 +198,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);
ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);
return( 0 );
return 0;
}
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
@ -222,7 +221,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
/* Initially, there's no keystream bytes available */
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
return( 0 );
return 0;
}
int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
@ -238,8 +237,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
CHACHA20_VALIDATE_RET(size == 0 || output != NULL);
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
output[offset] = input[offset]
^ ctx->keystream8[ctx->keystream_bytes_used];
@ -249,14 +247,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Process full blocks */
while( size >= CHACHA20_BLOCK_SIZE_BYTES )
{
while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < 64U; i += 8U )
{
for (i = 0U; i < 64U; i += 8U) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
@ -272,14 +268,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Last (partial) block */
if( size > 0U )
{
if (size > 0U) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < size; i++)
{
for (i = 0U; i < size; i++) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
@ -287,7 +281,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
return( 0 );
return 0;
}
int mbedtls_chacha20_crypt(const unsigned char key[32],
@ -308,18 +302,20 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
mbedtls_chacha20_init(&ctx);
ret = mbedtls_chacha20_setkey(&ctx, key);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chacha20_starts(&ctx, nonce, counter);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chacha20_update(&ctx, data_len, input, output);
cleanup:
mbedtls_chacha20_free(&ctx);
return( ret );
return ret;
}
#endif /* !MBEDTLS_CHACHA20_ALT */
@ -503,7 +499,7 @@ static const size_t test_lengths[2] =
if (verbose != 0) \
mbedtls_printf args; \
\
return( -1 ); \
return -1; \
} \
} \
while (0)
@ -514,10 +510,10 @@ int mbedtls_chacha20_self_test( int verbose )
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{
if( verbose != 0 )
for (i = 0U; i < 2U; i++) {
if (verbose != 0) {
mbedtls_printf(" ChaCha20 test %u ", i);
}
ret = mbedtls_chacha20_crypt(test_keys[i],
test_nonces[i],
@ -531,14 +527,16 @@ int mbedtls_chacha20_self_test( int verbose )
ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]),
("failed (output)\n"));
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

158
thirdparty/mbedtls/library/chachapoly.c vendored
View file

@ -53,14 +53,15 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
unsigned char zeroes[15];
if( partial_block_len == 0U )
return( 0 );
if (partial_block_len == 0U) {
return 0;
}
memset(zeroes, 0, sizeof(zeroes));
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
return mbedtls_poly1305_update(&ctx->poly1305_ctx,
zeroes,
16U - partial_block_len ) );
16U - partial_block_len);
}
/**
@ -73,13 +74,14 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
unsigned char zeroes[15];
if( partial_block_len == 0U )
return( 0 );
if (partial_block_len == 0U) {
return 0;
}
memset(zeroes, 0, sizeof(zeroes));
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
return mbedtls_poly1305_update(&ctx->poly1305_ctx,
zeroes,
16U - partial_block_len ) );
16U - partial_block_len);
}
void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
@ -96,8 +98,9 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_chacha20_free(&ctx->chacha20_ctx);
mbedtls_poly1305_free(&ctx->poly1305_ctx);
@ -116,7 +119,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
return( ret );
return ret;
}
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
@ -130,8 +133,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with
* counter = 0. This is the same as encrypting a buffer of zeroes.
@ -141,13 +145,13 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
memset(poly1305_key, 0, sizeof(poly1305_key));
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
poly1305_key, poly1305_key);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
if( ret == 0 )
{
if (ret == 0) {
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_AAD;
@ -156,7 +160,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
cleanup:
mbedtls_platform_zeroize(poly1305_key, 64U);
return( ret );
return ret;
}
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
@ -166,12 +170,13 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
if( ctx->state != CHACHAPOLY_STATE_AAD )
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
if (ctx->state != CHACHAPOLY_STATE_AAD) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
ctx->aad_len += aad_len;
return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
}
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
@ -185,44 +190,44 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL);
if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
(ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
ret = chachapoly_pad_aad(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
ctx->ciphertext_len += len;
if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
{
if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
else /* DECRYPT */
{
} else { /* DECRYPT */
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
return( 0 );
return 0;
}
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
@ -233,22 +238,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(mac != NULL);
if( ctx->state == CHACHAPOLY_STATE_INIT )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
if (ctx->state == CHACHAPOLY_STATE_INIT) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ret = chachapoly_pad_aad(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
{
} else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
ret = chachapoly_pad_ciphertext(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
ctx->state = CHACHAPOLY_STATE_FINISHED;
@ -260,12 +263,13 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
return( ret );
return ret;
}
static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
@ -281,21 +285,24 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_update(ctx, length, input, output);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_finish(ctx, tag);
cleanup:
return( ret );
return ret;
}
int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
@ -314,9 +321,9 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL);
CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL);
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
length, nonce, aad, aad_len,
input, output, tag ) );
input, output, tag);
}
int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
@ -341,22 +348,21 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
if ((ret = chachapoly_crypt_and_tag(ctx,
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
aad, aad_len, input, output, check_tag ) ) != 0 )
{
return( ret );
aad, aad_len, input, output, check_tag)) != 0) {
return ret;
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
}
return( 0 );
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED;
}
return 0;
}
#endif /* MBEDTLS_CHACHAPOLY_ALT */
@ -460,7 +466,7 @@ static const unsigned char test_mac[1][16] =
if (verbose != 0) \
mbedtls_printf args; \
\
return( -1 ); \
return -1; \
} \
} \
while (0)
@ -473,10 +479,10 @@ int mbedtls_chachapoly_self_test( int verbose )
unsigned char output[200];
unsigned char mac[16];
for( i = 0U; i < 1U; i++ )
{
if( verbose != 0 )
for (i = 0U; i < 1U; i++) {
if (verbose != 0) {
mbedtls_printf(" ChaCha20-Poly1305 test %u ", i);
}
mbedtls_chachapoly_init(&ctx);
@ -502,14 +508,16 @@ int mbedtls_chachapoly_self_test( int verbose )
mbedtls_chachapoly_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

840
thirdparty/mbedtls/library/cipher.c vendored
View file

File diff suppressed because it is too large Load diff

139
thirdparty/mbedtls/library/cipher_wrap.c vendored
View file

@ -84,10 +84,11 @@ static void *gcm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
}
return( ctx );
return ctx;
}
static void gcm_ctx_free(void *ctx)
@ -103,10 +104,11 @@ static void *ccm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
}
return( ctx );
return ctx;
}
static void ccm_ctx_free(void *ctx)
@ -172,8 +174,7 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
mbedtls_aes_xts_context *xts_ctx = ctx;
int mode;
switch( operation )
{
switch (operation) {
case MBEDTLS_ENCRYPT:
mode = MBEDTLS_AES_ENCRYPT;
break;
@ -205,12 +206,13 @@ static void * aes_ctx_alloc( void )
{
mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
if( aes == NULL )
return( NULL );
if (aes == NULL) {
return NULL;
}
mbedtls_aes_init(aes);
return( aes );
return aes;
}
static void aes_ctx_free(void *ctx)
@ -424,32 +426,34 @@ static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen);
}
static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen);
}
static void *xts_aes_ctx_alloc(void)
{
mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
if( xts_ctx != NULL )
if (xts_ctx != NULL) {
mbedtls_aes_xts_init(xts_ctx);
}
return( xts_ctx );
return xts_ctx;
}
static void xts_aes_ctx_free(void *ctx)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
if( xts_ctx == NULL )
if (xts_ctx == NULL) {
return;
}
mbedtls_aes_xts_free(xts_ctx);
mbedtls_free(xts_ctx);
@ -701,12 +705,13 @@ static void * camellia_ctx_alloc( void )
mbedtls_camellia_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_camellia_init(ctx);
return( ctx );
return ctx;
}
static void camellia_ctx_free(void *ctx)
@ -1077,12 +1082,13 @@ static void * aria_ctx_alloc( void )
mbedtls_aria_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_aria_init(ctx);
return( ctx );
return ctx;
}
static void aria_ctx_free(void *ctx)
@ -1482,12 +1488,13 @@ static void * des_ctx_alloc( void )
{
mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
if( des == NULL )
return( NULL );
if (des == NULL) {
return NULL;
}
mbedtls_des_init(des);
return( des );
return des;
}
static void des_ctx_free(void *ctx)
@ -1501,12 +1508,13 @@ static void * des3_ctx_alloc( void )
mbedtls_des3_context *des3;
des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
if( des3 == NULL )
return( NULL );
if (des3 == NULL) {
return NULL;
}
mbedtls_des3_init(des3);
return( des3 );
return des3;
}
static void des3_ctx_free(void *ctx)
@ -1718,12 +1726,13 @@ static void * blowfish_ctx_alloc( void )
mbedtls_blowfish_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_blowfish_init(ctx);
return( ctx );
return ctx;
}
static void blowfish_ctx_free(void *ctx)
@ -1815,18 +1824,19 @@ static int arc4_crypt_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output)
{
return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
return mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output);
}
static int arc4_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
/* we get key_bitlen in bits, arc4 expects it in bytes */
if( key_bitlen % 8 != 0 )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen % 8 != 0) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
mbedtls_arc4_setup((mbedtls_arc4_context *) ctx, key, key_bitlen / 8);
return( 0 );
return 0;
}
static void *arc4_ctx_alloc(void)
@ -1834,12 +1844,13 @@ static void * arc4_ctx_alloc( void )
mbedtls_arc4_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_arc4_init(ctx);
return( ctx );
return ctx;
}
static void arc4_ctx_free(void *ctx)
@ -1892,13 +1903,15 @@ static const mbedtls_cipher_info_t arc4_128_info = {
static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen != 256U) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
static int chacha20_stream_wrap(void *ctx, size_t length,
@ -1908,10 +1921,11 @@ static int chacha20_stream_wrap( void *ctx, size_t length,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chacha20_update(ctx, length, input, output);
if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( ret );
return ret;
}
static void *chacha20_ctx_alloc(void)
@ -1919,12 +1933,13 @@ static void * chacha20_ctx_alloc( void )
mbedtls_chacha20_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_chacha20_init(ctx);
return( ctx );
return ctx;
}
static void chacha20_ctx_free(void *ctx)
@ -1977,13 +1992,15 @@ static int chachapoly_setkey_wrap( void *ctx,
const unsigned char *key,
unsigned int key_bitlen)
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen != 256U) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
static void *chachapoly_ctx_alloc(void)
@ -1991,12 +2008,13 @@ static void * chachapoly_ctx_alloc( void )
mbedtls_chachapoly_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_chachapoly_init(ctx);
return( ctx );
return ctx;
}
static void chachapoly_ctx_free(void *ctx)
@ -2050,7 +2068,7 @@ static int null_crypt_stream( void *ctx, size_t length,
{
((void) ctx);
memmove(output, input, length);
return( 0 );
return 0;
}
static int null_setkey(void *ctx, const unsigned char *key,
@ -2060,12 +2078,12 @@ static int null_setkey( void *ctx, const unsigned char *key,
((void) key);
((void) key_bitlen);
return( 0 );
return 0;
}
static void *null_ctx_alloc(void)
{
return( (void *) 1 );
return (void *) 1;
}
static void null_ctx_free(void *ctx)
@ -2117,10 +2135,11 @@ static void *kw_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
}
return( ctx );
return ctx;
}
static void kw_ctx_free(void *ctx)

308
thirdparty/mbedtls/library/cmac.c vendored
View file

@ -73,21 +73,15 @@ static int cmac_multiply_by_u( unsigned char *output,
unsigned char overflow = 0x00;
int i;
if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
{
if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
R_n = R_128;
}
else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
{
} else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
R_n = R_64;
}
else
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
} else {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
for( i = (int)blocksize - 1; i >= 0; i-- )
{
for (i = (int) blocksize - 1; i >= 0; i--) {
output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7;
}
@ -108,7 +102,7 @@ static int cmac_multiply_by_u( unsigned char *output,
output[blocksize - 1] ^= R_n & mask;
return( 0 );
return 0;
}
/*
@ -128,22 +122,25 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
block_size = ctx->cipher_info->block_size;
/* Calculate Ek(0) */
if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
goto exit;
}
/*
* Generate K1 and K2
*/
if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) {
goto exit;
}
if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) {
goto exit;
}
exit:
mbedtls_platform_zeroize(L, sizeof(L));
return( ret );
return ret;
}
#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
@ -154,9 +151,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
{
size_t idx;
for( idx = 0; idx < block_size; idx++ )
for (idx = 0; idx < block_size; idx++) {
output[idx] = input1[idx] ^ input2[idx];
}
}
/*
* Create padded last block from (partial) last block.
@ -171,16 +169,16 @@ static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
{
size_t j;
for( j = 0; j < padded_block_len; j++ )
{
if( j < last_block_len )
for (j = 0; j < padded_block_len; j++) {
if (j < last_block_len) {
padded_block[j] = last_block[j];
else if( j == last_block_len )
} else if (j == last_block_len) {
padded_block[j] = 0x80;
else
} else {
padded_block[j] = 0x00;
}
}
}
int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits)
@ -189,31 +187,33 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
mbedtls_cmac_context_t *cmac_ctx;
int retval;
if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
return( retval );
MBEDTLS_ENCRYPT)) != 0) {
return retval;
}
type = ctx->cipher_info->type;
switch( type )
{
switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
case MBEDTLS_CIPHER_DES_EDE3_ECB:
break;
default:
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/* Allocated and initialise in the cipher context memory for the CMAC
* context */
cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
if( cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
if (cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
}
ctx->cmac_ctx = cmac_ctx;
@ -231,8 +231,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
size_t n, j, olen, block_size;
if (ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
ctx->cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
ctx->cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
@ -241,8 +242,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Is there data still to process from the last call, that's greater in
* size than a block? */
if (cmac_ctx->unprocessed_len > 0 &&
ilen > block_size - cmac_ctx->unprocessed_len )
{
ilen > block_size - cmac_ctx->unprocessed_len) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
block_size - cmac_ctx->unprocessed_len);
@ -250,8 +250,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -265,21 +264,20 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Iterate across the input data in block sized chunks, excluding any
* final partial or complete block */
for( j = 1; j < n; j++ )
{
for (j = 1; j < n; j++) {
cmac_xor_block(state, input, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
&olen)) != 0) {
goto exit;
}
ilen -= block_size;
input += block_size;
}
/* If there is data left over that wasn't aligned to a block */
if( ilen > 0 )
{
if (ilen > 0) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
ilen);
@ -287,7 +285,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
}
exit:
return( ret );
return ret;
}
int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
@ -302,8 +300,9 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
size_t olen, block_size;
if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
@ -316,13 +315,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
last_block = cmac_ctx->unprocessed_block;
/* Calculate last block */
if( cmac_ctx->unprocessed_len < block_size )
{
if (cmac_ctx->unprocessed_len < block_size) {
cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
cmac_xor_block(M_last, M_last, K2, block_size);
}
else
{
} else {
/* Last block is complete block */
cmac_xor_block(M_last, last_block, K1, block_size);
}
@ -330,8 +326,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, M_last, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -348,15 +343,16 @@ exit:
sizeof(cmac_ctx->unprocessed_block));
mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
return( ret );
return ret;
}
int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
{
mbedtls_cmac_context_t *cmac_ctx;
if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
@ -367,7 +363,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
mbedtls_platform_zeroize(cmac_ctx->state,
sizeof(cmac_ctx->state));
return( 0 );
return 0;
}
int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
@ -378,28 +374,32 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
mbedtls_cipher_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
mbedtls_cipher_init(&ctx);
if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_update(&ctx, input, ilen);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_finish(&ctx, output);
exit:
mbedtls_cipher_free(&ctx);
return( ret );
return ret;
}
#if defined(MBEDTLS_AES_C)
@ -415,31 +415,29 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
if( key == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key == NULL || input == NULL || output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
if( key_length == MBEDTLS_AES_BLOCK_SIZE )
{
if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
/* Use key as is */
memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
}
else
{
} else {
memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
key_length, int_key);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
}
ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len,
output);
@ -447,7 +445,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
exit:
mbedtls_platform_zeroize(int_key, sizeof(int_key));
return( ret );
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -508,7 +506,8 @@ static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
}
};
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
@ -549,7 +548,8 @@ static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
}
};
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
@ -591,7 +591,8 @@ static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
}
};
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
@ -643,7 +644,8 @@ static const unsigned char des3_2key_subkeys[2][8] = {
0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
}
};
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
= {
{
/* Sample #1 */
0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
@ -681,7 +683,8 @@ static const unsigned char des3_3key_subkeys[2][8] = {
0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
}
};
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
= {
{
/* Sample #1 */
0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
@ -757,30 +760,28 @@ static int cmac_test_subkeys( int verbose,
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
for( i = 0; i < num_tests; i++ )
{
if( verbose != 0 )
for (i = 0; i < num_tests; i++) {
if (verbose != 0) {
mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1);
}
mbedtls_cipher_init(&ctx);
if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
{
if( verbose != 0 )
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
if (verbose != 0) {
mbedtls_printf("test execution failed\n");
}
goto cleanup;
}
if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_ENCRYPT)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 may be unavailable. This should not cause the selftest
@ -788,37 +789,40 @@ static int cmac_test_subkeys( int verbose,
if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
cipher_type == MBEDTLS_CIPHER_AES_192_ECB) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("skipped\n");
}
goto next_test;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("test execution failed\n");
}
goto cleanup;
}
ret = cmac_generate_subkeys(&ctx, K1, K2);
if( ret != 0 )
{
if( verbose != 0 )
if (ret != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto cleanup;
}
if ((ret = memcmp(K1, subkeys, block_size)) != 0 ||
( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
{
if( verbose != 0 )
(ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto cleanup;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
next_test:
mbedtls_cipher_free(&ctx);
@ -831,7 +835,7 @@ cleanup:
mbedtls_cipher_free(&ctx);
exit:
return( ret );
return ret;
}
static int cmac_test_wth_cipher(int verbose,
@ -850,21 +854,19 @@ static int cmac_test_wth_cipher( int verbose,
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
for( i = 0; i < num_tests; i++ )
{
if( verbose != 0 )
for (i = 0; i < num_tests; i++) {
if (verbose != 0) {
mbedtls_printf(" %s CMAC #%d: ", testname, i + 1);
}
if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
message_lengths[i], output ) ) != 0 )
{
message_lengths[i], output)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 and/or 3DES may be unavailable. This should not cause
@ -873,30 +875,33 @@ static int cmac_test_wth_cipher( int verbose,
ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
(cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("skipped\n");
}
continue;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
{
if( verbose != 0 )
if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
ret = 0;
exit:
return( ret );
return ret;
}
#if defined(MBEDTLS_AES_C)
@ -906,25 +911,22 @@ static int test_aes128_cmac_prf( int verbose )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
for( i = 0; i < NB_PRF_TESTS; i++ )
{
for (i = 0; i < NB_PRF_TESTS; i++) {
mbedtls_printf(" AES CMAC 128 PRF #%d: ", i);
ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
if (ret != 0 ||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
{
memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("failed\n");
return( ret );
}
else if( verbose != 0 )
{
return ret;
} else if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
return( ret );
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -941,9 +943,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_128_subkeys,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -955,9 +956,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_128_expected_result,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* AES-192 */
@ -968,9 +968,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_192_subkeys,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -982,9 +981,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_192_expected_result,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* AES-256 */
@ -995,9 +993,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_256_subkeys,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1009,9 +1006,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_256_expected_result,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -1024,9 +1020,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_2key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1038,9 +1033,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_2key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* 3DES 3 key */
@ -1051,9 +1045,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_3key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1065,21 +1058,22 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_3key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
return( ret );
if ((ret = test_aes128_cmac_prf(verbose)) != 0) {
return ret;
}
#endif /* MBEDTLS_AES_C */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

19
thirdparty/mbedtls/library/common.h vendored
View file

@ -29,6 +29,7 @@
#include "mbedtls/config.h"
#endif
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
@ -77,7 +78,7 @@
static inline unsigned char *mbedtls_buffer_offset(
unsigned char *p, size_t n)
{
return( p == NULL ? NULL : p + n );
return p == NULL ? NULL : p + n;
}
/** Return an offset into a read-only buffer.
@ -94,7 +95,7 @@ static inline unsigned char *mbedtls_buffer_offset(
static inline const unsigned char *mbedtls_buffer_offset_const(
const unsigned char *p, size_t n)
{
return( p == NULL ? NULL : p + n );
return p == NULL ? NULL : p + n;
}
/** Byte Reading Macros
@ -347,4 +348,18 @@ static inline const unsigned char *mbedtls_buffer_offset_const(
}
#endif
/* Always provide a static assert macro, so it can be used unconditionally.
* It will expand to nothing on some systems.
* Can be used outside functions (but don't add a trailing ';' in that case:
* the semicolon is included here to avoid triggering -Wextra-semi when
* MBEDTLS_STATIC_ASSERT() expands to nothing).
* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
* defines static_assert even with -std=c99, but then complains about it.
*/
#if defined(static_assert) && !defined(__FreeBSD__)
#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg);
#else
#define MBEDTLS_STATIC_ASSERT(expr, msg)
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */

99
thirdparty/mbedtls/library/constant_time.c vendored
View file

@ -55,8 +55,7 @@ int mbedtls_ct_memcmp( const void *a,
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
{
for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@ -64,7 +63,7 @@ int mbedtls_ct_memcmp( const void *a,
diff |= x ^ y;
}
return( (int)diff );
return (int) diff;
}
unsigned mbedtls_ct_uint_mask(unsigned value)
@ -75,7 +74,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -91,7 +90,7 @@ size_t mbedtls_ct_size_mask( size_t value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -109,7 +108,7 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -143,13 +142,13 @@ static size_t mbedtls_ct_size_mask_lt( size_t x,
/* mask = (x < y) ? 0xff... : 0x00... */
const size_t mask = mbedtls_ct_size_mask(sub1);
return( mask );
return mask;
}
size_t mbedtls_ct_size_mask_ge(size_t x,
size_t y)
{
return( ~mbedtls_ct_size_mask_lt( x, y ) );
return ~mbedtls_ct_size_mask_lt(x, y);
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@ -169,7 +168,7 @@ unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
unsigned low_mask = ((unsigned) c - low) >> 8;
/* high_mask is: 0 if c <= high, 0x...ff if c > high */
unsigned high_mask = ((unsigned) high - c) >> 8;
return( ~( low_mask | high_mask ) & 0xff );
return ~(low_mask | high_mask) & 0xff;
}
#endif /* MBEDTLS_BASE64_C */
@ -197,7 +196,7 @@ unsigned mbedtls_ct_size_bool_eq( size_t x,
/* diff1 = (x != y) ? 1 : 0 */
const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
return( 1 ^ diff1 );
return 1 ^ diff1;
}
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
@ -217,7 +216,7 @@ static unsigned mbedtls_ct_size_gt( size_t x,
size_t y)
{
/* Return the sign bit (1 for negative) of (y - x). */
return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
return (y - x) >> (sizeof(size_t) * 8 - 1);
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
@ -259,7 +258,7 @@ unsigned mbedtls_ct_uint_if( unsigned condition,
unsigned if0)
{
unsigned mask = mbedtls_ct_uint_mask(condition);
return( ( mask & if1 ) | (~mask & if0 ) );
return (mask & if1) | (~mask & if0);
}
#if defined(MBEDTLS_BIGNUM_C)
@ -295,7 +294,7 @@ static int mbedtls_ct_cond_select_sign( unsigned char condition,
unsigned ur = (uif0 & ~mask) | (uif1 & mask);
/* ur is now 0 or 2, convert back to -1 or +1 */
return( (int) ur - 1 );
return (int) ur - 1;
}
void mbedtls_ct_mpi_uint_cond_assign(size_t n,
@ -319,9 +318,10 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,
#pragma warning( pop )
#endif
for( i = 0; i < n; i++ )
for (i = 0; i < n; i++) {
dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
#endif /* MBEDTLS_BIGNUM_C */
@ -338,7 +338,7 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
return( digit );
return digit;
}
signed char mbedtls_ct_base64_dec_value(unsigned char c)
@ -355,7 +355,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c )
val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
* a digit with the value v. */
return( val - 1 );
return val - 1;
}
#endif /* MBEDTLS_BASE64_C */
@ -384,16 +384,15 @@ static void mbedtls_ct_mem_move_to_left( void *start,
{
volatile unsigned char *buf = start;
size_t i, n;
if( total == 0 )
if (total == 0) {
return;
for( i = 0; i < total; i++ )
{
}
for (i = 0; i < total; i++) {
unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
for( n = 0; n < total - 1; n++ )
{
for (n = 0; n < total - 1; n++) {
unsigned char current = buf[n];
unsigned char next = buf[n+1];
buf[n] = mbedtls_ct_uint_if(no_op, current, next);
@ -416,9 +415,10 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
for( size_t i = 0; i < len; i++ )
for (size_t i = 0; i < len; i++) {
dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
void mbedtls_ct_memcpy_offset(unsigned char *dest,
const unsigned char *src,
@ -429,8 +429,7 @@ void mbedtls_ct_memcpy_offset( unsigned char *dest,
{
size_t offsetval;
for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
{
for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
offsetval, offset);
}
@ -495,17 +494,17 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
memset(output, '!', hash_size);
/* For each possible length, compute the hash up to that point */
for( offset = min_data_len; offset <= max_data_len; offset++ )
{
for (offset = min_data_len; offset <= max_data_len; offset++) {
MD_CHK(mbedtls_md_clone(&aux, ctx));
MD_CHK(mbedtls_md_finish(&aux, aux_out));
/* Keep only the correct inner_hash in the output buffer */
mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
offset, data_len_secret);
if( offset < max_data_len )
if (offset < max_data_len) {
MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
}
}
/* The context needs to finish() before it starts() again */
MD_CHK(mbedtls_md_finish(ctx, aux_out));
@ -523,7 +522,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
cleanup:
mbedtls_md_free(&aux);
return( ret );
return ret;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@ -564,11 +563,12 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
mbedtls_ct_mpi_uint_cond_assign(Y->n, X->p, Y->p, assign);
for( i = Y->n; i < X->n; i++ )
for (i = Y->n; i < X->n; i++) {
X->p[i] &= ~limb_mask;
}
cleanup:
return( ret );
return ret;
}
/*
@ -588,8 +588,9 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
MPI_VALIDATE_RET(X != NULL);
MPI_VALIDATE_RET(Y != NULL);
if( X == Y )
return( 0 );
if (X == Y) {
return 0;
}
/* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
limb_mask = mbedtls_ct_mpi_uint_mask(swap);
@ -602,15 +603,14 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
for( i = 0; i < X->n; i++ )
{
for (i = 0; i < X->n; i++) {
tmp = X->p[i];
X->p[i] = (X->p[i] & ~limb_mask) | (Y->p[i] & limb_mask);
Y->p[i] = (Y->p[i] & ~limb_mask) | (tmp & limb_mask);
}
cleanup:
return( ret );
return ret;
}
/*
@ -628,8 +628,9 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
MPI_VALIDATE_RET(Y != NULL);
MPI_VALIDATE_RET(ret != NULL);
if( X->n != Y->n )
if (X->n != Y->n) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
/*
* Set sign_N to 1 if N >= 0, 0 if N < 0.
@ -652,8 +653,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
*/
done = cond;
for( i = X->n; i > 0; i-- )
{
for (i = X->n; i > 0; i--) {
/*
* If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
* X and Y are negative.
@ -677,7 +677,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
done |= cond;
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -717,22 +717,18 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* memory trace. The first byte must be 0. */
bad |= input[0];
if( mode == MBEDTLS_RSA_PRIVATE )
{
if (mode == MBEDTLS_RSA_PRIVATE) {
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
for( i = 2; i < ilen; i++ )
{
for (i = 2; i < ilen; i++) {
pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
}
}
else
{
} else {
/* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
* where PS must be at least 8 bytes with the value 0xFF. */
bad |= input[1] ^ MBEDTLS_RSA_SIGN;
@ -740,8 +736,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count.
* If there's a non-0xff byte in the padding, the padding is bad. */
for( i = 2; i < ilen; i++ )
{
for (i = 2; i < ilen; i++) {
pad_done |= mbedtls_ct_uint_if(input[i], 0, 1);
pad_count += mbedtls_ct_uint_if(pad_done, 0, 1);
bad |= mbedtls_ct_uint_if(pad_done, 0, input[i] ^ 0xFF);
@ -788,8 +783,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* avoid leaking the padding validity through overall timing or
* through memory or cache access patterns. */
bad = mbedtls_ct_uint_mask(bad | output_too_large);
for( i = 11; i < ilen; i++ )
for (i = 11; i < ilen; i++) {
input[i] &= ~bad;
}
/* If the plaintext is too large, truncate it to the buffer size.
* Copy anyway to avoid revealing the length through timing, because
@ -816,8 +812,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* user-provided output buffer), which is independent from plaintext
* length, validity of padding, success of the decryption, and other
* secrets. */
if( output_max_len != 0 )
if (output_max_len != 0) {
memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
}
/* Report the amount of data we copied to the output buffer. In case
* of errors (bad padding or output too large), the value of *olen
@ -825,7 +822,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* to the good case limits the risks of leaking the padding validity. */
*olen = plaintext_size;
return( ret );
return ret;
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */

278
thirdparty/mbedtls/library/ctr_drbg.c vendored
View file

@ -57,13 +57,15 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
*/
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_THREADING_C)
/* The mutex is initialized iff f_entropy is set. */
if( ctx->f_entropy != NULL )
if (ctx->f_entropy != NULL) {
mbedtls_mutex_free(&ctx->mutex);
}
#endif
mbedtls_aes_free(&ctx->aes_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
@ -88,17 +90,20 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
{
/* If mbedtls_ctr_drbg_seed() has already been called, it's
* too late. Return the error code that's closest to making sense. */
if( ctx->f_entropy != NULL )
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (ctx->f_entropy != NULL) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
#if SIZE_MAX > INT_MAX
/* This shouldn't be an issue because
* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
* configuration, but make sure anyway. */
if( len > INT_MAX )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (len > INT_MAX) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
#endif
/* For backward compatibility with Mbed TLS <= 2.19, store the
@ -106,7 +111,7 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
* used until after the initial seeding. */
/* Due to the capping of len above, the value fits in an int. */
ctx->reseed_counter = (int) len;
return( 0 );
return 0;
}
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
@ -130,8 +135,9 @@ static int block_cipher_df( unsigned char *output,
int i, j;
size_t buf_len, use_len;
if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
@ -153,35 +159,33 @@ static int block_cipher_df( unsigned char *output,
buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) {
key[i] = i;
}
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
/*
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
*/
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
p = buf;
memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
use_len = buf_len;
while( use_len > 0 )
{
for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
while (use_len > 0) {
for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++) {
chain[i] ^= p[i];
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
chain, chain ) ) != 0 )
{
chain, chain)) != 0) {
goto exit;
}
}
@ -198,18 +202,15 @@ static int block_cipher_df( unsigned char *output,
* Do final encryption with reduced data
*/
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
p = output;
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
iv, iv ) ) != 0 )
{
iv, iv)) != 0) {
goto exit;
}
memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
@ -224,15 +225,14 @@ exit:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(chain, sizeof(chain));
if( 0 != ret )
{
if (0 != ret) {
/*
* wipe partial seed from memory
*/
mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN);
}
return( ret );
return ret;
}
/* CTR_DRBG_Update (SP 800-90A &sect;10.2.1.2)
@ -253,36 +253,36 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
/*
* Increase counter
*/
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
if (++ctx->counter[i - 1] != 0) {
break;
}
}
/*
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, p ) ) != 0 )
{
ctx->counter, p)) != 0) {
goto exit;
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
tmp[i] ^= data[i];
}
/*
* Update key and counter
*/
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
@ -290,7 +290,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
exit:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return( ret );
return ret;
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@ -312,17 +312,20 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( add_len == 0 )
return( 0 );
if (add_len == 0) {
return 0;
}
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
}
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
exit:
mbedtls_platform_zeroize(add_input, sizeof(add_input));
return( ret );
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -332,8 +335,9 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
{
/* MAX_INPUT would be more logical here, but we have to match
* block_cipher_df()'s limits since we can't propagate errors */
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
}
(void) mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -360,57 +364,58 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
size_t seedlen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
/* Gather entropy_len bytes of entropy to seed state. */
if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += ctx->entropy_len;
/* Gather entropy for a nonce if requested. */
if( nonce_len != 0 )
{
if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (nonce_len != 0) {
if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += nonce_len;
}
/* Add additional data if provided. */
if( additional != NULL && len != 0 )
{
if (additional != NULL && len != 0) {
memcpy(seed + seedlen, additional, len);
seedlen += len;
}
/* Reduce to 384 bits. */
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) {
goto exit;
}
/* Update state. */
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {
goto exit;
}
ctx->reseed_counter = 1;
exit:
mbedtls_platform_zeroize(seed, sizeof(seed));
return( ret );
return ret;
}
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len)
{
return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);
}
/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
@ -420,10 +425,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
* the nonce, don't make a second call to get a nonce. */
static size_t good_nonce_len(size_t entropy_len)
{
if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
return( 0 );
else
return( ( entropy_len + 1 ) / 2 );
if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) {
return 0;
} else {
return (entropy_len + 1) / 2;
}
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@ -459,8 +465,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
if( ctx->entropy_len == 0 )
if (ctx->entropy_len == 0) {
ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
}
/* ctx->reseed_counter contains the desired amount of entropy to
* grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
* If it's -1, indicating that the entropy nonce length was not set
@ -471,18 +478,16 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
/* Initialize with an empty key. */
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
return ret;
}
/* Do the initial seeding. */
if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
nonce_len ) ) != 0 )
{
return( ret );
nonce_len)) != 0) {
return ret;
}
return( 0 );
return 0;
}
/* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
@ -516,47 +521,48 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
int i;
size_t use_len;
if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG;
}
if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
if (ctx->reseed_counter > ctx->reseed_interval ||
ctx->prediction_resistance )
{
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
{
return( ret );
ctx->prediction_resistance) {
if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
return ret;
}
add_len = 0;
}
if( add_len > 0 )
{
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
goto exit;
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
if (add_len > 0) {
if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
}
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
}
while( output_len > 0 )
{
while (output_len > 0) {
/*
* Increase counter
*/
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
if (++ctx->counter[i - 1] != 0) {
break;
}
}
/*
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, tmp ) ) != 0 )
{
ctx->counter, tmp)) != 0) {
goto exit;
}
@ -570,15 +576,16 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
output_len -= use_len;
}
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
ctx->reseed_counter++;
exit:
mbedtls_platform_zeroize(add_input, sizeof(add_input));
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return( ret );
return ret;
}
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
@ -588,18 +595,20 @@ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
#if defined(MBEDTLS_FS_IO)
@ -610,20 +619,19 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
FILE *f;
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
if ((f = fopen(path, "wb")) == NULL) {
return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
if ((ret = mbedtls_ctr_drbg_random(ctx, buf,
MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) {
goto exit;
}
if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
MBEDTLS_CTR_DRBG_MAX_INPUT )
{
MBEDTLS_CTR_DRBG_MAX_INPUT) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
else
{
} else {
ret = 0;
}
@ -631,7 +639,7 @@ exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
fclose(f);
return( ret );
return ret;
}
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
@ -643,17 +651,16 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
unsigned char c;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
if ((f = fopen(path, "rb")) == NULL) {
return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
n = fread(buf, 1, sizeof(buf), f);
if( fread( &c, 1, 1, f ) != 0 )
{
if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
goto exit;
}
if( n == 0 || ferror( f ) )
{
if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;
}
@ -664,11 +671,13 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
if( f != NULL )
if (f != NULL) {
fclose(f);
if( ret != 0 )
return( ret );
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
}
if (ret != 0) {
return ret;
}
return mbedtls_ctr_drbg_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@ -811,14 +820,14 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
const unsigned char *p = data;
memcpy(buf, p + test_offset, len);
test_offset += len;
return( 0 );
return 0;
}
#define CHK(c) if ((c) != 0) \
{ \
if (verbose != 0) \
mbedtls_printf("failed\n"); \
return( 1 ); \
return 1; \
}
#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
@ -836,8 +845,9 @@ int mbedtls_ctr_drbg_self_test( int verbose )
/*
* Based on a NIST CTR_DRBG test vector (PR = True)
*/
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CTR_DRBG (PR = TRUE) : ");
}
test_offset = 0;
mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
@ -853,14 +863,16 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_ctr_drbg_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
/*
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
*/
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CTR_DRBG (PR = FALSE): ");
}
mbedtls_ctr_drbg_init(&ctx);
@ -878,13 +890,15 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_ctr_drbg_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

97
thirdparty/mbedtls/library/debug.c vendored
View file

@ -72,8 +72,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -81,8 +80,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
{
if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
str[ret] = '\n';
str[ret + 1] = '\0';
}
@ -99,8 +97,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -109,8 +106,9 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
* the logs would be quickly flooded with WANT_READ, so ignore that.
* Don't ignore WANT_WRITE however, since is is usually rare.
*/
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
return;
}
mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n",
text, ret, (unsigned int) -ret);
@ -129,8 +127,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -141,15 +138,13 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx = 0;
memset(txt, 0, sizeof(txt));
for( i = 0; i < len; i++ )
{
if( i >= 4096 )
for (i = 0; i < len; i++) {
if (i >= 4096) {
break;
}
if( i % 16 == 0 )
{
if( i > 0 )
{
if (i % 16 == 0) {
if (i > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
@ -167,10 +162,10 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
}
if( len > 0 )
{
for( /* i = i */; i % 16 != 0; i++ )
if (len > 0) {
for (/* i = i */; i % 16 != 0; i++) {
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
}
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
@ -187,8 +182,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -213,8 +207,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -224,16 +217,12 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
text, (unsigned) bitlen);
debug_send_line(ssl, level, file, line, str);
if( bitlen == 0 )
{
if (bitlen == 0) {
str[0] = ' '; str[1] = '0'; str[2] = '0';
idx = 3;
}
else
{
} else {
int n;
for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
{
for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
unsigned char octet =
@ -241,8 +230,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
if( idx >= 3 * 16 )
{
if (idx >= 3 * 16) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
idx = 0;
@ -250,8 +238,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
}
}
if( idx != 0 )
{
if (idx != 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
}
@ -269,31 +256,30 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
memset(items, 0, sizeof(items));
if( mbedtls_pk_debug( pk, items ) != 0 )
{
if (mbedtls_pk_debug(pk, items) != 0) {
debug_send_line(ssl, level, file, line,
"invalid PK context\n");
return;
}
for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
{
if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
return;
}
mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
name[sizeof(name) - 1] = '\0';
if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
else
} else
#if defined(MBEDTLS_ECP_C)
if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
else
} else
#endif
debug_send_line( ssl, level, file, line,
"should not happen\n" );
{ debug_send_line(ssl, level, file, line,
"should not happen\n"); }
}
}
@ -304,13 +290,12 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
const char *start, *cur;
start = text;
for( cur = text; *cur != '\0'; cur++ )
{
if( *cur == '\n' )
{
for (cur = text; *cur != '\0'; cur++) {
if (*cur == '\n') {
size_t len = cur - start + 1;
if( len > DEBUG_BUF_SIZE - 1 )
if (len > DEBUG_BUF_SIZE - 1) {
len = DEBUG_BUF_SIZE - 1;
}
memcpy(str, start, len);
str[len] = '\0';
@ -333,13 +318,11 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == crt ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
while( crt != NULL )
{
while (crt != NULL) {
char buf[1024];
mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
@ -368,8 +351,7 @@ static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
#endif
switch( attr )
{
switch (attr) {
case MBEDTLS_DEBUG_ECDH_Q:
mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
&ctx->Q);
@ -395,8 +377,7 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
#else
switch( ecdh->var )
{
switch (ecdh->var) {
default:
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
attr);

259
thirdparty/mbedtls/library/des.c vendored
View file

@ -281,8 +281,9 @@ void mbedtls_des_init( mbedtls_des_context *ctx )
void mbedtls_des_free(mbedtls_des_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
}
@ -294,30 +295,40 @@ void mbedtls_des3_init( mbedtls_des3_context *ctx )
void mbedtls_des3_free(mbedtls_des3_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
70, 73, 74, 76, 79, 81,
82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
104, 107, 109, 110, 112,
115, 117, 118, 121, 122, 124, 127, 128, 131,
133, 134, 137, 138, 140,
143, 145, 146, 148, 151, 152, 155, 157, 158,
161, 162, 164, 167, 168,
171, 173, 174, 176, 179, 181, 182, 185, 186,
188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214,
217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242,
244, 247, 248, 251, 253,
254 };
void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
key[i] = odd_parity_table[key[i] / 2];
}
}
/*
* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
@ -326,11 +337,13 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
{
int i;
for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
if( key[i] != odd_parity_table[key[i] / 2] )
return( 1 );
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
if (key[i] != odd_parity_table[key[i] / 2]) {
return 1;
}
}
return( 0 );
return 0;
}
/*
@ -381,11 +394,13 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int i;
for( i = 0; i < WEAK_KEY_COUNT; i++ )
if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
return( 1 );
for (i = 0; i < WEAK_KEY_COUNT; i++) {
if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
return 1;
}
}
return( 0 );
return 0;
}
#if !defined(MBEDTLS_DES_SETKEY_ALT)
@ -419,15 +434,11 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
/*
* calculate subkeys
*/
for( i = 0; i < 16; i++ )
{
if( i < 2 || i == 8 || i == 15 )
{
for (i = 0; i < 16; i++) {
if (i < 2 || i == 8 || i == 15) {
X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
}
else
{
} else {
X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
}
@ -466,7 +477,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
{
mbedtls_des_setkey(ctx->sk, key);
return( 0 );
return 0;
}
/*
@ -478,13 +489,12 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
mbedtls_des_setkey(ctx->sk, key);
for( i = 0; i < 16; i += 2 )
{
for (i = 0; i < 16; i += 2) {
SWAP(ctx->sk[i], ctx->sk[30 - i]);
SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
}
return( 0 );
return 0;
}
static void des3_set2key(uint32_t esk[96],
@ -496,8 +506,7 @@ static void des3_set2key( uint32_t esk[96],
mbedtls_des_setkey(esk, key);
mbedtls_des_setkey(dsk + 32, key + 8);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i] = esk[30 - i];
dsk[i + 1] = esk[31 - i];
@ -523,7 +532,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
des3_set2key(ctx->sk, sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -537,7 +546,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
des3_set2key(sk, ctx->sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
static void des3_set3key(uint32_t esk[96],
@ -550,8 +559,7 @@ static void des3_set3key( uint32_t esk[96],
mbedtls_des_setkey(dsk + 32, key + 8);
mbedtls_des_setkey(esk + 64, key + 16);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i] = esk[94 - i];
dsk[i + 1] = esk[95 - i];
@ -574,7 +582,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
des3_set3key(ctx->sk, sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -588,7 +596,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
des3_set3key(sk, ctx->sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -609,8 +617,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -620,7 +627,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
MBEDTLS_PUT_UINT32_BE(Y, output, 0);
MBEDTLS_PUT_UINT32_BE(X, output, 4);
return( 0 );
return 0;
}
#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
@ -639,37 +646,37 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
if (length % 8) {
return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
for( i = 0; i < 8; i++ )
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
ret = mbedtls_des_crypt_ecb(ctx, output, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
ret = mbedtls_des_crypt_ecb(ctx, input, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 8);
@ -681,7 +688,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
ret = 0;
exit:
return( ret );
return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -703,20 +710,17 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(X, Y);
DES_ROUND(Y, X);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -726,7 +730,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
MBEDTLS_PUT_UINT32_BE(Y, output, 0);
MBEDTLS_PUT_UINT32_BE(X, output, 4);
return( 0 );
return 0;
}
#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
@ -745,37 +749,37 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
if (length % 8) {
return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
for( i = 0; i < 8; i++ )
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
ret = mbedtls_des3_crypt_ecb(ctx, output, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
ret = mbedtls_des3_crypt_ecb(ctx, input, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 8);
@ -787,7 +791,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
ret = 0;
exit:
return( ret );
return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -865,20 +869,19 @@ int mbedtls_des_self_test( int verbose )
/*
* ECB mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DES%c-ECB-%3d (%s): ",
(u == 0) ? ' ' : '3', 56 + u * 56,
(v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -904,60 +907,63 @@ int mbedtls_des_self_test( int verbose )
break;
default:
return( 1 );
return 1;
}
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( j = 0; j < 100; j++ )
{
if( u == 0 )
for (j = 0; j < 100; j++) {
if (u == 0) {
ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
}
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DES%c-CBC-%3d (%s): ",
(u == 0) ? ' ' : '3', 56 + u * 56,
(v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
memcpy(iv, des3_test_iv, 8);
memcpy(prv, des3_test_iv, 8);
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -983,35 +989,35 @@ int mbedtls_des_self_test( int verbose )
break;
default:
return( 1 );
return 1;
}
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if( v == MBEDTLS_DES_DECRYPT )
{
for( j = 0; j < 100; j++ )
{
if( u == 0 )
if (v == MBEDTLS_DES_DECRYPT) {
for (j = 0; j < 100; j++) {
if (u == 0) {
ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
}
else
{
for( j = 0; j < 100; j++ )
{
} else {
for (j = 0; j < 100; j++) {
unsigned char tmp[8];
if( u == 0 )
if (u == 0) {
ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
memcpy(tmp, prv, 8);
memcpy(prv, buf, 8);
@ -1024,30 +1030,33 @@ int mbedtls_des_self_test( int verbose )
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
exit:
mbedtls_des_free(&ctx);
mbedtls_des3_free(&ctx3);
if( ret != 0 )
if (ret != 0) {
ret = 1;
return( ret );
}
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

240
thirdparty/mbedtls/library/dhm.c vendored
View file

@ -61,21 +61,24 @@ static int dhm_read_bignum( mbedtls_mpi *X,
{
int ret, n;
if( end - *p < 2 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (end - *p < 2) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
n = ((*p)[0] << 8) | (*p)[1];
(*p) += 2;
if( (int)( end - *p ) < n )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if ((int) (end - *p) < n) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret);
}
(*p) += n;
return( 0 );
return 0;
}
/*
@ -100,14 +103,13 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
if (mbedtls_mpi_cmp_int(param, 2) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
mbedtls_mpi_cmp_mpi(param, &U) > 0) {
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
mbedtls_mpi_free(&U);
return( ret );
return ret;
}
void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
@ -130,15 +132,17 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
if ((ret = dhm_read_bignum(&ctx->P, p, end)) != 0 ||
(ret = dhm_read_bignum(&ctx->G, p, end)) != 0 ||
( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
return( ret );
(ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) {
return ret;
}
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
return ret;
}
ctx->len = mbedtls_mpi_size(&ctx->P);
return( 0 );
return 0;
}
/*
@ -153,7 +157,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));
cleanup:
return( ret );
return ret;
}
static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size,
@ -162,23 +166,24 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
{
int ret = 0;
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( x_size < 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
else
{
if (x_size < 0) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) {
MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
} else {
/* Generate X as large as possible ( <= P - 2 ) */
ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng);
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
if( ret != 0 )
return( ret );
if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED;
}
if (ret != 0) {
return ret;
}
}
/*
@ -187,11 +192,12 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
&ctx->P, &ctx->RP));
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) {
return ret;
}
cleanup:
return( ret );
return ret;
}
/*
@ -211,8 +217,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
DHM_VALIDATE_RET(f_rng != NULL);
ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
/*
* Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
@ -242,9 +249,10 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
ctx->len = n1;
cleanup:
if( ret != 0 && ret > -128 )
if (ret != 0 && ret > -128) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret);
return( ret );
}
return ret;
}
/*
@ -260,13 +268,12 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(G != NULL);
if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
{
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
(ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret);
}
ctx->len = mbedtls_mpi_size(&ctx->P);
return( 0 );
return 0;
}
/*
@ -279,13 +286,15 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(input != NULL);
if( ilen < 1 || ilen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (ilen < 1 || ilen > ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret);
}
return( 0 );
return 0;
}
/*
@ -301,21 +310,25 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
DHM_VALIDATE_RET(output != NULL);
DHM_VALIDATE_RET(f_rng != NULL);
if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (olen < 1 || olen > ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
if( ret != 0 )
if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) {
return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED;
}
if (ret != 0) {
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));
cleanup:
if( ret != 0 && ret > -128 )
if (ret != 0 && ret > -128) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret);
return( ret );
}
return ret;
}
@ -337,28 +350,26 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* Don't use any blinding the first time a particular X is used,
* but remember it to use blinding next time.
*/
if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
return( 0 );
return 0;
}
/*
* Ok, we need blinding. Can we re-use existing values?
* If yes, just update them by squaring them.
*/
if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
{
if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
return( 0 );
return 0;
}
/*
@ -383,7 +394,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
cleanup:
mbedtls_mpi_free(&R);
return( ret );
return ret;
}
/*
@ -400,31 +411,31 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(output != NULL);
DHM_VALIDATE_RET(olen != NULL);
if( output_size < ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (output_size < ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
return ret;
}
mbedtls_mpi_init(&GYb);
/* Blind peer's value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));
}
else
} else {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY));
}
/* Do modular exponentiation */
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X,
&ctx->P, &ctx->RP));
/* Unblind secret value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));
}
@ -437,10 +448,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
cleanup:
mbedtls_mpi_free(&GYb);
if( ret != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
if (ret != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret);
}
return( 0 );
return 0;
}
/*
@ -448,8 +460,9 @@ cleanup:
*/
void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->pX);
mbedtls_mpi_free(&ctx->Vf);
@ -486,23 +499,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
mbedtls_pem_init(&pem);
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
} else {
ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN DH PARAMETERS-----",
"-----END DH PARAMETERS-----",
dhmin, NULL, 0, &dhminlen);
}
if( ret == 0 )
{
if (ret == 0) {
/*
* Was PEM encoded
*/
dhminlen = pem.buflen;
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
goto exit;
}
p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
#else
@ -518,8 +531,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
* }
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
@ -527,27 +539,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
end = p + len;
if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
if( p != end )
{
if (p != end) {
/* This might be the optional privateValueLength.
* If so, we can cleanly discard it */
mbedtls_mpi rec;
mbedtls_mpi_init(&rec);
ret = mbedtls_asn1_get_mpi(&p, end, &rec);
mbedtls_mpi_free(&rec);
if ( ret != 0 )
{
if (ret != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
if ( p != end )
{
if (p != end) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto exit;
@ -562,10 +570,11 @@ exit:
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_free(&pem);
#endif
if( ret != 0 )
if (ret != 0) {
mbedtls_dhm_free(dhm);
}
return( ret );
return ret;
}
#if defined(MBEDTLS_FS_IO)
@ -581,44 +590,43 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
FILE *f;
long size;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
if ((f = fopen(path, "rb")) == NULL) {
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fseek(f, 0, SEEK_END);
if( ( size = ftell( f ) ) == -1 )
{
if ((size = ftell(f)) == -1) {
fclose(f);
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fseek(f, 0, SEEK_SET);
*n = (size_t) size;
if (*n + 1 == 0 ||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
{
(*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
fclose(f);
return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
return MBEDTLS_ERR_DHM_ALLOC_FAILED;
}
if( fread( *buf, 1, *n, f ) != *n )
{
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
mbedtls_platform_zeroize(*buf, *n + 1);
mbedtls_free(*buf);
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fclose(f);
(*buf)[*n] = '\0';
if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
++*n;
}
return( 0 );
return 0;
}
/*
@ -632,15 +640,16 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
DHM_VALIDATE_RET(dhm != NULL);
DHM_VALIDATE_RET(path != NULL);
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
if ((ret = load_file(path, &buf, &n)) != 0) {
return ret;
}
ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
mbedtls_platform_zeroize(buf, n);
mbedtls_free(buf);
return( ret );
return ret;
}
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@ -668,7 +677,8 @@ static const char mbedtls_test_dhm_params[] = {
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
};
#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
@ -683,27 +693,29 @@ int mbedtls_dhm_self_test( int verbose )
mbedtls_dhm_init(&dhm);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DHM parameter load: ");
}
if ((ret = mbedtls_dhm_parse_dhm(&dhm,
(const unsigned char *) mbedtls_test_dhm_params,
mbedtls_test_dhm_params_len ) ) != 0 )
{
if( verbose != 0 )
mbedtls_test_dhm_params_len)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n\n");
}
exit:
mbedtls_dhm_free(&dhm);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

262
thirdparty/mbedtls/library/ecdh.c vendored
View file

@ -48,9 +48,9 @@ static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx)
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ctx->grp.id );
return ctx->grp.id;
#else
return( ctx->grp_id );
return ctx->grp_id;
#endif
}
@ -58,7 +58,7 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
{
/* At this time, all groups support ECDH. */
(void) gid;
return( 1 );
return 1;
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@ -82,14 +82,15 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
#endif
/* If multiplication is in progress, we already generated a privkey */
if( !restarting )
if (!restarting) {
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
}
MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
f_rng, p_rng, rs_ctx));
cleanup:
return( ret );
return ret;
}
/*
@ -103,7 +104,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
ECDH_VALIDATE_RET(d != NULL);
ECDH_VALIDATE_RET(Q != NULL);
ECDH_VALIDATE_RET(f_rng != NULL);
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@ -126,8 +127,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
f_rng, p_rng, rs_ctx));
if( mbedtls_ecp_is_zero( &P ) )
{
if (mbedtls_ecp_is_zero(&P)) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -137,7 +137,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
cleanup:
mbedtls_ecp_point_free(&P);
return( ret );
return ret;
}
/*
@ -152,8 +152,8 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
ECDH_VALIDATE_RET(Q != NULL);
ECDH_VALIDATE_RET(d != NULL);
ECDH_VALIDATE_RET(z != NULL);
return( ecdh_compute_shared_restartable( grp, z, Q, d,
f_rng, p_rng, NULL ) );
return ecdh_compute_shared_restartable(grp, z, Q, d,
f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
@ -199,12 +199,11 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
if( ret != 0 )
{
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
if (ret != 0) {
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
return( 0 );
return 0;
}
/*
@ -215,23 +214,22 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
ECDH_VALIDATE_RET(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
return ecdh_setup_internal(ctx, grp_id);
#else
switch( grp_id )
{
switch (grp_id) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
ctx->grp_id = grp_id;
return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id);
#endif
default:
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
ctx->grp_id = grp_id;
ecdh_init_internal(&ctx->ctx.mbed_ecdh);
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id);
}
#endif
}
@ -266,8 +264,9 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
*/
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_point_free(&ctx->Vi);
@ -275,8 +274,7 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
mbedtls_mpi_free(&ctx->_d);
ecdh_free_internal(ctx);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
mbedtls_everest_free(&ctx->ctx.everest_ecdh);
@ -310,12 +308,14 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
@ -323,27 +323,31 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng, rs_ctx ) ) != 0 )
return( ret );
f_rng, p_rng, rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
blen ) ) != 0 )
return( ret );
blen)) != 0) {
return ret;
}
buf += grp_len;
blen -= grp_len;
if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
&pt_len, buf, blen ) ) != 0 )
return( ret );
&pt_len, buf, blen)) != 0) {
return ret;
}
*olen = grp_len + pt_len;
return( 0 );
return 0;
}
/*
@ -371,21 +375,20 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled ) );
return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -396,8 +399,8 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char **buf,
const unsigned char *end)
{
return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
end - *buf ) );
return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
end - *buf);
}
/*
@ -419,25 +422,26 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(end != NULL);
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
!= 0 )
return( ret );
!= 0) {
return ret;
}
if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
return( ret );
if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) {
return ret;
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_params_internal( ctx, buf, end ) );
return ecdh_read_params_internal(ctx, buf, end);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
buf, end) );
return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
buf, end);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
buf, end ) );
return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
buf, end);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -451,18 +455,21 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If it's not our key, just import the public part as Qp */
if( side == MBEDTLS_ECDH_THEIRS )
return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
if (side == MBEDTLS_ECDH_THEIRS) {
return mbedtls_ecp_copy(&ctx->Qp, &key->Q);
}
/* Our key: import public (as Q) and private parts */
if( side != MBEDTLS_ECDH_OURS )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (side != MBEDTLS_ECDH_OURS) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
return( ret );
(ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) {
return ret;
}
return( 0 );
return 0;
}
/*
@ -478,40 +485,38 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS);
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) {
return ret;
}
else
{
} else {
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_get_params_internal( ctx, key, side ) );
return ecdh_get_params_internal(ctx, key, side);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
{
mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
MBEDTLS_EVEREST_ECDH_OURS :
MBEDTLS_EVEREST_ECDH_THEIRS;
return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
key, s) );
return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
key, s);
}
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
key, side ) );
return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
key, side);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -532,24 +537,28 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng, rs_ctx ) ) != 0 )
return( ret );
f_rng, p_rng, rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
@ -575,21 +584,20 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled ) );
return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -603,13 +611,15 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *p = buf;
if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
blen ) ) != 0 )
return( ret );
blen)) != 0) {
return ret;
}
if( (size_t)( p - buf ) != blen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if ((size_t) (p - buf) != blen) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
/*
@ -622,18 +632,17 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_public_internal( ctx, buf, blen ) );
return ecdh_read_public_internal(ctx, buf, blen);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
buf, blen ) );
return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
buf, blen);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, blen ) );
return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
buf, blen);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -654,12 +663,14 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx == NULL || ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx == NULL || ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
@ -667,25 +678,25 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng,
rs_ctx ) ) != 0 )
{
return( ret );
rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng ) ) != 0 )
{
return( ret );
&ctx->d, f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
if( mbedtls_mpi_size( &ctx->z ) > blen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (mbedtls_mpi_size(&ctx->z) > blen) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
*olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
}
return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
}
@ -708,22 +719,21 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
restart_enabled ) );
return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
blen, f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}

201
thirdparty/mbedtls/library/ecdsa.c vendored
View file

@ -52,8 +52,7 @@
/*
* Sub-context for ecdsa_verify()
*/
struct mbedtls_ecdsa_restart_ver
{
struct mbedtls_ecdsa_restart_ver {
mbedtls_mpi u1, u2; /* intermediate values */
enum { /* what to do next? */
ecdsa_ver_init = 0, /* getting started */
@ -76,8 +75,9 @@ static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
*/
static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->u1);
mbedtls_mpi_free(&ctx->u2);
@ -88,8 +88,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
/*
* Sub-context for ecdsa_sign()
*/
struct mbedtls_ecdsa_restart_sig
{
struct mbedtls_ecdsa_restart_sig {
int sign_tries;
int key_tries;
mbedtls_mpi k; /* per-signature random */
@ -118,8 +117,9 @@ static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
*/
static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->k);
mbedtls_mpi_free(&ctx->r);
@ -129,8 +129,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
/*
* Sub-context for ecdsa_sign_det()
*/
struct mbedtls_ecdsa_restart_det
{
struct mbedtls_ecdsa_restart_det {
mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */
enum { /* what to do next? */
ecdsa_det_init = 0, /* getting started */
@ -152,8 +151,9 @@ static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
*/
static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_hmac_drbg_free(&ctx->rng_ctx);
@ -179,7 +179,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
{ \
rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \
if (rs_ctx->SUB == NULL) \
return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
return MBEDTLS_ERR_ECP_ALLOC_FAILED; \
\
ecdsa_restart_## SUB ##_init(rs_ctx->SUB); \
} \
@ -226,15 +226,17 @@ static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
size_t use_size = blen > n_size ? n_size : blen;
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size));
if( use_size * 8 > grp->nbits )
if (use_size * 8 > grp->nbits) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));
}
/* While at it, reduce modulo N */
if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));
}
cleanup:
return( ret );
return ret;
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
@ -258,12 +260,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi *pk = &k, *pr = r;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/* Make sure d is in range 1..n-1 */
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
return MBEDTLS_ERR_ECP_INVALID_KEY;
}
mbedtls_ecp_point_init(&R);
mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t);
@ -271,8 +275,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(sig);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
{
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
/* redirect to our context */
p_sign_tries = &rs_ctx->sig->sign_tries;
p_key_tries = &rs_ctx->sig->key_tries;
@ -280,18 +283,18 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
pr = &rs_ctx->sig->r;
/* jump to current step */
if( rs_ctx->sig->state == ecdsa_sig_mul )
if (rs_ctx->sig->state == ecdsa_sig_mul) {
goto mul;
if( rs_ctx->sig->state == ecdsa_sig_modn )
}
if (rs_ctx->sig->state == ecdsa_sig_modn) {
goto modn;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
*p_sign_tries = 0;
do
{
if( (*p_sign_tries)++ > 10 )
{
do {
if ((*p_sign_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -301,10 +304,8 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
* and set r = xR mod n
*/
*p_key_tries = 0;
do
{
if( (*p_key_tries)++ > 10 )
{
do {
if ((*p_key_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -312,8 +313,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_mul;
}
mul:
#endif
@ -322,12 +324,12 @@ mul:
p_rng_blind,
ECDSA_RS_ECP));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
}
while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(pr, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_modn;
}
modn:
#endif
@ -360,12 +362,12 @@ modn:
MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
}
while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(s, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
mbedtls_mpi_copy(r, pr);
}
#endif
cleanup:
@ -374,13 +376,12 @@ cleanup:
ECDSA_RS_LEAVE(sig);
return( ret );
return ret;
}
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
{
switch( gid )
{
switch (gid) {
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
case MBEDTLS_ECP_DP_CURVE25519: return 0;
#endif
@ -406,8 +407,8 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
/* Use the same RNG for both blinding and ephemeral key generation */
return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL ) );
return ecdsa_sign_restartable(grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
@ -431,8 +432,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
const mbedtls_md_info_t *md_info;
mbedtls_mpi h;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
mbedtls_mpi_init(&h);
mbedtls_hmac_drbg_init(&rng_ctx);
@ -440,15 +442,15 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(det);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
{
if (rs_ctx != NULL && rs_ctx->det != NULL) {
/* redirect to our context */
p_rng = &rs_ctx->det->rng_ctx;
/* jump to current step */
if( rs_ctx->det->state == ecdsa_det_sign )
if (rs_ctx->det->state == ecdsa_det_sign) {
goto sign;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
@ -458,8 +460,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
if (rs_ctx != NULL && rs_ctx->det != NULL) {
rs_ctx->det->state = ecdsa_det_sign;
}
sign:
#endif
@ -469,12 +472,11 @@ sign:
ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng);
#else
if( f_rng_blind != NULL )
if (f_rng_blind != NULL) {
ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
f_rng_blind, p_rng_blind, rs_ctx);
else
{
} else {
mbedtls_hmac_drbg_context *p_rng_blind_det;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
@ -494,8 +496,7 @@ sign:
ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det,
(const unsigned char *) blind_label,
strlen(blind_label));
if( ret != 0 )
{
if (ret != 0) {
mbedtls_hmac_drbg_free(&rng_ctx_blind);
goto cleanup;
}
@ -540,7 +541,7 @@ cleanup:
ECDSA_RS_LEAVE(det);
return( ret );
return ret;
}
/*
@ -559,8 +560,8 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
ECDSA_VALIDATE_RET(d != NULL);
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
NULL, NULL, NULL ) );
return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
NULL, NULL, NULL);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -579,8 +580,8 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
ECDSA_VALIDATE_RET(f_rng_blind != NULL);
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL ) );
return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL);
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@ -605,30 +606,30 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
ECDSA_RS_ENTER(ver);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ver != NULL )
{
if (rs_ctx != NULL && rs_ctx->ver != NULL) {
/* redirect to our context */
pu1 = &rs_ctx->ver->u1;
pu2 = &rs_ctx->ver->u2;
/* jump to current step */
if( rs_ctx->ver->state == ecdsa_ver_muladd )
if (rs_ctx->ver->state == ecdsa_ver_muladd) {
goto muladd;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Step 1: make sure r and s are in range 1..n-1
*/
if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
{
mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -652,8 +653,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ver != NULL )
if (rs_ctx != NULL && rs_ctx->ver != NULL) {
rs_ctx->ver->state = ecdsa_ver_muladd;
}
muladd:
#endif
@ -663,8 +665,7 @@ muladd:
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
&R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
if( mbedtls_ecp_is_zero( &R ) )
{
if (mbedtls_ecp_is_zero(&R)) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -678,8 +679,7 @@ muladd:
/*
* Step 8: check if v (that is, R.X) is equal to r
*/
if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -691,7 +691,7 @@ cleanup:
ECDSA_RS_LEAVE(ver);
return( ret );
return ret;
}
/*
@ -709,7 +709,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
ECDSA_VALIDATE_RET(s != NULL);
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
}
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
@ -729,12 +729,13 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
memcpy(sig, p, len);
*slen = len;
return( 0 );
return 0;
}
/*
@ -784,7 +785,7 @@ cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return( ret );
return ret;
}
/*
@ -801,8 +802,8 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
ECDSA_VALIDATE_RET(slen != NULL);
return( mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
return mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
@ -816,8 +817,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
ECDSA_VALIDATE_RET(slen != NULL);
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL ) );
return mbedtls_ecdsa_write_signature(ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL);
}
#endif
@ -831,8 +832,8 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
return( mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL ) );
return mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL);
}
/*
@ -856,22 +857,19 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
mbedtls_mpi_init(&s);
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
if( p + len != end )
{
if (p + len != end) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto cleanup;
}
if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -879,25 +877,28 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
(void) rs_ctx;
if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
&ctx->Q, &r, &s ) ) != 0 )
&ctx->Q, &r, &s)) != 0) {
goto cleanup;
}
#else
if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen,
&ctx->Q, &r, &s, rs_ctx ) ) != 0 )
&ctx->Q, &r, &s, rs_ctx)) != 0) {
goto cleanup;
}
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific
* error code if the valid signature is followed by more data. */
if( p != end )
if (p != end) {
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
}
cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return( ret );
return ret;
}
#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
@ -912,11 +913,12 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
ECDSA_VALIDATE_RET(f_rng != NULL);
ret = mbedtls_ecp_group_load(&ctx->grp, gid);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
&ctx->Q, f_rng, p_rng ) );
return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,
&ctx->Q, f_rng, p_rng);
}
#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
@ -931,12 +933,11 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke
if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
(ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
{
(ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
mbedtls_ecdsa_free(ctx);
}
return( ret );
return ret;
}
/*
@ -954,8 +955,9 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
*/
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_ecp_keypair_free(ctx);
}
@ -982,8 +984,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
*/
void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_ecp_restart_free(&ctx->ecp);

173
thirdparty/mbedtls/library/ecjpake.c vendored
View file

@ -78,8 +78,9 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
*/
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
ctx->md_info = NULL;
mbedtls_ecp_group_free(&ctx->grp);
@ -114,18 +115,20 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
ctx->role = role;
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
if ((ctx->md_info = mbedtls_md_info_from_type(hash)) == NULL) {
return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
cleanup:
if( ret != 0 )
if (ret != 0) {
mbedtls_ecjpake_free(ctx);
}
return( ret );
return ret;
}
/*
@ -137,12 +140,11 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
if (ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
{
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ctx->s.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
/*
@ -158,19 +160,21 @@ static int ecjpake_write_len_point( unsigned char **p,
size_t len;
/* Need at least 4 for length plus 1 for point */
if( end < *p || end - *p < 5 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p || end - *p < 5) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
ret = mbedtls_ecp_point_write_binary(grp, P, pf,
&len, *p + 4, end - (*p + 4));
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
MBEDTLS_PUT_UINT32_BE(len, *p, 0);
*p += 4 + len;
return( 0 );
return 0;
}
/*
@ -203,14 +207,16 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V));
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X));
if( end - p < 4 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end - p < 4) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
MBEDTLS_PUT_UINT32_BE(id_len, p, 0);
p += 4;
if( end < p || (size_t)( end - p ) < id_len )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < p || (size_t) (end - p) < id_len) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
memcpy(p, id, id_len);
p += id_len;
@ -224,7 +230,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
cleanup:
return( ret );
return ret;
}
/*
@ -255,21 +261,20 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
* opaque r<1..2^8-1>;
* } ECSchnorrZKP;
*/
if( end < *p )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (end < *p) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
if( end < *p || (size_t)( end - *p ) < 1 )
{
if (end < *p || (size_t) (end - *p) < 1) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
r_len = *(*p)++;
if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
{
if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -284,8 +289,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
&VV, &h, X, &r, G));
if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
{
if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -296,7 +300,7 @@ cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&h);
return( ret );
return ret;
}
/*
@ -320,8 +324,9 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
mbedtls_mpi h; /* later recycled to hold r */
size_t len;
if( end < *p )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
mbedtls_ecp_point_init(&V);
mbedtls_mpi_init(&v);
@ -341,8 +346,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
*p += len;
len = mbedtls_mpi_size(&h); /* actually r */
if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
{
if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -356,7 +360,7 @@ cleanup:
mbedtls_mpi_free(&v);
mbedtls_mpi_free(&h);
return( ret );
return ret;
}
/*
@ -374,8 +378,9 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( end < *p )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (end < *p) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/*
* struct {
@ -384,8 +389,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
* } ECJPAKEKeyKP;
*/
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
if( mbedtls_ecp_is_zero( X ) )
{
if (mbedtls_ecp_is_zero(X)) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
@ -393,7 +397,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_info, grp, pf, G, X, id, p, end));
cleanup:
return( ret );
return ret;
}
/*
@ -415,8 +419,9 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( end < *p )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
/* Generate key (7.4.2.3.1) and write it out */
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
@ -430,7 +435,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
p, end, f_rng, p_rng));
cleanup:
return( ret );
return ret;
}
/*
@ -459,11 +464,12 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xa, id, &p, end));
MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xb, id, &p, end));
if( p != end )
if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
cleanup:
return( ret );
return ret;
}
/*
@ -497,7 +503,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
*olen = p - buf;
cleanup:
return( ret );
return ret;
}
/*
@ -510,10 +516,10 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(ctx != NULL);
ECJPAKE_VALIDATE_RET(buf != NULL);
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
return ecjpake_kkpp_read(ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->Xp1, &ctx->Xp2, ID_PEER,
buf, len ) );
buf, len);
}
/*
@ -529,10 +535,10 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(olen != NULL);
ECJPAKE_VALIDATE_RET(f_rng != NULL);
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
return ecjpake_kkpp_write(ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
ID_MINE, buf, len, olen, f_rng, p_rng ) );
ID_MINE, buf, len, olen, f_rng, p_rng);
}
/*
@ -555,7 +561,7 @@ static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup:
mbedtls_mpi_free(&one);
return( ret );
return ret;
}
/*
@ -592,11 +598,9 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
{
if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
if( grp.id != ctx->grp.id )
{
if (grp.id != ctx->grp.id) {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
}
@ -606,8 +610,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
ctx->point_format,
&G, &ctx->Xp, ID_PEER, &p, end));
if( p != end )
{
if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -616,7 +619,7 @@ cleanup:
mbedtls_ecp_group_free(&grp);
mbedtls_ecp_point_free(&G);
return( ret );
return ret;
}
/*
@ -647,7 +650,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
cleanup:
mbedtls_mpi_free(&b);
return( ret );
return ret;
}
/*
@ -696,10 +699,8 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
{
if( end < p )
{
if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -708,8 +709,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
p += ec_len;
}
if( end < p )
{
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -729,7 +729,7 @@ cleanup:
mbedtls_ecp_point_free(&Xm);
mbedtls_mpi_free(&xm);
return( ret );
return ret;
}
/*
@ -752,8 +752,9 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(f_rng != NULL);
*olen = mbedtls_md_get_size(ctx->md_info);
if( len < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (len < *olen) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
mbedtls_ecp_point_init(&K);
mbedtls_mpi_init(&m_xm2_s);
@ -784,7 +785,7 @@ cleanup:
mbedtls_mpi_free(&m_xm2_s);
mbedtls_mpi_free(&one);
return( ret );
return ret;
}
#undef ID_MINE
@ -801,7 +802,7 @@ cleanup:
int mbedtls_ecjpake_self_test(int verbose)
{
(void) verbose;
return( 0 );
return 0;
}
#else
@ -953,7 +954,7 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
&ctx->grp.G, NULL, NULL));
cleanup:
return( ret );
return ret;
}
#endif /* ! MBEDTLS_ECJPAKE_ALT */
@ -965,8 +966,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
static uint32_t x = 42;
(void) p;
while( len > 0 )
{
while (len > 0) {
size_t use_len = len > 4 ? 4 : len;
x = 1664525 * x + 1013904223;
memcpy(out, &x, use_len);
@ -974,7 +974,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
len -= use_len;
}
return( 0 );
return 0;
}
#define TEST_ASSERT(x) \
@ -1002,8 +1002,9 @@ int mbedtls_ecjpake_self_test( int verbose )
mbedtls_ecjpake_init(&cli);
mbedtls_ecjpake_init(&srv);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #0 (setup): ");
}
TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
@ -1015,11 +1016,13 @@ int mbedtls_ecjpake_self_test( int verbose )
ecjpake_test_password,
sizeof(ecjpake_test_password)) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #1 (random handshake): ");
}
TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli,
buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
@ -1050,8 +1053,9 @@ int mbedtls_ecjpake_self_test( int verbose )
TEST_ASSERT(len == pmslen);
TEST_ASSERT(memcmp(buf, pms, len) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
@ -1059,8 +1063,9 @@ int mbedtls_ecjpake_self_test( int verbose )
* are generated. This is only the case for the internal mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #2 (reference handshake): ");
}
/* Simulate generation of round one */
MBEDTLS_MPI_CHK(ecjpake_test_load(&cli,
@ -1105,26 +1110,28 @@ int mbedtls_ecjpake_self_test( int verbose )
TEST_ASSERT(len == sizeof(ecjpake_test_pms));
TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
#endif /* ! MBEDTLS_ECJPAKE_ALT */
cleanup:
mbedtls_ecjpake_free(&cli);
mbedtls_ecjpake_free(&srv);
if( ret != 0 )
{
if( verbose != 0 )
if (ret != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( ret );
return ret;
}
#undef TEST_ASSERT

1004
thirdparty/mbedtls/library/ecp.c vendored
View file

File diff suppressed because it is too large Load diff

181
thirdparty/mbedtls/library/ecp_curves.c vendored
View file

@ -533,7 +533,7 @@ static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
#if defined(ECP_LOAD_GROUP)
/*
* Create an MPI from embedded constants
* (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
* (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
*/
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
@ -565,8 +565,9 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
const mbedtls_mpi_uint *n, size_t nlen)
{
ecp_mpi_load(&grp->P, p, plen);
if( a != NULL )
if (a != NULL) {
ecp_mpi_load(&grp->A, a, alen);
}
ecp_mpi_load(&grp->B, b, blen);
ecp_mpi_load(&grp->N, n, nlen);
@ -579,7 +580,7 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
grp->h = 1;
return( 0 );
return 0;
}
#endif /* ECP_LOAD_GROUP */
@ -680,10 +681,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
grp->nbits = 254;
cleanup:
if( ret != 0 )
if (ret != 0) {
mbedtls_ecp_group_free(grp);
}
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@ -735,10 +737,11 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
cleanup:
mbedtls_mpi_free(&Ns);
if( ret != 0 )
if (ret != 0) {
mbedtls_ecp_group_free(grp);
}
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@ -754,86 +757,85 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
grp->id = id;
switch( id )
{
switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
NIST_MODP(p192);
return( LOAD_GROUP( secp192r1 ) );
return LOAD_GROUP(secp192r1);
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
NIST_MODP(p224);
return( LOAD_GROUP( secp224r1 ) );
return LOAD_GROUP(secp224r1);
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
NIST_MODP(p256);
return( LOAD_GROUP( secp256r1 ) );
return LOAD_GROUP(secp256r1);
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
NIST_MODP(p384);
return( LOAD_GROUP( secp384r1 ) );
return LOAD_GROUP(secp384r1);
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
NIST_MODP(p521);
return( LOAD_GROUP( secp521r1 ) );
return LOAD_GROUP(secp521r1);
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
grp->modp = ecp_mod_p192k1;
return( LOAD_GROUP_A( secp192k1 ) );
return LOAD_GROUP_A(secp192k1);
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
grp->modp = ecp_mod_p224k1;
return( LOAD_GROUP_A( secp224k1 ) );
return LOAD_GROUP_A(secp224k1);
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
grp->modp = ecp_mod_p256k1;
return( LOAD_GROUP_A( secp256k1 ) );
return LOAD_GROUP_A(secp256k1);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
return( LOAD_GROUP_A( brainpoolP256r1 ) );
return LOAD_GROUP_A(brainpoolP256r1);
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
return( LOAD_GROUP_A( brainpoolP384r1 ) );
return LOAD_GROUP_A(brainpoolP384r1);
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
return( LOAD_GROUP_A( brainpoolP512r1 ) );
return LOAD_GROUP_A(brainpoolP512r1);
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
grp->modp = ecp_mod_p255;
return( ecp_use_curve25519( grp ) );
return ecp_use_curve25519(grp);
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
grp->modp = ecp_mod_p448;
return( ecp_use_curve448( grp ) );
return ecp_use_curve448(grp);
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
default:
grp->id = MBEDTLS_ECP_DP_NONE;
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
}
@ -866,8 +868,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
{
unsigned char i;
mbedtls_mpi_uint c = 0;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
{
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
*dst += c; c = (*dst < c);
*dst += *src; c += (*dst < *src);
}
@ -878,8 +879,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
{
unsigned char i;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
{
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
*dst += *carry;
*carry = (*dst < *carry);
}
@ -911,7 +911,7 @@ static int ecp_mod_p192( mbedtls_mpi *N )
ADD(4); ADD(5); LAST; // A2 += A4 + A5
cleanup:
return( ret );
return ret;
}
#undef WIDTH
@ -1024,15 +1024,14 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
/* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
* set the absolute value to 0xfff...fff - N. There is no carry
* since we're subtracting from all-bits-one. */
for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
{
for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
}
/* Add 1, taking care of the carry. */
i = 0;
do
do {
++N->p[i];
while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
} while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
/* Invert the sign.
* Now N = N0 - 2^bits where N0 is the initial value of N. */
N->s = -1;
@ -1041,8 +1040,9 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
* negative, this adds c * 2^bits. */
mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
#if defined(MBEDTLS_HAVE_INT64)
if( bits == 224 )
if (bits == 224) {
msw <<= 32;
}
#endif
N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
}
@ -1064,7 +1064,7 @@ static int ecp_mod_p224( mbedtls_mpi *N )
SUB(13); ADD(10); LAST; // A6 += -A13 + A10
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
@ -1101,7 +1101,7 @@ static int ecp_mod_p256( mbedtls_mpi *N )
SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
@ -1150,7 +1150,7 @@ static int ecp_mod_p384( mbedtls_mpi *N )
SUB(22); LAST; // A11
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
@ -1192,28 +1192,31 @@ static int ecp_mod_p521( mbedtls_mpi *N )
* we need to hold bits 513 to 1056, which is 34 limbs, that is
* P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
if( N->n < P521_WIDTH )
return( 0 );
if (N->n < P521_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P521_WIDTH - 1);
if( M.n > P521_WIDTH + 1 )
if (M.n > P521_WIDTH + 1) {
M.n = P521_WIDTH + 1;
}
M.p = Mp;
memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
/* N = A0 */
N->p[P521_WIDTH - 1] &= P521_MASK;
for( i = P521_WIDTH; i < N->n; i++ )
for (i = P521_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#undef P521_WIDTH
@ -1238,31 +1241,34 @@ static int ecp_mod_p255( mbedtls_mpi *N )
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P255_WIDTH + 2];
if( N->n < P255_WIDTH )
return( 0 );
if (N->n < P255_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P255_WIDTH - 1);
if( M.n > P255_WIDTH + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (M.n > P255_WIDTH + 1) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
memset( Mp, 0, sizeof Mp );
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
M.n++; /* Make room for multiplication by 19 */
/* N = A0 */
MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0));
for( i = P255_WIDTH; i < N->n; i++ )
for (i = P255_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + 19 * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@ -1295,22 +1301,25 @@ static int ecp_mod_p448( mbedtls_mpi *N )
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
if( N->n <= P448_WIDTH )
return( 0 );
if (N->n <= P448_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P448_WIDTH);
if( M.n > P448_WIDTH )
if (M.n > P448_WIDTH) {
/* Shouldn't be called with N larger than 2^896! */
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
/* N = A0 */
for( i = P448_WIDTH; i < N->n; i++ )
for (i = P448_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N += A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
@ -1323,17 +1332,19 @@ static int ecp_mod_p448( mbedtls_mpi *N )
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
/* M = (B0 + B1) * 2^224, N += M */
if( sizeof( mbedtls_mpi_uint ) > 4 )
if (sizeof(mbedtls_mpi_uint) > 4) {
Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
for( i = P224_WIDTH_MAX; i < M.n; ++i )
}
for (i = P224_WIDTH_MAX; i < M.n; ++i) {
Mp[i] = 0;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@ -1357,8 +1368,9 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs )
return( 0 );
if (N->n < p_limbs) {
return 0;
}
/* Init R */
R.s = 1;
@ -1371,19 +1383,23 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
/* M = A1 */
M.n = N->n - (p_limbs - adjust);
if( M.n > p_limbs + adjust )
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
}
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if( shift != 0 )
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
}
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
if (mask != 0) {
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
}
for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
@ -1393,26 +1409,30 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
/* M = A1 */
M.n = N->n - (p_limbs - adjust);
if( M.n > p_limbs + adjust )
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
}
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if( shift != 0 )
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
}
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
if (mask != 0) {
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
}
for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
@ -1427,10 +1447,11 @@ static int ecp_mod_p192k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
0x00)
};
return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
@ -1443,13 +1464,14 @@ static int ecp_mod_p224k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
0x00)
};
#if defined(MBEDTLS_HAVE_INT64)
return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
#else
return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
#endif
}
@ -1464,9 +1486,10 @@ static int ecp_mod_p256k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
0x00)
};
return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */

304
thirdparty/mbedtls/library/entropy.c vendored
View file

@ -109,8 +109,9 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
{
/* If the context was already free, don't call free() again.
* This is important for mutexes which don't allow double-free. */
if( ctx->accumulator_started == -1 )
if (ctx->accumulator_started == -1) {
return;
}
#if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_free(&ctx->havege_data);
@ -138,13 +139,13 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
int idx, ret = 0;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
idx = ctx->source_count;
if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
{
if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
goto exit;
}
@ -158,11 +159,12 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
exit:
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
/*
@ -177,14 +179,15 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
const unsigned char *p = data;
int ret = 0;
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
{
if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0) {
goto cleanup;
}
#else
if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
if ((ret = mbedtls_sha256_ret(data, len, tmp, 0)) != 0) {
goto cleanup;
}
#endif
p = tmp;
use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
@ -200,28 +203,32 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
*/
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
if (ctx->accumulator_started == 0 &&
( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
(ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) {
goto cleanup;
else
} else {
ctx->accumulator_started = 1;
if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
}
if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, header, 2)) != 0) {
goto cleanup;
}
ret = mbedtls_sha512_update_ret(&ctx->accumulator, p, use_len);
#else
if (ctx->accumulator_started == 0 &&
( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
(ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) {
goto cleanup;
else
} else {
ctx->accumulator_started = 1;
if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
}
if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, header, 2)) != 0) {
goto cleanup;
}
ret = mbedtls_sha256_update_ret(&ctx->accumulator, p, use_len);
#endif
cleanup:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return( ret );
return ret;
}
int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
@ -230,18 +237,20 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len);
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
/*
@ -255,43 +264,44 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
size_t olen;
if( ctx->source_count == 0 )
return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
if (ctx->source_count == 0) {
return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
}
/*
* Run through our entropy sources
*/
for( i = 0; i < ctx->source_count; i++ )
{
if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
for (i = 0; i < ctx->source_count; i++) {
if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
have_one_strong = 1;
}
olen = 0;
if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
{
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
goto cleanup;
}
/*
* Add if we actually gathered something
*/
if( olen > 0 )
{
if (olen > 0) {
if ((ret = entropy_update(ctx, (unsigned char) i,
buf, olen ) ) != 0 )
return( ret );
buf, olen)) != 0) {
return ret;
}
ctx->source[i].size += olen;
}
}
if( have_one_strong == 0 )
if (have_one_strong == 0) {
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
}
cleanup:
mbedtls_platform_zeroize(buf, sizeof(buf));
return( ret );
return ret;
}
/*
@ -302,18 +312,20 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
ret = entropy_gather_internal(ctx);
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
int mbedtls_entropy_func(void *data, unsigned char *output, size_t len)
@ -323,51 +335,52 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/* Update the NV entropy seed before generating any entropy for outside
* use.
*/
if( ctx->initial_entropy_run == 0 )
{
if (ctx->initial_entropy_run == 0) {
ctx->initial_entropy_run = 1;
if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
return( ret );
if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) {
return ret;
}
}
#endif
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
/*
* Always gather extra entropy before a call
*/
do
{
if( count++ > ENTROPY_MAX_LOOP )
{
do {
if (count++ > ENTROPY_MAX_LOOP) {
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
if ((ret = entropy_gather_internal(ctx)) != 0) {
goto exit;
}
thresholds_reached = 1;
strong_size = 0;
for( i = 0; i < ctx->source_count; i++ )
{
if( ctx->source[i].size < ctx->source[i].threshold )
for (i = 0; i < ctx->source_count; i++) {
if (ctx->source[i].size < ctx->source[i].threshold) {
thresholds_reached = 0;
if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
}
if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
strong_size += ctx->source[i].size;
}
}
while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
} while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
@ -377,51 +390,60 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
* in a previous call to entropy_update(). If this is not guaranteed, the
* code below will fail.
*/
if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
if ((ret = mbedtls_sha512_finish_ret(&ctx->accumulator, buf)) != 0) {
goto exit;
}
/*
* Reset accumulator and counters and recycle existing entropy
*/
mbedtls_sha512_free(&ctx->accumulator);
mbedtls_sha512_init(&ctx->accumulator);
if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
if ((ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) {
goto exit;
}
if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
goto exit;
}
/*
* Perform second SHA-512 on entropy
*/
if ((ret = mbedtls_sha512_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
buf, 0)) != 0) {
goto exit;
}
#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
if ((ret = mbedtls_sha256_finish_ret(&ctx->accumulator, buf)) != 0) {
goto exit;
}
/*
* Reset accumulator and counters and recycle existing entropy
*/
mbedtls_sha256_free(&ctx->accumulator);
mbedtls_sha256_init(&ctx->accumulator);
if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
if ((ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) {
goto exit;
}
if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
goto exit;
}
/*
* Perform second SHA-256 on entropy
*/
if ((ret = mbedtls_sha256_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
buf, 0)) != 0) {
goto exit;
}
#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
for( i = 0; i < ctx->source_count; i++ )
for (i = 0; i < ctx->source_count; i++) {
ctx->source[i].size = 0;
}
memcpy(output, buf, len);
@ -431,11 +453,12 @@ exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
#if defined(MBEDTLS_ENTROPY_NV_SEED)
@ -445,17 +468,19 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
/* Read new seed and write it to NV */
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
return( ret );
if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
return ret;
}
if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
/* Manually update the remaining stream with a separator value to diverge */
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
return( ret );
return ret;
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
@ -466,20 +491,17 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
FILE *f = NULL;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
{
if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
if( ( f = fopen( path, "wb" ) ) == NULL )
{
if ((f = fopen(path, "wb")) == NULL) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
{
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
@ -489,10 +511,11 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
if( f != NULL )
if (f != NULL) {
fclose(f);
}
return( ret );
return ret;
}
int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path)
@ -502,29 +525,33 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
size_t n;
unsigned char buf[MBEDTLS_ENTROPY_MAX_SEED_SIZE];
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
if ((f = fopen(path, "rb")) == NULL) {
return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
}
fseek(f, 0, SEEK_END);
n = (size_t) ftell(f);
fseek(f, 0, SEEK_SET);
if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {
n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
}
if( fread( buf, 1, n, f ) != n )
if (fread(buf, 1, n, f) != n) {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
else
} else {
ret = mbedtls_entropy_update_manual(ctx, buf, n);
}
fclose(f);
mbedtls_platform_zeroize(buf, sizeof(buf));
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
return( mbedtls_entropy_write_seed_file( ctx, path ) );
return mbedtls_entropy_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@ -541,7 +568,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
memset(output, 0x2a, len);
*olen = len;
return( 0 );
return 0;
}
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
@ -554,22 +581,21 @@ static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t b
size_t olen = 0;
size_t attempts = buf_len;
while( attempts > 0 && entropy_len < buf_len )
{
while (attempts > 0 && entropy_len < buf_len) {
if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
buf_len - entropy_len, &olen ) ) != 0 )
return( ret );
buf_len - entropy_len, &olen)) != 0) {
return ret;
}
entropy_len += olen;
attempts--;
}
if( entropy_len < buf_len )
{
if (entropy_len < buf_len) {
ret = 1;
}
return( ret );
return ret;
}
@ -580,17 +606,16 @@ static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf
unsigned char unset = 0x00;
size_t i;
for( i = 0; i < buf_len; i++ )
{
for (i = 0; i < buf_len; i++) {
set &= buf[i];
unset |= buf[i];
}
return( set == 0xFF || unset == 0x00 );
return set == 0xFF || unset == 0x00;
}
/*
* A test to ensure hat the entropy sources are functioning correctly
* A test to ensure that the entropy sources are functioning correctly
* and there is no obvious failure. The test performs the following checks:
* - The entropy source is not providing only 0s (all bits unset) or 1s (all
* bits set).
@ -606,39 +631,44 @@ int mbedtls_entropy_source_self_test( int verbose )
unsigned char buf0[2 * sizeof(unsigned long long int)];
unsigned char buf1[2 * sizeof(unsigned long long int)];
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ENTROPY_BIAS test: ");
}
memset(buf0, 0x00, sizeof(buf0));
memset(buf1, 0x00, sizeof(buf1));
if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) {
goto cleanup;
if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
}
if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) {
goto cleanup;
}
/* Make sure that the returned values are not all 0 or 1 */
if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) {
goto cleanup;
if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
}
if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) {
goto cleanup;
}
/* Make sure that the entropy source is not returning values in a
* pattern */
ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
cleanup:
if( verbose != 0 )
{
if( ret != 0 )
if (verbose != 0) {
if (ret != 0) {
mbedtls_printf("failed\n");
else
} else {
mbedtls_printf("passed\n");
}
mbedtls_printf("\n");
}
return( ret != 0 );
return ret != 0;
}
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
@ -658,23 +688,27 @@ int mbedtls_entropy_self_test( int verbose )
size_t i, j;
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ENTROPY test: ");
}
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_init(&ctx);
/* First do a gather to make sure we have default sources */
if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
if ((ret = mbedtls_entropy_gather(&ctx)) != 0) {
goto cleanup;
}
ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16,
MBEDTLS_ENTROPY_SOURCE_WEAK);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
}
/*
* To test that mbedtls_entropy_func writes correct number of bytes:
@ -684,44 +718,44 @@ int mbedtls_entropy_self_test( int verbose )
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
for( i = 0; i < 8; i++ )
{
if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
for (i = 0; i < 8; i++) {
if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
for( j = 0; j < sizeof( buf ); j++ )
acc[j] |= buf[j];
}
for( j = 0; j < sizeof( buf ); j++ )
{
if( acc[j] == 0 )
{
for (j = 0; j < sizeof(buf); j++) {
acc[j] |= buf[j];
}
}
for (j = 0; j < sizeof(buf); j++) {
if (acc[j] == 0) {
ret = 1;
goto cleanup;
}
}
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
if ((ret = mbedtls_entropy_source_self_test(0)) != 0) {
goto cleanup;
}
#endif
cleanup:
mbedtls_entropy_free(&ctx);
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
if( verbose != 0 )
{
if( ret != 0 )
if (verbose != 0) {
if (ret != 0) {
mbedtls_printf("failed\n");
else
} else {
mbedtls_printf("passed\n");
}
mbedtls_printf("\n");
}
return( ret != 0 );
return ret != 0;
}
#endif /* MBEDTLS_SELF_TEST */

86
thirdparty/mbedtls/library/entropy_poll.c vendored
View file

@ -45,7 +45,8 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#error \
"Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@ -81,19 +82,17 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len
* 64-bit Windows platforms. Ensure len's value can be safely converted into
* a ULONG.
*/
if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) )
{
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (FAILED(SizeTToULong(len, &len_as_ulong))) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) )
{
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = len;
return( 0 );
return 0;
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
@ -117,7 +116,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
memset(buf, 0, buflen);
#endif
#endif
return( syscall( SYS_getrandom, buf, buflen, flags ) );
return syscall(SYS_getrandom, buf, buflen, flags);
}
#endif /* SYS_getrandom */
#endif /* __linux__ || __midipix__ */
@ -159,15 +158,15 @@ static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
name[0] = CTL_KERN;
name[1] = KERN_ARND;
while( buflen > 0 )
{
while (buflen > 0) {
len = buflen > 256 ? 256 : buflen;
if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
return( -1 );
if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
return -1;
}
buflen -= len;
buf += len;
}
return( 0 );
return 0;
}
#endif /* KERN_ARND */
#endif /* __FreeBSD__ || __NetBSD__ */
@ -184,13 +183,12 @@ int mbedtls_platform_entropy_poll( void *data,
#if defined(HAVE_GETRANDOM)
ret = getrandom_wrapper(output, len, 0);
if( ret >= 0 )
{
if (ret >= 0) {
*olen = ret;
return( 0 );
return 0;
} else if (errno != ENOSYS) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
else if( errno != ENOSYS )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
/* Fall through if the system call isn't known. */
#else
((void) ret);
@ -199,29 +197,30 @@ int mbedtls_platform_entropy_poll( void *data,
#if defined(HAVE_SYSCTL_ARND)
((void) file);
((void) read_len);
if( sysctl_arnd_wrapper( output, len ) == -1 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (sysctl_arnd_wrapper(output, len) == -1) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = len;
return( 0 );
return 0;
#else
*olen = 0;
file = fopen("/dev/urandom", "rb");
if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (file == NULL) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
read_len = fread(output, 1, len, file);
if( read_len != len )
{
if (read_len != len) {
fclose(file);
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
fclose(file);
*olen = len;
return( 0 );
return 0;
#endif /* HAVE_SYSCTL_ARND */
}
#endif /* _WIN32 && !EFIX64 && !EFI32 */
@ -235,12 +234,13 @@ int mbedtls_null_entropy_poll( void *data,
((void) output);
*olen = 0;
if( len < sizeof(unsigned char) )
return( 0 );
if (len < sizeof(unsigned char)) {
return 0;
}
output[0] = 0;
*olen = sizeof(unsigned char);
return( 0 );
return 0;
}
#endif
@ -252,13 +252,14 @@ int mbedtls_hardclock_poll( void *data,
((void) data);
*olen = 0;
if( len < sizeof(unsigned long) )
return( 0 );
if (len < sizeof(unsigned long)) {
return 0;
}
memcpy(output, &timer, sizeof(unsigned long));
*olen = sizeof(unsigned long);
return( 0 );
return 0;
}
#endif /* MBEDTLS_TIMING_C */
@ -269,12 +270,13 @@ int mbedtls_havege_poll( void *data,
mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
*olen = 0;
if( mbedtls_havege_random( hs, output, len ) != 0 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (mbedtls_havege_random(hs, output, len) != 0) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = len;
return( 0 );
return 0;
}
#endif /* MBEDTLS_HAVEGE_C */
@ -288,16 +290,18 @@ int mbedtls_nv_seed_poll( void *data,
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
if( len < use_len )
if (len < use_len) {
use_len = len;
}
memcpy(output, buf, use_len);
*olen = use_len;
return( 0 );
return 0;
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */

50
thirdparty/mbedtls/library/error.c vendored
View file

@ -211,14 +211,14 @@ const char * mbedtls_high_level_strerr( int error_code )
{
int high_level_error_code;
if( error_code < 0 )
if (error_code < 0) {
error_code = -error_code;
}
/* Extract the high-level part from the error code. */
high_level_error_code = error_code & 0xFF80;
switch( high_level_error_code )
{
switch (high_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_CIPHER_C)
case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
@ -568,21 +568,21 @@ const char * mbedtls_high_level_strerr( int error_code )
break;
}
return( NULL );
return NULL;
}
const char *mbedtls_low_level_strerr(int error_code)
{
int low_level_error_code;
if( error_code < 0 )
if (error_code < 0) {
error_code = -error_code;
}
/* Extract the low-level part from the error code. */
low_level_error_code = error_code & ~0xFF80;
switch( low_level_error_code )
{
switch (low_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_AES_C)
case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
@ -886,7 +886,7 @@ const char * mbedtls_low_level_strerr( int error_code )
break;
}
return( NULL );
return NULL;
}
void mbedtls_strerror(int ret, char *buf, size_t buflen)
@ -896,48 +896,52 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
const char *high_level_error_description = NULL;
const char *low_level_error_description = NULL;
if( buflen == 0 )
if (buflen == 0) {
return;
}
memset(buf, 0x00, buflen);
if( ret < 0 )
if (ret < 0) {
ret = -ret;
}
if( ret & 0xFF80 )
{
if (ret & 0xFF80) {
use_ret = ret & 0xFF80;
// Translate high level error code.
high_level_error_description = mbedtls_high_level_strerr(ret);
if( high_level_error_description == NULL )
if (high_level_error_description == NULL) {
mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
else
} else {
mbedtls_snprintf(buf, buflen, "%s", high_level_error_description);
}
#if defined(MBEDTLS_SSL_TLS_C)
// Early return in case of a fatal error - do not try to translate low
// level code.
if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE))
if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
return;
}
#endif /* MBEDTLS_SSL_TLS_C */
}
use_ret = ret & ~0xFF80;
if( use_ret == 0 )
if (use_ret == 0) {
return;
}
// If high level code is present, make a concatenation between both
// error strings.
//
len = strlen(buf);
if( len > 0 )
{
if( buflen - len < 5 )
if (len > 0) {
if (buflen - len < 5) {
return;
}
mbedtls_snprintf(buf + len, buflen - len, " : ");
@ -948,11 +952,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
// Translate low level error code.
low_level_error_description = mbedtls_low_level_strerr(ret);
if( low_level_error_description == NULL )
if (low_level_error_description == NULL) {
mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
else
} else {
mbedtls_snprintf(buf, buflen, "%s", low_level_error_description);
}
}
#else /* MBEDTLS_ERROR_C */
@ -963,9 +968,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
{
((void) ret);
if( buflen > 0 )
if (buflen > 0) {
buf[0] = '\0';
}
}
#endif /* MBEDTLS_ERROR_C */

331
thirdparty/mbedtls/library/gcm.c vendored
View file

@ -76,8 +76,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
size_t olen = 0;
memset(h, 0, 16);
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
return( ret );
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
return ret;
}
/* pack h as two 64-bits ints, big-endian */
hi = MBEDTLS_GET_UINT32_BE(h, 0);
@ -92,18 +93,18 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx->HL[8] = vl;
ctx->HH[8] = vh;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
/* With CLMUL support, we need only h, not the rest of the table */
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
return( 0 );
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
return 0;
}
#endif
/* 0 corresponds to 0 in GF(2^128) */
ctx->HH[0] = 0;
ctx->HL[0] = 0;
for( i = 4; i > 0; i >>= 1 )
{
for (i = 4; i > 0; i >>= 1) {
uint32_t T = (vl & 1) * 0xe1000000U;
vl = (vh << 63) | (vl >> 1);
vh = (vh >> 1) ^ ((uint64_t) T << 32);
@ -112,19 +113,17 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx->HH[i] = vh;
}
for( i = 2; i <= 8; i *= 2 )
{
for (i = 2; i <= 8; i *= 2) {
uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
vh = *HiH;
vl = *HiL;
for( j = 1; j < i; j++ )
{
for (j = 1; j < i; j++) {
HiH[j] = vh ^ ctx->HH[j];
HiL[j] = vl ^ ctx->HL[j];
}
}
return( 0 );
return 0;
}
int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
@ -141,27 +140,30 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
MBEDTLS_MODE_ECB);
if( cipher_info == NULL )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
if (cipher_info == NULL) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if( cipher_info->block_size != 16 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
if (cipher_info->block_size != 16) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
return( ret );
if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
return ret;
}
if( ( ret = gcm_gen_table( ctx ) ) != 0 )
return( ret );
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
return( 0 );
if ((ret = gcm_gen_table(ctx)) != 0) {
return ret;
}
return 0;
}
/*
@ -188,7 +190,7 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
unsigned char lo, hi, rem;
uint64_t zh, zl;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
unsigned char h[16];
@ -200,20 +202,18 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
mbedtls_aesni_gcm_mult(output, x, h);
return;
}
#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
lo = x[15] & 0xf;
zh = ctx->HH[lo];
zl = ctx->HL[lo];
for( i = 15; i >= 0; i-- )
{
for (i = 15; i >= 0; i--) {
lo = x[i] & 0xf;
hi = (x[i] >> 4) & 0xf;
if( i != 15 )
{
if (i != 15) {
rem = (unsigned char) zl & 0xf;
zl = (zh << 60) | (zl >> 4);
zh = (zh >> 4);
@ -259,9 +259,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
/* IV is not allowed to be zero length */
if (iv_len == 0 ||
((uint64_t) iv_len) >> 61 != 0 ||
( (uint64_t) add_len ) >> 61 != 0 )
{
return( MBEDTLS_ERR_GCM_BAD_INPUT );
((uint64_t) add_len) >> 61 != 0) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
memset(ctx->y, 0x00, sizeof(ctx->y));
@ -271,24 +270,21 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
ctx->len = 0;
ctx->add_len = 0;
if( iv_len == 12 )
{
if (iv_len == 12) {
memcpy(ctx->y, iv, iv_len);
ctx->y[15] = 1;
}
else
{
} else {
memset(work_buf, 0x00, 16);
iv_bits = (uint64_t) iv_len * 8;
MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8);
p = iv;
while( iv_len > 0 )
{
while (iv_len > 0) {
use_len = (iv_len < 16) ? iv_len : 16;
for( i = 0; i < use_len; i++ )
for (i = 0; i < use_len; i++) {
ctx->y[i] ^= p[i];
}
gcm_mult(ctx, ctx->y, ctx->y);
@ -296,26 +292,26 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
p += use_len;
}
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
ctx->y[i] ^= work_buf[i];
}
gcm_mult(ctx, ctx->y, ctx->y);
}
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
ctx->base_ectr, &olen ) ) != 0 )
{
return( ret );
ctx->base_ectr, &olen)) != 0) {
return ret;
}
ctx->add_len = add_len;
p = add;
while( add_len > 0 )
{
while (add_len > 0) {
use_len = (add_len < 16) ? add_len : 16;
for( i = 0; i < use_len; i++ )
for (i = 0; i < use_len; i++) {
ctx->buf[i] ^= p[i];
}
gcm_mult(ctx, ctx->buf, ctx->buf);
@ -323,7 +319,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
p += use_len;
}
return( 0 );
return 0;
}
int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
@ -342,42 +338,43 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
GCM_VALIDATE_RET(length == 0 || input != NULL);
GCM_VALIDATE_RET(length == 0 || output != NULL);
if( output > input && (size_t) ( output - input ) < length )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
if (output > input && (size_t) (output - input) < length) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
if (ctx->len + length < ctx->len ||
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
{
return( MBEDTLS_ERR_GCM_BAD_INPUT );
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
ctx->len += length;
p = input;
while( length > 0 )
{
while (length > 0) {
use_len = (length < 16) ? length : 16;
for( i = 16; i > 12; i-- )
if( ++ctx->y[i - 1] != 0 )
for (i = 16; i > 12; i--) {
if (++ctx->y[i - 1] != 0) {
break;
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
&olen ) ) != 0 )
{
return( ret );
}
}
for( i = 0; i < use_len; i++ )
{
if( ctx->mode == MBEDTLS_GCM_DECRYPT )
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
&olen)) != 0) {
return ret;
}
for (i = 0; i < use_len; i++) {
if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
ctx->buf[i] ^= p[i];
}
out_p[i] = ectr[i] ^ p[i];
if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
if (ctx->mode == MBEDTLS_GCM_ENCRYPT) {
ctx->buf[i] ^= out_p[i];
}
}
gcm_mult(ctx, ctx->buf, ctx->buf);
@ -386,7 +383,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
out_p += use_len;
}
return( 0 );
return 0;
}
int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
@ -404,13 +401,13 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
orig_len = ctx->len * 8;
orig_add_len = ctx->add_len * 8;
if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
if (tag_len > 16 || tag_len < 4) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
memcpy(tag, ctx->base_ectr, tag_len);
if( orig_len || orig_add_len )
{
if (orig_len || orig_add_len) {
memset(work_buf, 0x00, 16);
MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0);
@ -418,16 +415,18 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
MBEDTLS_PUT_UINT32_BE((orig_len >> 32), work_buf, 8);
MBEDTLS_PUT_UINT32_BE((orig_len), work_buf, 12);
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
ctx->buf[i] ^= work_buf[i];
}
gcm_mult(ctx, ctx->buf, ctx->buf);
for( i = 0; i < tag_len; i++ )
for (i = 0; i < tag_len; i++) {
tag[i] ^= ctx->buf[i];
}
}
return( 0 );
return 0;
}
int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
@ -451,16 +450,19 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
GCM_VALIDATE_RET(length == 0 || output != NULL);
GCM_VALIDATE_RET(tag != NULL);
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
return( ret );
if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len, add, add_len)) != 0) {
return ret;
}
if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )
return( ret );
if ((ret = mbedtls_gcm_update(ctx, length, input, output)) != 0) {
return ret;
}
if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )
return( ret );
if ((ret = mbedtls_gcm_finish(ctx, tag, tag_len)) != 0) {
return ret;
}
return( 0 );
return 0;
}
int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
@ -488,28 +490,28 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
{
return( ret );
input, output, tag_len, check_tag)) != 0) {
return ret;
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
for (diff = 0, i = 0; i < tag_len; i++) {
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_GCM_AUTH_FAILED );
}
return( 0 );
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return MBEDTLS_ERR_GCM_AUTH_FAILED;
}
return 0;
}
void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}
@ -752,17 +754,37 @@ int mbedtls_gcm_self_test( int verbose )
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
for( j = 0; j < 3; j++ )
{
if (verbose != 0) {
#if defined(MBEDTLS_GCM_ALT)
mbedtls_printf(" GCM note: alternative implementation.\n");
#else /* MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
mbedtls_printf(" GCM note: using AESNI via ");
#if MBEDTLS_AESNI_HAVE_CODE == 1
mbedtls_printf("assembly");
#elif MBEDTLS_AESNI_HAVE_CODE == 2
mbedtls_printf("intrinsics");
#else
mbedtls_printf("(unknown)");
#endif
mbedtls_printf(".\n");
} else
#endif
mbedtls_printf(" GCM note: built-in implementation.\n");
#endif /* MBEDTLS_GCM_ALT */
}
for (j = 0; j < 3; j++) {
int key_len = 128 + 64 * j;
for( i = 0; i < MAX_TESTS; i++ )
{
for (i = 0; i < MAX_TESTS; i++) {
mbedtls_gcm_init(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" AES-GCM-%3d #%d (%s): ",
key_len, i, "enc");
}
ret = mbedtls_gcm_setkey(&ctx, cipher,
key_test_data[key_index_test_data[i]],
@ -772,13 +794,10 @@ int mbedtls_gcm_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
{
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
mbedtls_printf("skipped\n");
break;
}
else if( ret != 0 )
{
} else if (ret != 0) {
goto exit;
}
@ -793,39 +812,41 @@ int mbedtls_gcm_self_test( int verbose )
#if defined(MBEDTLS_GCM_ALT)
/* Allow alternative implementations to only support 12-byte nonces. */
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
iv_len_test_data[i] != 12 )
{
iv_len_test_data[i] != 12) {
mbedtls_printf("skipped\n");
break;
}
#endif /* defined(MBEDTLS_GCM_ALT) */
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if (memcmp(buf, ct_test_data[j * 6 + i],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
mbedtls_gcm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
mbedtls_gcm_init(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" AES-GCM-%3d #%d (%s): ",
key_len, i, "dec");
}
ret = mbedtls_gcm_setkey(&ctx, cipher,
key_test_data[key_index_test_data[i]],
key_len);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT,
pt_len_test_data[i],
@ -835,159 +856,169 @@ int mbedtls_gcm_self_test( int verbose )
add_len_test_data[i],
ct_test_data[j * 6 + i], buf, 16, tag_buf);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
mbedtls_gcm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
mbedtls_gcm_init(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" AES-GCM-%3d #%d split (%s): ",
key_len, i, "enc");
}
ret = mbedtls_gcm_setkey(&ctx, cipher,
key_test_data[key_index_test_data[i]],
key_len);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT,
iv_test_data[iv_index_test_data[i]],
iv_len_test_data[i],
additional_test_data[add_index_test_data[i]],
add_len_test_data[i]);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if( pt_len_test_data[i] > 32 )
{
if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
ret = mbedtls_gcm_update(&ctx, 32,
pt_test_data[pt_index_test_data[i]],
buf);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_gcm_update(&ctx, rest_len,
pt_test_data[pt_index_test_data[i]] + 32,
buf + 32);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
else
{
} else {
ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
pt_test_data[pt_index_test_data[i]],
buf);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
}
ret = mbedtls_gcm_finish(&ctx, tag_buf, 16);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if (memcmp(buf, ct_test_data[j * 6 + i],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
mbedtls_gcm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
mbedtls_gcm_init(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" AES-GCM-%3d #%d split (%s): ",
key_len, i, "dec");
}
ret = mbedtls_gcm_setkey(&ctx, cipher,
key_test_data[key_index_test_data[i]],
key_len);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT,
iv_test_data[iv_index_test_data[i]],
iv_len_test_data[i],
additional_test_data[add_index_test_data[i]],
add_len_test_data[i]);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if( pt_len_test_data[i] > 32 )
{
if (pt_len_test_data[i] > 32) {
size_t rest_len = pt_len_test_data[i] - 32;
ret = mbedtls_gcm_update(&ctx, 32, ct_test_data[j * 6 + i],
buf);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_gcm_update(&ctx, rest_len,
ct_test_data[j * 6 + i] + 32,
buf + 32);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
else
{
} else {
ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i],
ct_test_data[j * 6 + i],
buf);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
}
ret = mbedtls_gcm_finish(&ctx, tag_buf, 16);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
pt_len_test_data[i]) != 0 ||
memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
ret = 1;
goto exit;
}
mbedtls_gcm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
ret = 0;
exit:
if( ret != 0 )
{
if( verbose != 0 )
if (ret != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
mbedtls_gcm_free(&ctx);
}
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

Some files were not shown because too many files have changed in this diff Show more