lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-28 10:05:05 +03:00
Code

Merge pull request #6908 from Mbed-TLS/features/new-code-style/mbedtls-2.28

Browse Source 
Switch to new code style: mbedtls-2.28
This commit is contained in:
Gilles Peskine 2023-01-11 19:26:59 +01:00 committed by GitHub
commit 160df1d136
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
395 changed files with 73207 additions and 75156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/mbedtls/aes.h
View File

@ -88,8 +88,7 @@ extern "C" {
/**
* \brief The AES context-type definition.
*/
typedef struct mbedtls_aes_context
{
typedef struct mbedtls_aes_context {
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
@ -107,8 +106,7 @@ mbedtls_aes_context;
/**
* \brief The AES XTS context-type definition.
*/
typedef struct mbedtls_aes_xts_context
{
typedef struct mbedtls_aes_xts_context {
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak

3
include/mbedtls/arc4.h
View File

@ -53,8 +53,7 @@ extern "C" {
* security risk. We recommend considering stronger ciphers instead.
*
*/
typedef struct mbedtls_arc4_context
{
typedef struct mbedtls_arc4_context {
int x; /*!< permutation index */
int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */

3
include/mbedtls/aria.h
View File

@ -76,8 +76,7 @@ extern "C" {
/**
* \brief The ARIA context-type definition.
*/
typedef struct mbedtls_aria_context
{
typedef struct mbedtls_aria_context {
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];

12
include/mbedtls/asn1.h
View File

@ -152,8 +152,7 @@ extern "C" {
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct mbedtls_asn1_buf
{
typedef struct mbedtls_asn1_buf {
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
@ -163,8 +162,7 @@ mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct mbedtls_asn1_bitstring
{
typedef struct mbedtls_asn1_bitstring {
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
@ -174,8 +172,7 @@ mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct mbedtls_asn1_sequence
{
typedef struct mbedtls_asn1_sequence {
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
}
@ -184,8 +181,7 @@ mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct mbedtls_asn1_named_data
{
typedef struct mbedtls_asn1_named_data {
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */

2
include/mbedtls/asn1write.h
View File

@ -34,7 +34,7 @@
do \
{ \
if ((ret = (f)) < 0) \
return( ret ); \
return ret; \
else \
(g) += ret; \
} while (0)

7
include/mbedtls/bignum.h
View File

@ -110,7 +110,9 @@
*/
#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
#define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \
MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6)
/*
* Define the base integer type, architecture-wise.
@ -203,8 +205,7 @@ extern "C" {
/**
* \brief MPI structure
*/
typedef struct mbedtls_mpi
{
typedef struct mbedtls_mpi {
/** Sign: -1 if the mpi is negative, 1 otherwise.
*
* The number 0 must be represented with `s = +1`. Although many library

3
include/mbedtls/blowfish.h
View File

@ -65,8 +65,7 @@ extern "C" {
/**
* \brief Blowfish context structure
*/
typedef struct mbedtls_blowfish_context
{
typedef struct mbedtls_blowfish_context {
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
}

3
include/mbedtls/camellia.h
View File

@ -61,8 +61,7 @@ extern "C" {
/**
* \brief CAMELLIA context structure
*/
typedef struct mbedtls_camellia_context
{
typedef struct mbedtls_camellia_context {
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
}

3
include/mbedtls/ccm.h
View File

@ -76,8 +76,7 @@ extern "C" {
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
typedef struct mbedtls_ccm_context
{
typedef struct mbedtls_ccm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;

3
include/mbedtls/chacha20.h
View File

@ -60,8 +60,7 @@ extern "C" {
#if !defined(MBEDTLS_CHACHA20_ALT)
typedef struct mbedtls_chacha20_context
{
typedef struct mbedtls_chacha20_context {
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */

6
include/mbedtls/chachapoly.h
View File

@ -50,8 +50,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
}
@ -61,8 +60,7 @@ mbedtls_chachapoly_mode_t;
#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
typedef struct mbedtls_chachapoly_context {
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */

30
include/mbedtls/cipher.h
View File

@ -273,8 +273,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef struct mbedtls_cipher_info_t
{
typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@ -315,8 +314,7 @@ typedef struct mbedtls_cipher_info_t
/**
* Generic cipher context.
*/
typedef struct mbedtls_cipher_context_t
{
typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
@ -506,8 +504,9 @@ static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
return ctx->cipher_info->block_size;
}
@ -525,8 +524,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_MODE_NONE;
}
return ctx->cipher_info->mode;
}
@ -545,11 +545,13 @@ static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
if( ctx->iv_size != 0 )
if (ctx->iv_size != 0) {
return (int) ctx->iv_size;
}
return (int) ctx->cipher_info->iv_size;
}
@ -567,8 +569,9 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_CIPHER_NONE;
}
return ctx->cipher_info->type;
}
@ -586,8 +589,9 @@ static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx)
{
MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return 0;
}
return ctx->cipher_info->name;
}
@ -606,8 +610,9 @@ static inline int mbedtls_cipher_get_key_bitlen(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_KEY_LENGTH_NONE;
}
return (int) ctx->cipher_info->key_bitlen;
}
@ -625,8 +630,9 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE);
if( ctx->cipher_info == NULL )
if (ctx->cipher_info == NULL) {
return MBEDTLS_OPERATION_NONE;
}
return ctx->operation;
}

12
include/mbedtls/cipher_internal.h
View File

@ -43,8 +43,7 @@ extern "C" {
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct mbedtls_cipher_base_t
{
struct mbedtls_cipher_base_t {
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
@ -110,15 +109,13 @@ struct mbedtls_cipher_base_t
};
typedef struct
{
typedef struct {
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef enum
{
typedef enum {
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
@ -131,8 +128,7 @@ typedef enum
/* destroyed when the context is freed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct
{
typedef struct {
psa_algorithm_t alg;
psa_key_id_t slot;
mbedtls_cipher_psa_key_ownership slot_state;

3
include/mbedtls/cmac.h
View File

@ -56,8 +56,7 @@ extern "C" {
/**
* The CMAC context structure.
*/
struct mbedtls_cmac_context_t
{
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];

48
include/mbedtls/compat-1.3.h
View File

@ -597,7 +597,8 @@
#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
#endif
#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION \
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@ -1554,10 +1555,14 @@
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
@ -1565,8 +1570,10 @@
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
@ -1578,10 +1585,14 @@
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
@ -1591,10 +1602,14 @@
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
@ -2492,7 +2507,8 @@
#define x509write_crt_free mbedtls_x509write_crt_free
#define x509write_crt_init mbedtls_x509write_crt_init
#define x509write_crt_pem mbedtls_x509write_crt_pem
#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
#define x509write_crt_set_authority_key_identifier \
mbedtls_x509write_crt_set_authority_key_identifier
#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key

3
include/mbedtls/ctr_drbg.h
View File

@ -170,8 +170,7 @@ extern "C" {
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
typedef struct mbedtls_ctr_drbg_context {
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter.
* This is the number of requests that have

9
include/mbedtls/debug.h
View File

@ -124,10 +124,12 @@
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#else \
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#endif \
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
@ -275,8 +277,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
#endif
#if defined(MBEDTLS_ECDH_C)
typedef enum
{
typedef enum {
MBEDTLS_DEBUG_ECDH_Q,
MBEDTLS_DEBUG_ECDH_QP,
MBEDTLS_DEBUG_ECDH_Z,

6
include/mbedtls/des.h
View File

@ -64,8 +64,7 @@ extern "C" {
* security risk. We recommend considering stronger ciphers
* instead.
*/
typedef struct mbedtls_des_context
{
typedef struct mbedtls_des_context {
uint32_t sk[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@ -73,8 +72,7 @@ mbedtls_des_context;
/**
* \brief Triple-DES context structure
*/
typedef struct mbedtls_des3_context
{
typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;

3
include/mbedtls/dhm.h
View File

@ -108,8 +108,7 @@ extern "C" {
/**
* \brief The DHM context structure.
*/
typedef struct mbedtls_dhm_context
{
typedef struct mbedtls_dhm_context {
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */

15
include/mbedtls/ecdh.h
View File

@ -52,8 +52,7 @@ extern "C" {
/**
* Defines the source of the imported EC key.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@ -65,8 +64,7 @@ typedef enum
* Later versions of the library may add new variants, therefore users should
* not make any assumptions about them.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
@ -81,8 +79,7 @@ typedef enum
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
typedef struct mbedtls_ecdh_context_mbed
{
typedef struct mbedtls_ecdh_context_mbed {
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
@ -101,8 +98,7 @@ typedef struct mbedtls_ecdh_context_mbed
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
typedef struct mbedtls_ecdh_context
{
typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
@ -122,8 +118,7 @@ typedef struct mbedtls_ecdh_context
as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
union
{
union {
mbedtls_ecdh_context_mbed mbed_ecdh;
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh;

3
include/mbedtls/ecdsa.h
View File

@ -105,8 +105,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
/**
* \brief General context for resuming ECDSA operations
*/
typedef struct
{
typedef struct {
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */

3
include/mbedtls/ecjpake.h
View File

@ -71,8 +71,7 @@ typedef enum {
* convention from the Thread v1.0 spec. Correspondence is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
{
typedef struct mbedtls_ecjpake_context {
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */

21
include/mbedtls/ecp.h
View File

@ -117,8 +117,7 @@ extern "C" {
* - Add the curve to the ecp_supported_curves array in ecp.c.
* - Add the curve to applicable profiles in x509_crt.c if applicable.
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
@ -145,8 +144,7 @@ typedef enum
/*
* Curve types
*/
typedef enum
{
typedef enum {
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
@ -155,8 +153,7 @@ typedef enum
/**
* Curve information, for use by other modules.
*/
typedef struct mbedtls_ecp_curve_info
{
typedef struct mbedtls_ecp_curve_info {
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
@ -174,8 +171,7 @@ typedef struct mbedtls_ecp_curve_info
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
typedef struct mbedtls_ecp_point
{
typedef struct mbedtls_ecp_point {
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
@ -257,8 +253,7 @@ mbedtls_ecp_point;
* identical.
*
*/
typedef struct mbedtls_ecp_group
{
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
@ -376,8 +371,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
/**
* \brief General context for resuming ECC operations
*/
typedef struct
{
typedef struct {
unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
@ -429,8 +423,7 @@ typedef void mbedtls_ecp_restart_ctx;
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
typedef struct mbedtls_ecp_keypair
{
typedef struct mbedtls_ecp_keypair {
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */

16
include/mbedtls/ecp_internal.h
View File

@ -122,7 +122,9 @@ void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
* \return 0 if successful.
*/
int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
mbedtls_ecp_point *pt, int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
#endif
@ -249,8 +251,11 @@ int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
mbedtls_ecp_point *R,
mbedtls_ecp_point *S,
const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q,
const mbedtls_mpi *d);
#endif
/**
@ -270,7 +275,9 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
*/
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp,
mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
mbedtls_ecp_point *P, int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng);
#endif
@ -294,4 +301,3 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#endif /* ecp_internal.h */

6
include/mbedtls/entropy.h
View File

@ -110,8 +110,7 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
/**
* \brief Entropy source state
*/
typedef struct mbedtls_entropy_source_state
{
typedef struct mbedtls_entropy_source_state {
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
void *p_source; /**< The callback data pointer */
size_t size; /**< Amount received in bytes */
@ -123,8 +122,7 @@ mbedtls_entropy_source_state;
/**
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context
{
typedef struct mbedtls_entropy_context {
int accumulator_started; /* 0 after init.
* 1 after the first update.
* -1 after free. */

5
include/mbedtls/error.h
View File

@ -160,13 +160,14 @@ static inline int mbedtls_error_add( int high, int low,
const char *file, int line)
{
#if defined(MBEDTLS_TEST_HOOKS)
if( *mbedtls_test_hook_error_add != NULL )
if (*mbedtls_test_hook_error_add != NULL) {
(*mbedtls_test_hook_error_add)(high, low, file, line);
}
#endif
(void) file;
(void) line;
return( high + low );
return high + low;
}
/**

3
include/mbedtls/gcm.h
View File

@ -63,8 +63,7 @@ extern "C" {
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context
{
typedef struct mbedtls_gcm_context {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */

3
include/mbedtls/havege.h
View File

@ -40,8 +40,7 @@ extern "C" {
/**
* \brief HAVEGE state structure
*/
typedef struct mbedtls_havege_state
{
typedef struct mbedtls_havege_state {
uint32_t PT1, PT2, offset[2];
uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
uint32_t WALK[8192];

3
include/mbedtls/hmac_drbg.h
View File

@ -86,8 +86,7 @@ extern "C" {
/**
* HMAC_DRBG context.
*/
typedef struct mbedtls_hmac_drbg_context
{
typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */

6
include/mbedtls/md.h
View File

@ -92,8 +92,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
@ -188,7 +187,8 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx,
const mbedtls_md_info_t *md_info) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */

3
include/mbedtls/md2.h
View File

@ -55,8 +55,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md2_context
{
typedef struct mbedtls_md2_context {
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */

3
include/mbedtls/md4.h
View File

@ -56,8 +56,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md4_context
{
typedef struct mbedtls_md4_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
include/mbedtls/md5.h
View File

@ -55,8 +55,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_md5_context
{
typedef struct mbedtls_md5_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
include/mbedtls/md_internal.h
View File

@ -42,8 +42,7 @@ extern "C" {
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
struct mbedtls_md_info_t
{
struct mbedtls_md_info_t {
/** Name of the message digest */
const char *name;

3
include/mbedtls/memory_buffer_alloc.h
View File

@ -47,7 +47,8 @@
#define MBEDTLS_MEMORY_VERIFY_NONE 0
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | \
MBEDTLS_MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {

3
include/mbedtls/net_sockets.h
View File

@ -95,8 +95,7 @@ extern "C" {
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
typedef struct mbedtls_net_context
{
typedef struct mbedtls_net_context {
int fd; /**< The underlying file descriptor */
}
mbedtls_net_context;

3
include/mbedtls/nist_kw.h
View File

@ -47,8 +47,7 @@
extern "C" {
#endif
typedef enum
{
typedef enum {
MBEDTLS_KW_MODE_KW = 0,
MBEDTLS_KW_MODE_KWP = 1
} mbedtls_nist_kw_mode_t;

21
include/mbedtls/oid.h
View File

@ -96,15 +96,18 @@
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
@ -122,7 +125,8 @@
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \
"\x01"
#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
@ -254,7 +258,8 @@
#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
@ -277,7 +282,8 @@
/*
* Encryption algorithms
*/
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
@ -439,8 +445,7 @@ extern "C" {
/**
* \brief Base OID descriptor structure
*/
typedef struct mbedtls_oid_descriptor_t
{
typedef struct mbedtls_oid_descriptor_t {
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */

3
include/mbedtls/pem.h
View File

@ -64,8 +64,7 @@ extern "C" {
/**
* \brief PEM context structure
*/
typedef struct mbedtls_pem_context
{
typedef struct mbedtls_pem_context {
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */

37
include/mbedtls/pk.h
View File

@ -107,8 +107,7 @@ typedef enum {
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@ -169,8 +168,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
/**
* \brief Types for interfacing with the debug module
*/
typedef enum
{
typedef enum {
MBEDTLS_PK_DEBUG_NONE = 0,
MBEDTLS_PK_DEBUG_MPI,
MBEDTLS_PK_DEBUG_ECP,
@ -179,8 +177,7 @@ typedef enum
/**
* \brief Item to send to the debug module
*/
typedef struct mbedtls_pk_debug_item
{
typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type type;
const char *name;
void *value;
@ -197,8 +194,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
/**
* \brief Public key container
*/
typedef struct mbedtls_pk_context
{
typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
@ -207,8 +203,7 @@ typedef struct mbedtls_pk_context
/**
* \brief Context for resuming operations
*/
typedef struct
{
typedef struct {
const mbedtls_pk_info_t *pk_info; /**< Public key information */
void *rs_ctx; /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
@ -225,8 +220,10 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *ole
const unsigned char *input, unsigned char *output,
size_t output_max_len);
typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash, unsigned char *sig);
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
@ -369,7 +366,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
*/
static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
{
return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
}
/**
@ -643,12 +640,11 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
{
switch( mbedtls_pk_get_type( &pk ) )
{
switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_RSA:
return( (mbedtls_rsa_context *) (pk).pk_ctx );
return (mbedtls_rsa_context *) (pk).pk_ctx;
default:
return( NULL );
return NULL;
}
}
#endif /* MBEDTLS_RSA_C */
@ -667,14 +663,13 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
{
switch( mbedtls_pk_get_type( &pk ) )
{
switch (mbedtls_pk_get_type(&pk)) {
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
return (mbedtls_ecp_keypair *) (pk).pk_ctx;
default:
return( NULL );
return NULL;
}
}
#endif /* MBEDTLS_ECP_C */

6
include/mbedtls/pk_internal.h
View File

@ -31,8 +31,7 @@
#include "mbedtls/pk.h"
struct mbedtls_pk_info_t
{
struct mbedtls_pk_info_t {
/** Public key type */
mbedtls_pk_type_t type;
@ -107,8 +106,7 @@ struct mbedtls_pk_info_t
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
typedef struct
{
typedef struct {
void *key;
mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
mbedtls_pk_rsa_alt_sign_func sign_func;

21
include/mbedtls/pkcs11.h
View File

@ -50,8 +50,7 @@ extern "C" {
/**
* Context for PKCS #11 private keys.
*/
typedef struct mbedtls_pkcs11_context
{
typedef struct mbedtls_pkcs11_context {
pkcs11h_certificate_t pkcs11h_cert;
int len;
} mbedtls_pkcs11_context;
@ -173,8 +172,10 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
* version of the library.
*/
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx,
int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
int mode,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len)
{
return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
@ -208,9 +209,15 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
* used.
*/
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
int (*f_rng)(void *,
unsigned char *,
size_t),
void *p_rng,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig)
{
((void) f_rng);
((void) p_rng);

3
include/mbedtls/platform.h
View File

@ -379,8 +379,7 @@ int mbedtls_platform_set_nv_seed(
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
typedef struct mbedtls_platform_context
{
typedef struct mbedtls_platform_context {
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;

2
include/mbedtls/platform_util.h
View File

@ -89,7 +89,7 @@ void mbedtls_param_failed( const char *failure_condition,
if (!(cond)) \
{ \
MBEDTLS_PARAM_FAILED(cond); \
return( ret ); \
return ret; \
} \
} while (0)

3
include/mbedtls/poly1305.h
View File

@ -60,8 +60,7 @@ extern "C" {
#if !defined(MBEDTLS_POLY1305_ALT)
typedef struct mbedtls_poly1305_context
{
typedef struct mbedtls_poly1305_context {
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */

132
include/mbedtls/psa_util.h
View File

@ -48,8 +48,7 @@
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
mbedtls_cipher_type_t cipher)
{
switch( cipher )
{
switch (cipher) {
case MBEDTLS_CIPHER_AES_128_CCM:
case MBEDTLS_CIPHER_AES_192_CCM:
case MBEDTLS_CIPHER_AES_256_CCM:
@ -62,7 +61,7 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
return( PSA_KEY_TYPE_AES );
return PSA_KEY_TYPE_AES;
/* ARIA not yet supported in PSA. */
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
@ -77,42 +76,41 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
return( PSA_KEY_TYPE_ARIA ); */
default:
return( 0 );
return 0;
}
}
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
mbedtls_cipher_mode_t mode, size_t taglen)
{
switch( mode )
{
switch (mode) {
case MBEDTLS_MODE_ECB:
return( PSA_ALG_ECB_NO_PADDING );
return PSA_ALG_ECB_NO_PADDING;
case MBEDTLS_MODE_GCM:
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
case MBEDTLS_MODE_CCM:
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
case MBEDTLS_MODE_CBC:
if( taglen == 0 )
return( PSA_ALG_CBC_NO_PADDING );
else
return( 0 );
if (taglen == 0) {
return PSA_ALG_CBC_NO_PADDING;
} else {
return 0;
}
default:
return( 0 );
return 0;
}
}
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
mbedtls_operation_t op)
{
switch( op )
{
switch (op) {
case MBEDTLS_ENCRYPT:
return( PSA_KEY_USAGE_ENCRYPT );
return PSA_KEY_USAGE_ENCRYPT;
case MBEDTLS_DECRYPT:
return( PSA_KEY_USAGE_DECRYPT );
return PSA_KEY_USAGE_DECRYPT;
default:
return( 0 );
return 0;
}
}
@ -120,44 +118,43 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
{
switch( md_alg )
{
switch (md_alg) {
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
return( PSA_ALG_MD2 );
return PSA_ALG_MD2;
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
return( PSA_ALG_MD4 );
return PSA_ALG_MD4;
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return( PSA_ALG_MD5 );
return PSA_ALG_MD5;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
return( PSA_ALG_SHA_1 );
return PSA_ALG_SHA_1;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224:
return( PSA_ALG_SHA_224 );
return PSA_ALG_SHA_224;
case MBEDTLS_MD_SHA256:
return( PSA_ALG_SHA_256 );
return PSA_ALG_SHA_256;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA384:
return( PSA_ALG_SHA_384 );
return PSA_ALG_SHA_384;
case MBEDTLS_MD_SHA512:
return( PSA_ALG_SHA_512 );
return PSA_ALG_SHA_512;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
return( PSA_ALG_RIPEMD160 );
return PSA_ALG_RIPEMD160;
#endif
case MBEDTLS_MD_NONE:
return( 0 );
return 0;
default:
return( 0 );
return 0;
}
}
@ -167,93 +164,89 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
psa_ecc_family_t curve, size_t bits,
char const **oid, size_t *oid_len)
{
switch( curve )
{
switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
switch( bits )
{
switch (bits) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_FAMILY_SECP_K1:
switch( bits )
{
switch (bits) {
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
switch( bits )
{
switch (bits) {
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
return( 0 );
return 0;
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
}
(void) oid;
(void) oid_len;
return( -1 );
return -1;
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
@ -340,27 +333,26 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
static inline int mbedtls_psa_err_translate_pk(psa_status_t status)
{
switch( status )
{
switch (status) {
case PSA_SUCCESS:
return( 0 );
return 0;
case PSA_ERROR_NOT_SUPPORTED:
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
case PSA_ERROR_INSUFFICIENT_MEMORY:
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
return MBEDTLS_ERR_PK_ALLOC_FAILED;
case PSA_ERROR_INSUFFICIENT_ENTROPY:
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
case PSA_ERROR_BAD_STATE:
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
/* All other failures */
case PSA_ERROR_COMMUNICATION_FAILURE:
case PSA_ERROR_HARDWARE_FAILURE:
case PSA_ERROR_CORRUPTION_DETECTED:
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
default: /* We return the same as for the 'other failures',
* but list them separately nonetheless to indicate
* which failure conditions we have considered. */
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
}
}
@ -375,10 +367,11 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
{
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
if (curve_info == NULL) {
return 0;
}
return PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa(curve_info->grp_id, bits));
}
#endif /* MBEDTLS_ECP_C */
@ -399,7 +392,7 @@ static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
{
*dst = src;
*dstlen = srclen;
return( 0 );
return 0;
}
/* This function takes a buffer holding an ECPoint structure
@ -413,12 +406,13 @@ static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
size_t dstlen,
size_t *olen)
{
if( srclen > dstlen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (srclen > dstlen) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
memcpy(dst, src, srclen);
*olen = srclen;
return( 0 );
return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

3
include/mbedtls/ripemd160.h
View File

@ -47,8 +47,7 @@ extern "C" {
/**
* \brief RIPEMD-160 context structure
*/
typedef struct mbedtls_ripemd160_context
{
typedef struct mbedtls_ripemd160_context {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */

3
include/mbedtls/rsa.h
View File

@ -106,8 +106,7 @@ extern "C" {
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
typedef struct mbedtls_rsa_context {
int ver; /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without

3
include/mbedtls/sha1.h
View File

@ -60,8 +60,7 @@ extern "C" {
* stronger message digests instead.
*
*/
typedef struct mbedtls_sha1_context
{
typedef struct mbedtls_sha1_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */

3
include/mbedtls/sha256.h
View File

@ -55,8 +55,7 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts_ret().
*/
typedef struct mbedtls_sha256_context
{
typedef struct mbedtls_sha256_context {
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */

3
include/mbedtls/sha512.h
View File

@ -54,8 +54,7 @@ extern "C" {
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts_ret().
*/
typedef struct mbedtls_sha512_context
{
typedef struct mbedtls_sha512_context {
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */

40
include/mbedtls/ssl.h
View File

@ -54,11 +54,13 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
#warning \
"Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
#endif
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
#error \
"Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
#endif
#include "zlib.h"
@ -491,8 +493,7 @@
#endif
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret
{
union mbedtls_ssl_premaster_secret {
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
@ -533,8 +534,7 @@ extern "C" {
/*
* SSL state machine
*/
typedef enum
{
typedef enum {
MBEDTLS_SSL_HELLO_REQUEST,
MBEDTLS_SSL_CLIENT_HELLO,
MBEDTLS_SSL_SERVER_HELLO,
@ -560,8 +560,7 @@ mbedtls_ssl_states;
/*
* The tls_prf function types.
*/
typedef enum
{
typedef enum {
MBEDTLS_SSL_TLS_PRF_NONE,
MBEDTLS_SSL_TLS_PRF_SSL3,
MBEDTLS_SSL_TLS_PRF_TLS1,
@ -948,8 +947,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
typedef uint16_t mbedtls_ssl_srtp_profile;
typedef struct mbedtls_dtls_srtp_info_t
{
typedef struct mbedtls_dtls_srtp_info_t {
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
/*! The length of mki_value. */
@ -972,8 +970,7 @@ mbedtls_dtls_srtp_info;
* mbedtls_ssl_session_save() and ssl_session_load()
* ssl_session_copy()
*/
struct mbedtls_ssl_session
{
struct mbedtls_ssl_session {
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@ -1018,8 +1015,7 @@ struct mbedtls_ssl_session
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
struct mbedtls_ssl_config
{
struct mbedtls_ssl_config {
/* Group items by size and reorder them to maximize usage of immediate offset access. */
/*
@ -1267,8 +1263,7 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_DTLS_SRTP */
};
struct mbedtls_ssl_context
{
struct mbedtls_ssl_context {
const mbedtls_ssl_config *conf; /*!< configuration information */
/*
@ -3264,19 +3259,18 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_DEBUG_C)
static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
{
switch( profile )
{
switch (profile) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
default: break;
}
return( "" );
return "";
}
#endif /* MBEDTLS_DEBUG_C */
/**

6
include/mbedtls/ssl_cache.h
View File

@ -62,8 +62,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
/**
* \brief This structure is used for storing cache entries
*/
struct mbedtls_ssl_cache_entry
{
struct mbedtls_ssl_cache_entry {
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t timestamp; /*!< entry timestamp */
#endif
@ -78,8 +77,7 @@ struct mbedtls_ssl_cache_entry
/**
* \brief Cache context
*/
struct mbedtls_ssl_cache_context
{
struct mbedtls_ssl_cache_context {
mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */

62
include/mbedtls/ssl_ciphersuites.h
View File

@ -385,8 +385,7 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/**
* \brief This structure is used for storing ciphersuite information
*/
struct mbedtls_ssl_ciphersuite_t
{
struct mbedtls_ssl_ciphersuite_t {
int id;
const char *name;
@ -418,18 +417,17 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
@ -437,17 +435,16 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@ -455,39 +452,36 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -495,24 +489,23 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
@ -520,31 +513,30 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
switch( info->key_exchange )
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return( 1 );
return 1;
default:
return( 0 );
return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */

3
include/mbedtls/ssl_cookie.h
View File

@ -54,8 +54,7 @@ extern "C" {
/**
* \brief Context for the default cookie functions.
*/
typedef struct mbedtls_ssl_cookie_ctx
{
typedef struct mbedtls_ssl_cookie_ctx {
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */

118
include/mbedtls/ssl_internal.h
View File

@ -234,11 +234,13 @@
#endif
#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#error \
"Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#error \
"Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
#endif
#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
@ -331,7 +333,7 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct
static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
const uint8_t *end, size_t need)
{
return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
return (cur > end) || (need > (size_t) (end - cur));
}
/**
@ -348,7 +350,7 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
do { \
if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
{ \
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \
} \
} while (0)
@ -361,8 +363,7 @@ extern "C" {
/*
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
*/
struct mbedtls_ssl_sig_hash_set_t
{
struct mbedtls_ssl_sig_hash_set_t {
/* At the moment, we only need to remember a single suitable
* hash algorithm per signature algorithm. As long as that's
* the case - and we don't need a general lookup function -
@ -403,8 +404,7 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
*/
struct mbedtls_ssl_key_set
{
struct mbedtls_ssl_key_set {
/*! The key for client->server records. */
unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The key for server->client records. */
@ -424,8 +424,7 @@ typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
/*
* This structure contains the parameters only needed during handshake.
*/
struct mbedtls_ssl_handshake_params
{
struct mbedtls_ssl_handshake_params {
/*
* Handshake specific crypto variables
*/
@ -544,16 +543,14 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
struct
{
struct {
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
* buffers used for message buffering. */
uint8_t seen_ccs; /*!< Indicates if a CCS message has
* been seen in the current flight. */
struct mbedtls_ssl_hs_buffer
{
struct mbedtls_ssl_hs_buffer {
unsigned is_valid : 1;
unsigned is_fragmented : 1;
unsigned is_complete : 1;
@ -561,8 +558,7 @@ struct mbedtls_ssl_handshake_params
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
struct
{
struct {
unsigned char *data;
size_t len;
unsigned epoch;
@ -744,8 +740,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
* in other transformations.
*
*/
struct mbedtls_ssl_transform
{
struct mbedtls_ssl_transform {
/*
* Session specific crypto layer
*/
@ -809,10 +804,10 @@ static inline int mbedtls_ssl_transform_uses_aead(
const mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
return( transform->maclen == 0 && transform->taglen != 0 );
return transform->maclen == 0 && transform->taglen != 0;
#else
(void) transform;
return( 1 );
return 1;
#endif
}
@ -842,8 +837,7 @@ static inline int mbedtls_ssl_transform_uses_aead(
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
typedef struct
{
typedef struct {
uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
* In DTLS: The 2-byte epoch followed by
* the 6-byte sequence number.
@ -874,8 +868,7 @@ typedef struct
/*
* List of certificate + private key pairs
*/
struct mbedtls_ssl_key_cert
{
struct mbedtls_ssl_key_cert {
mbedtls_x509_crt *cert; /*!< cert */
mbedtls_pk_context *key; /*!< private key */
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
@ -886,8 +879,7 @@ struct mbedtls_ssl_key_cert
/*
* List of handshake messages kept around for resending
*/
struct mbedtls_ssl_flight_item
{
struct mbedtls_ssl_flight_item {
unsigned char *p; /*!< message, including handshake headers */
size_t len; /*!< length of p */
unsigned char type; /*!< type of the message: handshake or CCS */
@ -1073,26 +1065,19 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
const unsigned char **psk, size_t *psk_len)
{
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
{
if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
}
else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
{
} else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
}
else
{
} else {
*psk = NULL;
*psk_len = 0;
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
return( 0 );
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1106,13 +1091,15 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
const mbedtls_ssl_context *ssl)
{
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
return( ssl->handshake->psk_opaque );
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
return ssl->handshake->psk_opaque;
}
if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
return( ssl->conf->psk_opaque );
if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
return ssl->conf->psk_opaque;
}
return( MBEDTLS_SVC_KEY_ID_INIT );
return MBEDTLS_SVC_KEY_ID_INIT;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -1146,8 +1133,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
(const uint16_t srtp_profile_value)
{
switch( srtp_profile_value )
{
switch (srtp_profile_value) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
@ -1155,7 +1141,7 @@ static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
return srtp_profile_value;
default: break;
}
return( MBEDTLS_TLS_SRTP_UNSET );
return MBEDTLS_TLS_SRTP_UNSET;
}
#endif
@ -1164,24 +1150,26 @@ static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl
{
mbedtls_ssl_key_cert *key_cert;
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
else
} else {
key_cert = ssl->conf->key_cert;
}
return( key_cert == NULL ? NULL : key_cert->key );
return key_cert == NULL ? NULL : key_cert->key;
}
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
else
} else {
key_cert = ssl->conf->key_cert;
}
return( key_cert == NULL ? NULL : key_cert->cert );
return key_cert == NULL ? NULL : key_cert->cert;
}
/*
@ -1212,31 +1200,30 @@ static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
return( 13 );
}
else
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 13;
} else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
return( 5 );
return 5;
}
}
static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
{
return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
return (size_t) (ssl->out_iv - ssl->out_hdr);
}
static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 12 );
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 12;
}
#else
((void) ssl);
#endif
return( 4 );
return 4;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1299,12 +1286,13 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
return 2;
}
#else
((void) ssl);
#endif
return( 0 );
return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)

6
include/mbedtls/ssl_ticket.h
View File

@ -48,8 +48,7 @@ extern "C" {
/**
* \brief Information for session ticket protection
*/
typedef struct mbedtls_ssl_ticket_key
{
typedef struct mbedtls_ssl_ticket_key {
unsigned char name[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
@ -59,8 +58,7 @@ mbedtls_ssl_ticket_key;
/**
* \brief Context for session ticket handling functions
*/
typedef struct mbedtls_ssl_ticket_context
{
typedef struct mbedtls_ssl_ticket_context {
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */

3
include/mbedtls/threading.h
View File

@ -46,8 +46,7 @@ extern "C" {
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t mutex;
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public

6
include/mbedtls/timing.h
View File

@ -41,16 +41,14 @@ extern "C" {
/**
* \brief timer structure
*/
struct mbedtls_timing_hr_time
{
struct mbedtls_timing_hr_time {
unsigned char opaque[32];
};
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
typedef struct mbedtls_timing_delay_context
{
typedef struct mbedtls_timing_delay_context {
struct mbedtls_timing_hr_time timer;
uint32_t int_ms;
uint32_t fin_ms;

5
include/mbedtls/x509.h
View File

@ -247,8 +247,7 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
typedef struct mbedtls_x509_time {
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
}
@ -367,7 +366,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if (ret < 0 || (size_t) ret >= n) \
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
\
n -= (size_t) ret; \
p += (size_t) ret; \

6
include/mbedtls/x509_crl.h
View File

@ -47,8 +47,7 @@ extern "C" {
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct mbedtls_x509_crl_entry
{
typedef struct mbedtls_x509_crl_entry {
mbedtls_x509_buf raw;
mbedtls_x509_buf serial;
@ -65,8 +64,7 @@ mbedtls_x509_crl_entry;
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct mbedtls_x509_crl
{
typedef struct mbedtls_x509_crl {
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */

27
include/mbedtls/x509_crt.h
View File

@ -49,8 +49,7 @@ extern "C" {
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct mbedtls_x509_crt
{
typedef struct mbedtls_x509_crt {
int own_buffer; /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
@ -104,24 +103,21 @@ mbedtls_x509_crt;
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
typedef struct mbedtls_x509_san_other_name
{
typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as defined in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
union
{
union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
struct
{
struct {
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
@ -134,8 +130,7 @@ mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name, according to type
*/
typedef struct mbedtls_x509_subject_alternative_name
{
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
@ -156,8 +151,7 @@ mbedtls_x509_subject_alternative_name;
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
typedef struct mbedtls_x509_crt_profile
{
typedef struct mbedtls_x509_crt_profile {
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
@ -181,8 +175,7 @@ mbedtls_x509_crt_profile;
/**
* Container for writing a certificate (CRT)
*/
typedef struct mbedtls_x509write_cert
{
typedef struct mbedtls_x509write_cert {
int version;
mbedtls_mpi serial;
mbedtls_pk_context *subject_key;
@ -212,8 +205,7 @@ typedef struct {
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
typedef struct
{
typedef struct {
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len;
@ -231,8 +223,7 @@ typedef struct
/**
* \brief Context for resuming X.509 verify operations
*/
typedef struct
{
typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx pk;

6
include/mbedtls/x509_csr.h
View File

@ -46,8 +46,7 @@ extern "C" {
/**
* Certificate Signing Request (CSR) structure.
*/
typedef struct mbedtls_x509_csr
{
typedef struct mbedtls_x509_csr {
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
@ -69,8 +68,7 @@ mbedtls_x509_csr;
/**
* Container for writing a CSR
*/
typedef struct mbedtls_x509write_csr
{
typedef struct mbedtls_x509write_csr {
mbedtls_pk_context *key;
mbedtls_asn1_named_data *subject;
mbedtls_md_type_t md_alg;

3
include/mbedtls/xtea.h
View File

@ -52,8 +52,7 @@ extern "C" {
/**
* \brief XTEA context structure
*/
typedef struct mbedtls_xtea_context
{
typedef struct mbedtls_xtea_context {
uint32_t k[4]; /*!< key */
}
mbedtls_xtea_context;

9
include/psa/crypto_builtin_composites.h
View File

@ -50,8 +50,7 @@
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
typedef struct
{
typedef struct {
/** The HMAC algorithm in use */
psa_algorithm_t alg;
/** The hash context. */
@ -65,11 +64,9 @@ typedef struct
#include "mbedtls/cmac.h"
typedef struct
{
typedef struct {
psa_algorithm_t alg;
union
{
union {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_psa_hmac_operation_t hmac;

6
include/psa/crypto_builtin_primitives.h
View File

@ -59,11 +59,9 @@
#define MBEDTLS_PSA_BUILTIN_HASH
#endif
typedef struct
{
typedef struct {
psa_algorithm_t alg;
union
{
union {
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
mbedtls_md2_context md2;

8
include/psa/crypto_compat.h
View File

@ -52,7 +52,7 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
*/
static inline int psa_key_handle_is_null(psa_key_handle_t handle)
{
return( mbedtls_svc_key_id_is_null( handle ) );
return mbedtls_svc_key_id_is_null(handle);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -267,7 +267,8 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg))
#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \
MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, \
PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length))
/*
* Deprecated PSA AEAD output size macros (PSA Crypto API <= 1.0 beta3)
@ -371,7 +372,8 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
#define PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG(alg, input_length) \
MBEDTLS_DEPRECATED_CONSTANT(size_t, \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_ROUND_UP_TO_MULTIPLE( PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length) ) : \
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
(input_length)) : \
(input_length))
/** A sufficient ciphertext buffer size for psa_aead_finish().

40
include/psa/crypto_extra.h
View File

@ -84,7 +84,7 @@ static inline void psa_set_key_enrollment_algorithm(
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
return( attributes->core.policy.alg2 );
return attributes->core.policy.alg2;
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -221,8 +221,7 @@ void mbedtls_psa_crypto_free( void );
* \note The content of this structure is not part of the stable API and ABI
* of Mbed Crypto and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s
{
typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
size_t volatile_slots;
/** Number of slots containing key material for a key which is in
@ -587,50 +586,49 @@ psa_status_t psa_get_key_domain_parameters(
static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits)
{
switch( grpid )
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return( PSA_ECC_FAMILY_SECP_R1 );
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return( PSA_ECC_FAMILY_SECP_R1 );
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return( PSA_ECC_FAMILY_SECP_R1 );
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return( PSA_ECC_FAMILY_SECP_R1 );
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return( PSA_ECC_FAMILY_SECP_R1 );
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return( PSA_ECC_FAMILY_MONTGOMERY );
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return( PSA_ECC_FAMILY_SECP_K1 );
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return( PSA_ECC_FAMILY_SECP_K1 );
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return( PSA_ECC_FAMILY_SECP_K1 );
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return( PSA_ECC_FAMILY_MONTGOMERY );
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return( 0 );
return 0;
}
}
@ -753,8 +751,8 @@ typedef uint64_t psa_drv_slot_number_t;
*/
static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
{
return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
(key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
}
/** Platform function to obtain the location and slot number of a built-in key.

2
include/psa/crypto_platform.h
View File

@ -76,7 +76,7 @@ typedef int32_t mbedtls_key_owner_id_t;
static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1,
mbedtls_key_owner_id_t id2)
{
return( id1 == id2 );
return id1 == id2;
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

3
include/psa/crypto_se_driver.h
View File

@ -814,8 +814,7 @@ typedef struct {
/** An enumeration indicating how a key is created.
*/
typedef enum
{
typedef enum {
PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */

92
include/psa/crypto_struct.h
View File

@ -80,8 +80,7 @@ extern "C" {
* algorithms. */
#include "psa/crypto_driver_contexts_primitives.h"
struct psa_hash_operation_s
{
struct psa_hash_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@ -96,11 +95,10 @@ struct psa_hash_operation_s
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return( v );
return v;
}
struct psa_cipher_operation_s
{
struct psa_cipher_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@ -121,15 +119,14 @@ struct psa_cipher_operation_s
static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
return( v );
return v;
}
/* Include the context definition for the compiled-in drivers for the composite
* algorithms. */
#include "psa/crypto_driver_contexts_composites.h"
struct psa_mac_operation_s
{
struct psa_mac_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@ -146,18 +143,16 @@ struct psa_mac_operation_s
static inline struct psa_mac_operation_s psa_mac_operation_init(void)
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
return( v );
return v;
}
struct psa_aead_operation_s
{
struct psa_aead_operation_s {
psa_algorithm_t alg;
unsigned int key_set : 1;
unsigned int iv_set : 1;
uint8_t iv_size;
uint8_t block_size;
union
{
union {
unsigned dummy; /* Enable easier initializing of the union. */
mbedtls_cipher_context_t cipher;
} ctx;
@ -167,12 +162,11 @@ struct psa_aead_operation_s
static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
return( v );
return v;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
typedef struct {
uint8_t *info;
size_t info_length;
#if PSA_HASH_MAX_SIZE > 0xff
@ -190,8 +184,7 @@ typedef struct
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
typedef enum
{
typedef enum {
PSA_TLS12_PRF_STATE_INIT, /* no input provided */
PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
@ -199,8 +192,7 @@ typedef enum
PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
} psa_tls12_prf_key_derivation_state_t;
typedef struct psa_tls12_prf_key_derivation_s
{
typedef struct psa_tls12_prf_key_derivation_s {
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
@ -229,13 +221,11 @@ typedef struct psa_tls12_prf_key_derivation_s
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
struct psa_key_derivation_s {
psa_algorithm_t alg;
unsigned int can_output_key : 1;
size_t capacity;
union
{
union {
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
@ -253,11 +243,10 @@ struct psa_key_derivation_s
static inline struct psa_key_derivation_s psa_key_derivation_operation_init(void)
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
return v;
}
struct psa_key_policy_s
{
struct psa_key_policy_s {
psa_key_usage_t usage;
psa_algorithm_t alg;
psa_algorithm_t alg2;
@ -268,7 +257,7 @@ typedef struct psa_key_policy_s psa_key_policy_t;
static inline struct psa_key_policy_s psa_key_policy_init(void)
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
return( v );
return v;
}
/* The type used internally for key sizes.
@ -307,8 +296,7 @@ typedef uint16_t psa_key_attributes_flag_t;
#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
0)
typedef struct
{
typedef struct {
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
@ -317,10 +305,10 @@ typedef struct
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, \
MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0 }
struct psa_key_attributes_s
{
struct psa_key_attributes_s {
psa_core_key_attributes_t core;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t slot_number;
@ -338,7 +326,7 @@ struct psa_key_attributes_s
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
return( v );
return v;
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
@ -348,8 +336,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
attributes->core.id = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
attributes->core.lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
@ -360,7 +347,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
return( attributes->core.id );
return attributes->core.id;
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
@ -375,8 +362,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
attributes->core.lifetime = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;
#else
@ -388,17 +374,19 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
return( attributes->core.lifetime );
return attributes->core.lifetime;
}
static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
{
if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
*usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
}
if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
*usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
@ -410,7 +398,7 @@ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
return( attributes->core.policy.usage );
return attributes->core.policy.usage;
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
@ -422,7 +410,7 @@ static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
return( attributes->core.policy.alg );
return attributes->core.policy.alg;
}
/* This function is declared in crypto_extra.h, which comes after this
@ -435,13 +423,10 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
if( attributes->domain_parameters == NULL )
{
if (attributes->domain_parameters == NULL) {
/* Common case: quick path */
attributes->core.type = type;
}
else
{
} else {
/* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
@ -453,22 +438,23 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
return( attributes->core.type );
return attributes->core.type;
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if( bits > PSA_MAX_KEY_BITS )
if (bits > PSA_MAX_KEY_BITS) {
attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
else
} else {
attributes->core.bits = (psa_key_bits_t) bits;
}
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
return( attributes->core.bits );
return attributes->core.bits;
}
#ifdef __cplusplus

3
include/psa/crypto_types.h
View File

@ -300,8 +300,7 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
typedef struct
{
typedef struct {
psa_key_id_t key_id;
mbedtls_key_owner_id_t owner;
} mbedtls_svc_key_id_t;

16
include/psa/crypto_values.h
View File

@ -2129,7 +2129,7 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
{
(void) unused;
return( key_id );
return key_id;
}
/** Compare two key identifiers.
@ -2142,7 +2142,7 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2)
{
return( id1 == id2 );
return id1 == id2;
}
/** Check whether a key identifier is null.
@ -2153,7 +2153,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*/
static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
return( key == 0 );
return key == 0;
}
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@ -2170,8 +2170,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
{
return( (mbedtls_svc_key_id_t){ .key_id = key_id,
.owner = owner_id } );
return (mbedtls_svc_key_id_t){ .key_id = key_id,
.owner = owner_id };
}
/** Compare two key identifiers.
@ -2184,8 +2184,8 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2)
{
return( ( id1.key_id == id2.key_id ) &&
mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
return (id1.key_id == id2.key_id) &&
mbedtls_key_owner_id_equal(id1.owner, id2.owner);
}
/** Check whether a key identifier is null.
@ -2196,7 +2196,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*/
static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
return( key.key_id == 0 );
return key.key_id == 0;
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

506
library/aes.c
View File

File diff suppressed because it is too large Load Diff

26
library/aesni.c
View File

@ -28,7 +28,8 @@
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#warning \
"MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
@ -52,8 +53,7 @@ int mbedtls_aesni_has_support( unsigned int what )
static int done = 0;
static unsigned int c = 0;
if( ! done )
{
if (!done) {
asm ("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
@ -62,7 +62,7 @@ int mbedtls_aesni_has_support( unsigned int what )
done = 1;
}
return( ( c & what ) != 0 );
return (c & what) != 0;
}
/*
@ -133,7 +133,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
: "memory", "cc", "xmm0", "xmm1");
return( 0 );
return 0;
}
/*
@ -148,8 +148,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
size_t i;
/* The inputs are in big-endian order, so byte-reverse them */
for( i = 0; i < 16; i++ )
{
for (i = 0; i < 16; i++) {
aa[i] = a[15 - i];
bb[i] = b[15 - i];
}
@ -242,8 +241,9 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
/* Now byte-reverse the outputs */
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
c[i] = cc[15 - i];
}
return;
}
@ -259,13 +259,14 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey,
memcpy(ik, fk, 16);
for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
asm ("movdqu (%0), %%xmm0 \n\t"
AESIMC xmm0_xmm0 "\n\t"
"movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0");
}
memcpy(ik, fk, 16);
}
@ -450,15 +451,14 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
const unsigned char *key,
size_t bits)
{
switch( bits )
{
switch (bits) {
case 128: aesni_setkey_enc_128(rk, key); break;
case 192: aesni_setkey_enc_192(rk, key); break;
case 256: aesni_setkey_enc_256(rk, key); break;
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_HAVE_X86_64 */

38
library/arc4.c
View File

@ -42,8 +42,9 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
void mbedtls_arc4_free(mbedtls_arc4_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_arc4_context));
}
@ -62,14 +63,16 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
ctx->y = 0;
m = ctx->m;
for( i = 0; i < 256; i++ )
for (i = 0; i < 256; i++) {
m[i] = (unsigned char) i;
}
j = k = 0;
for( i = 0; i < 256; i++, k++ )
{
if( k >= keylen ) k = 0;
for (i = 0; i < 256; i++, k++) {
if (k >= keylen) {
k = 0;
}
a = m[i];
j = (j + a + key[k]) & 0xFF;
@ -92,8 +95,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
y = ctx->y;
m = ctx->m;
for( i = 0; i < length; i++ )
{
for (i = 0; i < length; i++) {
x = (x + 1) & 0xFF; a = m[x];
y = (y + a) & 0xFF; b = m[y];
@ -107,7 +109,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned
ctx->x = x;
ctx->y = y;
return( 0 );
return 0;
}
#endif /* !MBEDTLS_ARC4_ALT */
@ -151,36 +153,38 @@ int mbedtls_arc4_self_test( int verbose )
mbedtls_arc4_init(&ctx);
for( i = 0; i < 3; i++ )
{
if( verbose != 0 )
for (i = 0; i < 3; i++) {
if (verbose != 0) {
mbedtls_printf(" ARC4 test #%d: ", i + 1);
}
memcpy(ibuf, arc4_test_pt[i], 8);
mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8);
mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf);
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
{
if( verbose != 0 )
if (memcmp(obuf, arc4_test_ct[i], 8) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
exit:
mbedtls_arc4_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

174
library/aria.c
View File

@ -61,7 +61,7 @@ static inline uint32_t aria_p1( uint32_t x )
{
uint32_t r;
__asm("rev16 %0, %1" : "=l" (r) : "l" (x));
return( r );
return r;
}
#define ARIA_P1 aria_p1
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
@ -70,7 +70,7 @@ static inline uint32_t aria_p1( uint32_t x )
{
uint32_t r;
__asm("rev16 r, x");
return( r );
return r;
}
#define ARIA_P1 aria_p1
#endif
@ -112,7 +112,7 @@ static inline uint32_t aria_p3( uint32_t x )
{
uint32_t r;
__asm("rev %0, %1" : "=l" (r) : "l" (x));
return( r );
return r;
}
#define ARIA_P3 aria_p3
#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
@ -121,7 +121,7 @@ static inline uint32_t aria_p3( uint32_t x )
{
uint32_t r;
__asm("rev r, x");
return( r );
return r;
}
#define ARIA_P3 aria_p3
#endif
@ -131,7 +131,7 @@ static inline uint32_t aria_p3( uint32_t x )
static inline uint32_t aria_p3(uint32_t x)
{
__asm("bswap %0" : "=r" (x) : "0" (x));
return( x );
return x;
}
#define ARIA_P3 aria_p3
#endif /* x86 gnuc */
@ -387,8 +387,7 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4],
j = (n / 32) % 4; // initial word offset
t = ARIA_P3(b[j]); // big endian
for( i = 0; i < 4; i++ )
{
for (i = 0; i < 4; i++) {
j = (j + 1) % 4; // get next word, big endian
u = ARIA_P3(b[j]);
t <<= n1; // rotate
@ -418,8 +417,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(ctx != NULL);
ARIA_VALIDATE_RET(key != NULL);
if( keybits != 128 && keybits != 192 && keybits != 256 )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (keybits != 128 && keybits != 192 && keybits != 256) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
/* Copy key to W0 (and potential remainder to W1) */
w[0][0] = MBEDTLS_GET_UINT32_LE(key, 0);
@ -428,13 +428,11 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12);
memset(w[1], 0, 16);
if( keybits >= 192 )
{
if (keybits >= 192) {
w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16); // 192 bit key
w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20);
}
if( keybits == 256 )
{
if (keybits == 256) {
w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24); // 256 bit key
w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28);
}
@ -448,8 +446,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
i = i < 2 ? i + 1 : 0;
aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1
for( i = 0; i < 4; i++ ) // create round keys
{
for (i = 0; i < 4; i++) { // create round keys
w2 = w[(i + 1) & 3];
aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);
aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31);
@ -461,7 +458,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
/* w holds enough info to reconstruct the round keys */
mbedtls_platform_zeroize(w, sizeof(w));
return( 0 );
return 0;
}
/*
@ -475,14 +472,13 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(key != NULL);
ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
/* flip the order of round keys */
for( i = 0, j = ctx->nr; i < j; i++, j-- )
{
for( k = 0; k < 4; k++ )
{
for (i = 0, j = ctx->nr; i < j; i++, j--) {
for (k = 0; k < 4; k++) {
uint32_t t = ctx->rk[i][k];
ctx->rk[i][k] = ctx->rk[j][k];
ctx->rk[j][k] = t;
@ -490,13 +486,12 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
}
/* apply affine transform to middle keys */
for( i = 1; i < ctx->nr; i++ )
{
for (i = 1; i < ctx->nr; i++) {
aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
&ctx->rk[i][2], &ctx->rk[i][3]);
}
return( 0 );
return 0;
}
/*
@ -519,8 +514,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
d = MBEDTLS_GET_UINT32_LE(input, 12);
i = 0;
while( 1 )
{
while (1) {
a ^= ctx->rk[i][0];
b ^= ctx->rk[i][1];
c ^= ctx->rk[i][2];
@ -537,8 +531,9 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
i++;
aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
if( i >= ctx->nr )
if (i >= ctx->nr) {
break;
}
aria_a(&a, &b, &c, &d);
}
@ -553,7 +548,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
MBEDTLS_PUT_UINT32_LE(c, output, 8);
MBEDTLS_PUT_UINT32_LE(d, output, 12);
return( 0 );
return 0;
}
/* Initialize context */
@ -566,8 +561,9 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx )
/* Clear context */
void mbedtls_aria_free(mbedtls_aria_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context));
}
@ -593,18 +589,18 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
ARIA_VALIDATE_RET(length == 0 || output != NULL);
ARIA_VALIDATE_RET(iv != NULL);
if( length % MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
if (length % MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
mbedtls_aria_crypt_ecb(ctx, input, output);
for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE);
@ -612,13 +608,11 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
output += MBEDTLS_ARIA_BLOCKSIZE;
length -= MBEDTLS_ARIA_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_aria_crypt_ecb(ctx, output, output);
memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE);
@ -629,7 +623,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -661,15 +655,15 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_ARIA_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_ARIA_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, iv, iv);
}
c = *input++;
*output++ = c ^ iv[n];
@ -677,13 +671,11 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -693,7 +685,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -723,19 +715,21 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
/* An overly large value of n can lead to an unlimited
* buffer overflow. Therefore, guard against this
* outside of parameter validation. */
if( n >= MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_aria_crypt_ecb(ctx, nonce_counter,
stream_block);
for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -744,7 +738,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_ARIA_ALT */
@ -920,11 +914,11 @@ int mbedtls_aria_self_test( int verbose )
/*
* Test set 1
*/
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* test ECB encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);
mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk);
ARIA_SELF_TEST_ASSERT(
@ -932,26 +926,28 @@ int mbedtls_aria_self_test( int verbose )
!= 0);
/* test ECB decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
ARIA_SELF_TEST_ASSERT(
memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
!= 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
/*
* Test set 2
*/
#if defined(MBEDTLS_CIPHER_MODE_CBC)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CBC encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0x55, sizeof(buf));
@ -961,8 +957,9 @@ int mbedtls_aria_self_test( int verbose )
!= 0);
/* Test CBC decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0xAA, sizeof(buf));
@ -970,17 +967,18 @@ int mbedtls_aria_self_test( int verbose )
aria_test2_cbc_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CFB encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0x55, sizeof(buf));
@ -990,8 +988,9 @@ int mbedtls_aria_self_test( int verbose )
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);
/* Test CFB decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
memset(buf, 0xAA, sizeof(buf));
@ -1000,16 +999,17 @@ int mbedtls_aria_self_test( int verbose )
iv, aria_test2_cfb_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
for( i = 0; i < 3; i++ )
{
for (i = 0; i < 3; i++) {
/* Test CTR encryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
memset(buf, 0x55, sizeof(buf));
@ -1019,8 +1019,9 @@ int mbedtls_aria_self_test( int verbose )
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);
/* Test CTR decryption */
if( verbose )
if (verbose) {
mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i);
}
mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0
memset(buf, 0xAA, sizeof(buf));
@ -1029,15 +1030,16 @@ int mbedtls_aria_self_test( int verbose )
aria_test2_ctr_ct[i], buf);
ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
}
if( verbose )
if (verbose) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
mbedtls_aria_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

263
library/asn1parse.c
View File

@ -40,34 +40,36 @@ int mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
size_t *len)
{
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
if( ( **p & 0x80 ) == 0 )
if ((**p & 0x80) == 0) {
*len = *(*p)++;
else
{
switch( **p & 0x7F )
{
} else {
switch (**p & 0x7F) {
case 1:
if( ( end - *p ) < 2 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 2) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = (*p)[1];
(*p) += 2;
break;
case 2:
if( ( end - *p ) < 3 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 3) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 8) | (*p)[2];
(*p) += 3;
break;
case 3:
if( ( end - *p ) < 4 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 4) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 16) |
((size_t) (*p)[2] << 8) | (*p)[3];
@ -75,8 +77,9 @@ int mbedtls_asn1_get_len( unsigned char **p,
break;
case 4:
if( ( end - *p ) < 5 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 5) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
((size_t) (*p)[3] << 8) | (*p)[4];
@ -84,29 +87,32 @@ int mbedtls_asn1_get_len( unsigned char **p,
break;
default:
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
}
if( *len > (size_t) ( end - *p ) )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if (*len > (size_t) (end - *p)) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag)
{
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
if( **p != tag )
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if (**p != tag) {
return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
}
(*p)++;
return( mbedtls_asn1_get_len( p, end, len ) );
return mbedtls_asn1_get_len(p, end, len);
}
int mbedtls_asn1_get_bool(unsigned char **p,
@ -116,16 +122,18 @@ int mbedtls_asn1_get_bool( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) {
return ret;
}
if( len != 1 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len != 1) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
*val = (**p != 0) ? 1 : 0;
(*p)++;
return( 0 );
return 0;
}
static int asn1_get_tagged_int(unsigned char **p,
@ -135,55 +143,58 @@ static int asn1_get_tagged_int( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) {
return ret;
}
/*
* len==0 is malformed (0 must be represented as 020100 for INTEGER,
* or 0A0100 for ENUMERATED tags
*/
if( len == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len == 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
/* This is a cryptography library. Reject negative integers. */
if( ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if ((**p & 0x80) != 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
/* Skip leading zeros. */
while( len > 0 && **p == 0 )
{
while (len > 0 && **p == 0) {
++(*p);
--len;
}
/* Reject integers that don't fit in an int. This code assumes that
* the int type has no padding bit. */
if( len > sizeof( int ) )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (len > sizeof(int)) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
if (len == sizeof(int) && (**p & 0x80) != 0) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
*val = 0;
while( len-- > 0 )
{
while (len-- > 0) {
*val = (*val << 8) | **p;
(*p)++;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_int(unsigned char **p,
const unsigned char *end,
int *val)
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val);
}
int mbedtls_asn1_get_enum(unsigned char **p,
const unsigned char *end,
int *val)
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val);
}
#if defined(MBEDTLS_BIGNUM_C)
@ -194,14 +205,15 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
return ret;
}
ret = mbedtls_mpi_read_binary(X, *p, len);
*p += len;
return( ret );
return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -211,28 +223,32 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Certificate type is a single byte bitstring */
if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
return ret;
}
/* Check length, subtract one for actual bit string length */
if( bs->len < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if (bs->len < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
bs->len -= 1;
/* Get number of unused bits, ensure unused bits <= 7 */
bs->unused_bits = **p;
if( bs->unused_bits > 7 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if (bs->unused_bits > 7) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
(*p)++;
/* Get actual bitstring */
bs->p = *p;
*p += bs->len;
if( *p != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
return( 0 );
return 0;
}
/*
@ -253,38 +269,38 @@ int mbedtls_asn1_traverse_sequence_of(
/* Get main sequence tag */
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( ret );
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return ret;
}
if( *p + len != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p + len != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
while( *p < end )
{
while (*p < end) {
unsigned char const tag = *(*p)++;
if( ( tag & tag_must_mask ) != tag_must_val )
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if ((tag & tag_must_mask) != tag_must_val) {
return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
}
if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) {
return ret;
}
if( ( tag & tag_may_mask ) == tag_may_val )
{
if( cb != NULL )
{
if ((tag & tag_may_mask) == tag_may_val) {
if (cb != NULL) {
ret = cb(ctx, tag, *p, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
}
*p += len;
}
return( 0 );
return 0;
}
/*
@ -295,24 +311,26 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
return ret;
}
if( *len == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if (*len == 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
--(*len);
if( **p != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if (**p != 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
++(*p);
return( 0 );
return 0;
}
void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq)
{
while( seq != NULL )
{
while (seq != NULL) {
mbedtls_asn1_sequence *next = seq->next;
mbedtls_platform_zeroize(seq, sizeof(*seq));
mbedtls_free(seq);
@ -320,8 +338,7 @@ void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
}
}
typedef struct
{
typedef struct {
int tag;
mbedtls_asn1_sequence *cur;
} asn1_get_sequence_of_cb_ctx_t;
@ -336,13 +353,13 @@ static int asn1_get_sequence_of_cb( void *ctx,
mbedtls_asn1_sequence *cur =
cb_ctx->cur;
if( cur->buf.p != NULL )
{
if (cur->buf.p != NULL) {
cur->next =
mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
if( cur->next == NULL )
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
if (cur->next == NULL) {
return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
}
cur = cur->next;
}
@ -352,7 +369,7 @@ static int asn1_get_sequence_of_cb( void *ctx,
cur->buf.tag = tag;
cb_ctx->cur = cur;
return( 0 );
return 0;
}
/*
@ -365,9 +382,9 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
{
asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
memset(cur, 0, sizeof(mbedtls_asn1_sequence));
return( mbedtls_asn1_traverse_sequence_of(
return mbedtls_asn1_traverse_sequence_of(
p, end, 0xFF, tag, 0, 0,
asn1_get_sequence_of_cb, &cb_ctx ) );
asn1_get_sequence_of_cb, &cb_ctx);
}
int mbedtls_asn1_get_alg(unsigned char **p,
@ -378,40 +395,44 @@ int mbedtls_asn1_get_alg( unsigned char **p,
size_t len;
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( ret );
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return ret;
}
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if ((end - *p) < 1) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
alg->tag = **p;
end = *p + len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) {
return ret;
}
alg->p = *p;
*p += alg->len;
if( *p == end )
{
if (*p == end) {
mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
return( 0 );
return 0;
}
params->tag = **p;
(*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_len(p, end, &params->len)) != 0) {
return ret;
}
params->p = *p;
*p += params->len;
if( *p != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if (*p != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
return( 0 );
return 0;
}
int mbedtls_asn1_get_alg_null(unsigned char **p,
@ -423,19 +444,22 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
memset(&params, 0, sizeof(mbedtls_asn1_buf));
if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
return( ret );
if ((ret = mbedtls_asn1_get_alg(p, end, alg, &params)) != 0) {
return ret;
}
if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
return( 0 );
return 0;
}
void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur)
{
if( cur == NULL )
if (cur == NULL) {
return;
}
mbedtls_free(cur->oid.p);
mbedtls_free(cur->val.p);
@ -447,8 +471,7 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
{
mbedtls_asn1_named_data *cur;
while( ( cur = *head ) != NULL )
{
while ((cur = *head) != NULL) {
*head = cur->next;
mbedtls_asn1_free_named_data(cur);
mbedtls_free(cur);
@ -458,18 +481,16 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list,
const char *oid, size_t len)
{
while( list != NULL )
{
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
return( list );
return list;
}
#endif /* MBEDTLS_ASN1_PARSE_C */

222
library/asn1write.c
View File

@ -30,76 +30,77 @@
int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
{
if( len < 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = (unsigned char) len;
return( 1 );
if (len < 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
if( len <= 0xFF )
{
if( *p - start < 2 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = (unsigned char) len;
return 1;
}
if (len <= 0xFF) {
if (*p - start < 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (unsigned char) len;
*--(*p) = 0x81;
return( 2 );
return 2;
}
if( len <= 0xFFFF )
{
if( *p - start < 3 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len <= 0xFFFF) {
if (*p - start < 3) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = 0x82;
return( 3 );
return 3;
}
if( len <= 0xFFFFFF )
{
if( *p - start < 4 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len <= 0xFFFFFF) {
if (*p - start < 4) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = 0x83;
return( 4 );
return 4;
}
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
len_is_valid = (len <= 0xFFFFFFFF);
#endif
if( len_is_valid )
{
if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (len_is_valid) {
if (*p - start < 5) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = MBEDTLS_BYTE_3(len);
*--(*p) = 0x84;
return( 5 );
return 5;
}
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = tag;
return( 1 );
return 1;
}
int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start,
@ -107,14 +108,15 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
{
size_t len = 0;
if( *p < start || (size_t)( *p - start ) < size )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < size) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len = size;
(*p) -= len;
memcpy(*p, buf, len);
return( (int) len );
return (int) len;
}
#if defined(MBEDTLS_BIGNUM_C)
@ -129,11 +131,13 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
/* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
* as 0 digits. We need to end up with 020100, not with 0200. */
if( len == 0 )
if (len == 0) {
len = 1;
}
if( *p < start || (size_t)( *p - start ) < len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < len) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
(*p) -= len;
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len));
@ -141,10 +145,10 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
if( X->s ==1 && **p & 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (X->s == 1 && **p & 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = 0x00;
len += 1;
@ -156,7 +160,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
ret = (int) len;
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -170,7 +174,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
@ -184,7 +188,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start,
@ -194,18 +198,20 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( par_len == 0 )
if (par_len == 0) {
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
else
} else {
len += par_len;
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
@ -213,8 +219,9 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (boolean) ? 255 : 0;
len++;
@ -222,7 +229,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
return( (int) len );
return (int) len;
}
static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag)
@ -230,20 +237,19 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
do {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len += 1;
*--(*p) = val & 0xff;
val >>= 8;
}
while( val > 0 );
} while (val > 0);
if( **p & 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (**p & 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = 0x00;
len += 1;
}
@ -251,17 +257,17 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val)
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER);
}
int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val)
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED);
}
int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag,
@ -271,30 +277,32 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, i
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
(const unsigned char *) text, text_len ) );
(const unsigned char *) text,
text_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len);
}
int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text,
text_len);
}
int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start,
const char *text, size_t text_len)
{
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len);
}
int mbedtls_asn1_write_named_bitstring(unsigned char **p,
@ -315,29 +323,30 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
* when encoding this value in the first content octet
*/
if( bits != 0 )
{
if (bits != 0) {
cur_byte = buf + byte_len - 1;
cur_byte_shifted = *cur_byte >> unused_bits;
for( ; ; )
{
for (;;) {
bit = cur_byte_shifted & 0x1;
cur_byte_shifted >>= 1;
if( bit != 0 )
if (bit != 0) {
break;
}
bits--;
if( bits == 0 )
if (bits == 0) {
break;
}
if( bits % 8 == 0 )
if (bits % 8 == 0) {
cur_byte_shifted = *--cur_byte;
}
}
}
return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
return mbedtls_asn1_write_bitstring(p, start, buf, bits);
}
int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start,
@ -350,14 +359,14 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
byte_len = (bits + 7) / 8;
unused_bits = (byte_len * 8) - bits;
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
if (*p < start || (size_t) (*p - start) < byte_len + 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
len = byte_len + 1;
/* Write the bitstring. Ensure the unused bits are zeroed */
if( byte_len > 0 )
{
if (byte_len > 0) {
byte_len--;
*--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
(*p) -= byte_len;
@ -370,7 +379,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
return( (int) len );
return (int) len;
}
int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start,
@ -384,7 +393,7 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
return( (int) len );
return (int) len;
}
@ -394,18 +403,16 @@ static mbedtls_asn1_named_data *asn1_find_named_data(
mbedtls_asn1_named_data *list,
const char *oid, size_t len)
{
while( list != NULL )
{
while (list != NULL) {
if (list->oid.len == len &&
memcmp( list->oid.p, oid, len ) == 0 )
{
memcmp(list->oid.p, oid, len) == 0) {
break;
}
list = list->next;
}
return( list );
return list;
}
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
@ -416,64 +423,59 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
{
mbedtls_asn1_named_data *cur;
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
{
if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
// Add new entry if not present yet based on OID
//
cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1,
sizeof(mbedtls_asn1_named_data));
if( cur == NULL )
return( NULL );
if (cur == NULL) {
return NULL;
}
cur->oid.len = oid_len;
cur->oid.p = mbedtls_calloc(1, oid_len);
if( cur->oid.p == NULL )
{
if (cur->oid.p == NULL) {
mbedtls_free(cur);
return( NULL );
return NULL;
}
memcpy(cur->oid.p, oid, oid_len);
cur->val.len = val_len;
if( val_len != 0 )
{
if (val_len != 0) {
cur->val.p = mbedtls_calloc(1, val_len);
if( cur->val.p == NULL )
{
if (cur->val.p == NULL) {
mbedtls_free(cur->oid.p);
mbedtls_free(cur);
return( NULL );
return NULL;
}
}
cur->next = *head;
*head = cur;
}
else if( val_len == 0 )
{
} else if (val_len == 0) {
mbedtls_free(cur->val.p);
cur->val.p = NULL;
}
else if( cur->val.len != val_len )
{
} else if (cur->val.len != val_len) {
/*
* Enlarge existing value buffer if needed
* Preserve old data until the allocation succeeded, to leave list in
* a consistent state in case allocation fails.
*/
void *p = mbedtls_calloc(1, val_len);
if( p == NULL )
return( NULL );
if (p == NULL) {
return NULL;
}
mbedtls_free(cur->val.p);
cur->val.p = p;
cur->val.len = val_len;
}
if( val != NULL && val_len != 0 )
if (val != NULL && val_len != 0) {
memcpy(cur->val.p, val, val_len);
}
return( cur );
return cur;
}
#endif /* MBEDTLS_ASN1_WRITE_C */

145
library/base64.c
View File

@ -43,32 +43,28 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
int C1, C2, C3;
unsigned char *p;
if( slen == 0 )
{
if (slen == 0) {
*olen = 0;
return( 0 );
return 0;
}
n = slen / 3 + (slen % 3 != 0);
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
{
if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
*olen = BASE64_SIZE_T_MAX;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
n *= 4;
if( ( dlen < n + 1 ) || ( NULL == dst ) )
{
if ((dlen < n + 1) || (NULL == dst)) {
*olen = n + 1;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
n = (slen / 3) * 3;
for( i = 0, p = dst; i < n; i += 3 )
{
for (i = 0, p = dst; i < n; i += 3) {
C1 = *src++;
C2 = *src++;
C3 = *src++;
@ -81,8 +77,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F);
}
if( i < slen )
{
if (i < slen) {
C1 = *src++;
C2 = ((i + 1) < slen) ? *src++ : 0;
@ -90,9 +85,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
& 0x3F);
if( ( i + 1 ) < slen )
if ((i + 1) < slen) {
*p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F);
else *p++ = '=';
} else {
*p++ = '=';
}
*p++ = '=';
}
@ -100,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
*olen = p - dst;
*p = 0;
return( 0 );
return 0;
}
/*
@ -118,53 +115,55 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
unsigned char *p;
/* First pass: check for validity and get output length */
for( i = n = 0; i < slen; i++ )
{
for (i = n = 0; i < slen; i++) {
/* Skip spaces before checking for EOL */
spaces_present = 0;
while( i < slen && src[i] == ' ' )
{
while (i < slen && src[i] == ' ') {
++i;
spaces_present = 1;
}
/* Spaces at end of buffer are OK */
if( i == slen )
if (i == slen) {
break;
}
if ((slen - i) >= 2 &&
src[i] == '\r' && src[i + 1] == '\n' )
src[i] == '\r' && src[i + 1] == '\n') {
continue;
}
if( src[i] == '\n' )
if (src[i] == '\n') {
continue;
}
/* Space inside a line is an error */
if( spaces_present )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] > 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] == '=' )
{
if( ++equals > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if (spaces_present) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (src[i] > 127) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (src[i] == '=') {
if (++equals > 2) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
} else {
if (equals != 0) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
if (mbedtls_ct_base64_dec_value(src[i]) < 0) {
return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
}
else
{
if( equals != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
}
n++;
}
if( n == 0 )
{
if (n == 0) {
*olen = 0;
return( 0 );
return 0;
}
/* The following expression is to calculate the following formula without
@ -174,36 +173,39 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
n -= equals;
if( dst == NULL || dlen < n )
{
if (dst == NULL || dlen < n) {
*olen = n;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
equals = 0;
for( x = 0, p = dst; i > 0; i--, src++ )
{
if( *src == '\r' || *src == '\n' || *src == ' ' )
for (x = 0, p = dst; i > 0; i--, src++) {
if (*src == '\r' || *src == '\n' || *src == ' ') {
continue;
}
x = x << 6;
if( *src == '=' )
if (*src == '=') {
++equals;
else
} else {
x |= mbedtls_ct_base64_dec_value(*src);
}
if( ++accumulated_digits == 4 )
{
if (++accumulated_digits == 4) {
accumulated_digits = 0;
*p++ = MBEDTLS_BYTE_2(x);
if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
if (equals <= 1) {
*p++ = MBEDTLS_BYTE_1(x);
}
if (equals <= 0) {
*p++ = MBEDTLS_BYTE_0(x);
}
}
}
*olen = p - dst;
return( 0 );
return 0;
}
#if defined(MBEDTLS_SELF_TEST)
@ -233,38 +235,41 @@ int mbedtls_base64_self_test( int verbose )
const unsigned char *src;
unsigned char buffer[128];
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" Base64 encoding test: ");
}
src = base64_test_dec;
if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
if( verbose != 0 )
memcmp(base64_test_enc, buffer, 88) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
return 1;
}
if (verbose != 0) {
mbedtls_printf("passed\n Base64 decoding test: ");
}
src = base64_test_enc;
if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
{
if( verbose != 0 )
memcmp(base64_test_dec, buffer, 64) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
mbedtls_printf( "passed\n\n" );
return 1;
}
return( 0 );
if (verbose != 0) {
mbedtls_printf("passed\n\n");
}
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

1213
library/bignum.c
View File

File diff suppressed because it is too large Load Diff

119
library/blowfish.c
View File

@ -67,7 +67,7 @@ static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
y = y ^ ctx->S[2][c];
y = y + ctx->S[3][d];
return( y );
return y;
}
static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
@ -78,8 +78,7 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
Xl = *xl;
Xr = *xr;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -107,8 +106,7 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t
Xl = *xl;
Xr = *xr;
for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
{
for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) {
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
@ -136,8 +134,9 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_blowfish_context));
}
@ -156,52 +155,47 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
keybits % 8 != 0 )
{
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
keybits % 8 != 0) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
keybits >>= 3;
for( i = 0; i < 4; i++ )
{
for( j = 0; j < 256; j++ )
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j++) {
ctx->S[i][j] = S[i][j];
}
}
j = 0;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) {
data = 0x00000000;
for( k = 0; k < 4; ++k )
{
for (k = 0; k < 4; ++k) {
data = (data << 8) | key[j++];
if( j >= keybits )
if (j >= keybits) {
j = 0;
}
}
ctx->P[i] = P[i] ^ data;
}
datal = 0x00000000;
datar = 0x00000000;
for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
{
for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->P[i] = datal;
ctx->P[i + 1] = datar;
}
for( i = 0; i < 4; i++ )
{
for( j = 0; j < 256; j += 2 )
{
for (i = 0; i < 4; i++) {
for (j = 0; j < 256; j += 2) {
blowfish_enc(ctx, &datal, &datar);
ctx->S[i][j] = datal;
ctx->S[i][j + 1] = datar;
}
}
return( 0 );
return 0;
}
/*
@ -222,19 +216,16 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
X0 = MBEDTLS_GET_UINT32_BE(input, 0);
X1 = MBEDTLS_GET_UINT32_BE(input, 4);
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
blowfish_dec(ctx, &X0, &X1);
}
else /* MBEDTLS_BLOWFISH_ENCRYPT */
{
} else { /* MBEDTLS_BLOWFISH_ENCRYPT */
blowfish_enc(ctx, &X0, &X1);
}
MBEDTLS_PUT_UINT32_BE(X0, output, 0);
MBEDTLS_PUT_UINT32_BE(X1, output, 4);
return( 0 );
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@ -257,18 +248,18 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || input != NULL);
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
if (length % MBEDTLS_BLOWFISH_BLOCKSIZE) {
return MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length > 0) {
memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE);
mbedtls_blowfish_crypt_ecb(ctx, mode, input, output);
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE);
@ -276,13 +267,11 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
output += MBEDTLS_BLOWFISH_BLOCKSIZE;
length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
} else {
while (length > 0) {
for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_blowfish_crypt_ecb(ctx, mode, output, output);
memcpy(iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE);
@ -293,7 +282,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -321,15 +310,15 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
if( n >= 8 )
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
if (n >= 8) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_BLOWFISH_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
}
c = *input++;
*output++ = (unsigned char) (c ^ iv[n]);
@ -337,13 +326,11 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -353,7 +340,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /*MBEDTLS_CIPHER_MODE_CFB */
@ -379,19 +366,21 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
BLOWFISH_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
if( n >= 8 )
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
if (n >= 8) {
return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
stream_block);
for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -400,7 +389,7 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */

172
library/camellia.c
View File

@ -297,8 +297,9 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
}
@ -326,21 +327,22 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
memset(t, 0, 64);
memset(RK, 0, sizeof(ctx->rk));
switch( keybits )
{
switch (keybits) {
case 128: ctx->nr = 3; idx = 0; break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
for( i = 0; i < keybits / 8; ++i )
for (i = 0; i < keybits / 8; ++i) {
t[i] = key[i];
}
if (keybits == 192) {
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
t[24 + i] = ~t[16 + i];
}
}
/*
* Prepare SIGMA values
@ -357,26 +359,30 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
memset(KC, 0, sizeof(KC));
/* Store KL, KR */
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
}
/* Generate KA */
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[8 + i] = KC[i] ^ KC[4 + i];
}
camellia_feistel(KC + 8, SIGMA[0], KC + 10);
camellia_feistel(KC + 10, SIGMA[1], KC + 8);
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[8 + i] ^= KC[i];
}
camellia_feistel(KC + 8, SIGMA[2], KC + 10);
camellia_feistel(KC + 10, SIGMA[3], KC + 8);
if (keybits > 128) {
/* Generate KB */
for( i = 0; i < 4; ++i )
for (i = 0; i < 4; ++i) {
KC[12 + i] = KC[4 + i] ^ KC[8 + i];
}
camellia_feistel(KC + 12, SIGMA[4], KC + 14);
camellia_feistel(KC + 14, SIGMA[5], KC + 12);
@ -409,7 +415,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
}
}
return( 0 );
return 0;
}
/*
@ -430,8 +436,9 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
mbedtls_camellia_init(&cty);
/* Also checks keybits */
if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
goto exit;
}
ctx->nr = cty.nr;
idx = (ctx->nr == 4);
@ -444,8 +451,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
*RK++ = *SK++;
*RK++ = *SK++;
for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
{
for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
*RK++ = *SK++;
*RK++ = *SK++;
}
@ -460,7 +466,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
exit:
mbedtls_camellia_free(&cty);
return( ret );
return ret;
}
/*
@ -527,7 +533,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
return( 0 );
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@ -550,18 +556,18 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
if (length % 16) {
return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length > 0 )
{
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length > 0) {
memcpy(temp, input, 16);
mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
for( i = 0; i < 16; i++ )
for (i = 0; i < 16; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 16);
@ -569,13 +575,11 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
output += 16;
length -= 16;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < 16; i++ )
} else {
while (length > 0) {
for (i = 0; i < 16; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
memcpy(iv, output, 16);
@ -586,7 +590,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
}
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -613,15 +617,15 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *iv_off;
if( n >= 16 )
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
if (n >= 16) {
return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
while( length-- )
{
if( n == 0 )
if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
}
c = *input++;
*output++ = (unsigned char) (c ^ iv[n]);
@ -629,13 +633,11 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
n = (n + 1) & 0x0F;
}
}
else
{
while( length-- )
{
if( n == 0 )
} else {
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
}
iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
@ -645,7 +647,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
*iv_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@ -671,19 +673,21 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
n = *nc_off;
if( n >= 16 )
return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
if (n >= 16) {
return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
}
while( length-- )
{
while (length--) {
if (n == 0) {
mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
stream_block);
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
for (i = 16; i > 0; i--) {
if (++nonce_counter[i - 1] != 0) {
break;
}
}
}
c = *input++;
*output++ = (unsigned char) (c ^ stream_block[n]);
@ -692,7 +696,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
*nc_off = n;
return( 0 );
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_CAMELLIA_ALT */
@ -923,9 +927,10 @@ int mbedtls_camellia_self_test( int verbose )
u = j >> 1;
v = j & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
@ -942,33 +947,35 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
for( j = 0; j < 6; j++ )
{
for (j = 0; j < 6; j++) {
u = j >> 1;
v = j & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
memcpy(src, camellia_test_cbc_iv, 16);
memcpy(dst, camellia_test_cbc_iv, 16);
@ -994,34 +1001,36 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, dst, 16) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* CTR mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
memcpy(key, camellia_test_ctr_key[u], 16);
@ -1029,50 +1038,49 @@ int mbedtls_camellia_self_test( int verbose )
offset = 0;
mbedtls_camellia_setkey_enc(&ctx, key, 128);
if( v == MBEDTLS_CAMELLIA_DECRYPT )
{
if (v == MBEDTLS_CAMELLIA_DECRYPT) {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_ct[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
else
{
} else {
len = camellia_test_ctr_len[u];
memcpy(buf, camellia_test_ctr_pt[u], len);
mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
buf, buf);
if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
{
if( verbose != 0 )
if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
ret = 0;
exit:
mbedtls_camellia_free(&ctx);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

165
library/ccm.c
View File

@ -70,24 +70,26 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
MBEDTLS_MODE_ECB);
if( cipher_info == NULL )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (cipher_info == NULL) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( cipher_info->block_size != 16 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (cipher_info->block_size != 16) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
return( ret );
if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
return ret;
}
return( 0 );
if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
return 0;
}
/*
@ -95,8 +97,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
*/
void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
@ -115,7 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
y[i] ^= b[i]; \
\
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, y, 16, y, &olen)) != 0) \
return( ret );
return ret;
/*
* Encrypt or decrypt a partial block with CTR
@ -128,7 +131,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctr, \
16, b, &olen)) != 0) \
{ \
return( ret ); \
return ret; \
} \
\
for (i = 0; i < (len); i++) \
@ -161,15 +164,18 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
*
* Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
*/
if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
/* Also implies q is within bounds */
if( iv_len < 7 || iv_len > 13 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (iv_len < 7 || iv_len > 13) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( add_len >= 0xFF00 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (add_len >= 0xFF00) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
q = 16 - 1 - (unsigned char) iv_len;
@ -192,11 +198,13 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
memcpy(b + 1, iv, iv_len);
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
for (i = 0, len_left = length; i < q; i++, len_left >>= 8) {
b[15-i] = MBEDTLS_BYTE_0(len_left);
}
if( len_left > 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (len_left > 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
/* Start CBC-MAC with first block */
@ -207,8 +215,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
if( add_len > 0 )
{
if (add_len > 0) {
size_t use_len;
len_left = add_len;
src = add;
@ -223,8 +230,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
UPDATE_CBC_MAC;
while( len_left > 0 )
{
while (len_left > 0) {
use_len = len_left > 16 ? 16 : len_left;
memset(b, 0, 16);
@ -261,12 +267,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
src = input;
dst = output;
while( len_left > 0 )
{
while (len_left > 0) {
size_t use_len = len_left > 16 ? 16 : len_left;
if( mode == CCM_ENCRYPT )
{
if (mode == CCM_ENCRYPT) {
memset(b, 0, 16);
memcpy(b, src, use_len);
UPDATE_CBC_MAC;
@ -274,8 +278,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
CTR_CRYPT(dst, src, use_len);
if( mode == CCM_DECRYPT )
{
if (mode == CCM_DECRYPT) {
memset(b, 0, 16);
memcpy(b, dst, use_len);
UPDATE_CBC_MAC;
@ -289,21 +292,24 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
* Increment counter.
* No need to check for overflow thanks to the length check above.
*/
for( i = 0; i < q; i++ )
if( ++ctr[15-i] != 0 )
for (i = 0; i < q; i++) {
if (++ctr[15-i] != 0) {
break;
}
}
}
/*
* Authentication: reset counter and crypt/mask internal tag
*/
for( i = 0; i < q; i++ )
for (i = 0; i < q; i++) {
ctr[15-i] = 0;
}
CTR_CRYPT(y, y, 16);
memcpy(tag, y, tag_len);
return( 0 );
return 0;
}
/*
@ -321,8 +327,8 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || input != NULL);
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
return ccm_auth_crypt(ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len);
}
int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
@ -337,11 +343,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || input != NULL);
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
return mbedtls_ccm_star_encrypt_and_tag(ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len);
}
/*
@ -367,22 +374,21 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
return( ret );
input, output, check_tag, tag_len)) != 0) {
return ret;
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
for (diff = 0, i = 0; i < tag_len; i++) {
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}
return( 0 );
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return MBEDTLS_ERR_CCM_AUTH_FAILED;
}
return 0;
}
int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
@ -398,11 +404,12 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
CCM_VALIDATE_RET(length == 0 || output != NULL);
CCM_VALIDATE_RET(tag_len == 0 || tag != NULL);
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
if (tag_len == 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len ) );
return mbedtls_ccm_star_auth_decrypt(ctx, length, iv, iv_len, add,
add_len, input, output, tag, tag_len);
}
#endif /* !MBEDTLS_CCM_ALT */
@ -471,18 +478,18 @@ int mbedtls_ccm_self_test( int verbose )
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
8 * sizeof key_test_data ) != 0 )
{
if( verbose != 0 )
8 * sizeof key_test_data) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
return( 1 );
}
for( i = 0; i < NB_TESTS; i++ )
{
if( verbose != 0 )
return 1;
}
for (i = 0; i < NB_TESTS; i++) {
if (verbose != 0) {
mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1);
}
memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN);
@ -497,12 +504,12 @@ int mbedtls_ccm_self_test( int verbose )
if (ret != 0 ||
memcmp(ciphertext, res_test_data[i],
msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
return( 1 );
return 1;
}
memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
@ -514,24 +521,26 @@ int mbedtls_ccm_self_test( int verbose )
tag_len_test_data[i]);
if (ret != 0 ||
memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
return( 1 );
}
if( verbose != 0 )
return 1;
}
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
mbedtls_ccm_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

54
library/chacha20.c
View File

@ -128,8 +128,9 @@ static void chacha20_block( const uint32_t initial_state[16],
initial_state,
CHACHA20_BLOCK_SIZE_BYTES);
for( i = 0U; i < 10U; i++ )
for (i = 0U; i < 10U; i++) {
chacha20_inner_block(working_state);
}
working_state[0] += initial_state[0];
working_state[1] += initial_state[1];
@ -148,8 +149,7 @@ static void chacha20_block( const uint32_t initial_state[16],
working_state[14] += initial_state[14];
working_state[15] += initial_state[15];
for( i = 0U; i < 16; i++ )
{
for (i = 0U; i < 16; i++) {
size_t offset = i * 4U;
MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
@ -171,8 +171,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
{
if( ctx != NULL )
{
if (ctx != NULL) {
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
}
}
@ -199,7 +198,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);
ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);
return( 0 );
return 0;
}
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
@ -222,7 +221,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
/* Initially, there's no keystream bytes available */
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
return( 0 );
return 0;
}
int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
@ -238,8 +237,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
CHACHA20_VALIDATE_RET(size == 0 || output != NULL);
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
output[offset] = input[offset]
^ ctx->keystream8[ctx->keystream_bytes_used];
@ -249,14 +247,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Process full blocks */
while( size >= CHACHA20_BLOCK_SIZE_BYTES )
{
while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < 64U; i += 8U )
{
for (i = 0U; i < 64U; i += 8U) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
@ -272,14 +268,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Last (partial) block */
if( size > 0U )
{
if (size > 0U) {
/* Generate new keystream block and increment counter */
chacha20_block(ctx->state, ctx->keystream8);
ctx->state[CHACHA20_CTR_INDEX]++;
for( i = 0U; i < size; i++)
{
for (i = 0U; i < size; i++) {
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
@ -287,7 +281,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
return( 0 );
return 0;
}
int mbedtls_chacha20_crypt(const unsigned char key[32],
@ -308,18 +302,20 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
mbedtls_chacha20_init(&ctx);
ret = mbedtls_chacha20_setkey(&ctx, key);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chacha20_starts(&ctx, nonce, counter);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chacha20_update(&ctx, data_len, input, output);
cleanup:
mbedtls_chacha20_free(&ctx);
return( ret );
return ret;
}
#endif /* !MBEDTLS_CHACHA20_ALT */
@ -503,7 +499,7 @@ static const size_t test_lengths[2] =
if (verbose != 0) \
mbedtls_printf args; \
\
return( -1 ); \
return -1; \
} \
} \
while (0)
@ -514,10 +510,10 @@ int mbedtls_chacha20_self_test( int verbose )
unsigned i;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{
if( verbose != 0 )
for (i = 0U; i < 2U; i++) {
if (verbose != 0) {
mbedtls_printf(" ChaCha20 test %u ", i);
}
ret = mbedtls_chacha20_crypt(test_keys[i],
test_nonces[i],
@ -531,14 +527,16 @@ int mbedtls_chacha20_self_test( int verbose )
ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]),
("failed (output)\n"));
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

158
library/chachapoly.c
View File

@ -53,14 +53,15 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
unsigned char zeroes[15];
if( partial_block_len == 0U )
return( 0 );
if (partial_block_len == 0U) {
return 0;
}
memset(zeroes, 0, sizeof(zeroes));
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
return mbedtls_poly1305_update(&ctx->poly1305_ctx,
zeroes,
16U - partial_block_len ) );
16U - partial_block_len);
}
/**
@ -73,13 +74,14 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
unsigned char zeroes[15];
if( partial_block_len == 0U )
return( 0 );
if (partial_block_len == 0U) {
return 0;
}
memset(zeroes, 0, sizeof(zeroes));
return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
return mbedtls_poly1305_update(&ctx->poly1305_ctx,
zeroes,
16U - partial_block_len ) );
16U - partial_block_len);
}
void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
@ -96,8 +98,9 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_chacha20_free(&ctx->chacha20_ctx);
mbedtls_poly1305_free(&ctx->poly1305_ctx);
@ -116,7 +119,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
return( ret );
return ret;
}
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
@ -130,8 +133,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with
* counter = 0. This is the same as encrypting a buffer of zeroes.
@ -141,13 +145,13 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
memset(poly1305_key, 0, sizeof(poly1305_key));
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
poly1305_key, poly1305_key);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
if( ret == 0 )
{
if (ret == 0) {
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
ctx->state = CHACHAPOLY_STATE_AAD;
@ -156,7 +160,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
cleanup:
mbedtls_platform_zeroize(poly1305_key, 64U);
return( ret );
return ret;
}
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
@ -166,12 +170,13 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL);
if( ctx->state != CHACHAPOLY_STATE_AAD )
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
if (ctx->state != CHACHAPOLY_STATE_AAD) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
ctx->aad_len += aad_len;
return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
}
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
@ -185,44 +190,44 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL);
if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
(ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
ret = chachapoly_pad_aad(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
ctx->ciphertext_len += len;
if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
{
if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
else /* DECRYPT */
{
} else { /* DECRYPT */
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
return( 0 );
return 0;
}
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
@ -233,22 +238,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(mac != NULL);
if( ctx->state == CHACHAPOLY_STATE_INIT )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
if (ctx->state == CHACHAPOLY_STATE_INIT) {
return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
}
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
if (ctx->state == CHACHAPOLY_STATE_AAD) {
ret = chachapoly_pad_aad(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
{
} else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
ret = chachapoly_pad_ciphertext(ctx);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
}
ctx->state = CHACHAPOLY_STATE_FINISHED;
@ -260,12 +263,13 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
return( ret );
return ret;
}
static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
@ -281,21 +285,24 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_update(ctx, length, input, output);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
ret = mbedtls_chachapoly_finish(ctx, tag);
cleanup:
return( ret );
return ret;
}
int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
@ -314,9 +321,9 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL);
CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL);
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
length, nonce, aad, aad_len,
input, output, tag ) );
input, output, tag);
}
int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
@ -341,22 +348,21 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
if ((ret = chachapoly_crypt_and_tag(ctx,
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
aad, aad_len, input, output, check_tag ) ) != 0 )
{
return( ret );
aad, aad_len, input, output, check_tag)) != 0) {
return ret;
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
}
return( 0 );
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED;
}
return 0;
}
#endif /* MBEDTLS_CHACHAPOLY_ALT */
@ -460,7 +466,7 @@ static const unsigned char test_mac[1][16] =
if (verbose != 0) \
mbedtls_printf args; \
\
return( -1 ); \
return -1; \
} \
} \
while (0)
@ -473,10 +479,10 @@ int mbedtls_chachapoly_self_test( int verbose )
unsigned char output[200];
unsigned char mac[16];
for( i = 0U; i < 1U; i++ )
{
if( verbose != 0 )
for (i = 0U; i < 1U; i++) {
if (verbose != 0) {
mbedtls_printf(" ChaCha20-Poly1305 test %u ", i);
}
mbedtls_chachapoly_init(&ctx);
@ -502,14 +508,16 @@ int mbedtls_chachapoly_self_test( int verbose )
mbedtls_chachapoly_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

840
library/cipher.c
View File

File diff suppressed because it is too large Load Diff

139
library/cipher_wrap.c
View File

@ -84,10 +84,11 @@ static void *gcm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
}
return( ctx );
return ctx;
}
static void gcm_ctx_free(void *ctx)
@ -103,10 +104,11 @@ static void *ccm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
}
return( ctx );
return ctx;
}
static void ccm_ctx_free(void *ctx)
@ -172,8 +174,7 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
mbedtls_aes_xts_context *xts_ctx = ctx;
int mode;
switch( operation )
{
switch (operation) {
case MBEDTLS_ENCRYPT:
mode = MBEDTLS_AES_ENCRYPT;
break;
@ -205,12 +206,13 @@ static void * aes_ctx_alloc( void )
{
mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
if( aes == NULL )
return( NULL );
if (aes == NULL) {
return NULL;
}
mbedtls_aes_init(aes);
return( aes );
return aes;
}
static void aes_ctx_free(void *ctx)
@ -424,32 +426,34 @@ static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen);
}
static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen);
}
static void *xts_aes_ctx_alloc(void)
{
mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
if( xts_ctx != NULL )
if (xts_ctx != NULL) {
mbedtls_aes_xts_init(xts_ctx);
}
return( xts_ctx );
return xts_ctx;
}
static void xts_aes_ctx_free(void *ctx)
{
mbedtls_aes_xts_context *xts_ctx = ctx;
if( xts_ctx == NULL )
if (xts_ctx == NULL) {
return;
}
mbedtls_aes_xts_free(xts_ctx);
mbedtls_free(xts_ctx);
@ -701,12 +705,13 @@ static void * camellia_ctx_alloc( void )
mbedtls_camellia_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_camellia_init(ctx);
return( ctx );
return ctx;
}
static void camellia_ctx_free(void *ctx)
@ -1077,12 +1082,13 @@ static void * aria_ctx_alloc( void )
mbedtls_aria_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_aria_init(ctx);
return( ctx );
return ctx;
}
static void aria_ctx_free(void *ctx)
@ -1482,12 +1488,13 @@ static void * des_ctx_alloc( void )
{
mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
if( des == NULL )
return( NULL );
if (des == NULL) {
return NULL;
}
mbedtls_des_init(des);
return( des );
return des;
}
static void des_ctx_free(void *ctx)
@ -1501,12 +1508,13 @@ static void * des3_ctx_alloc( void )
mbedtls_des3_context *des3;
des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
if( des3 == NULL )
return( NULL );
if (des3 == NULL) {
return NULL;
}
mbedtls_des3_init(des3);
return( des3 );
return des3;
}
static void des3_ctx_free(void *ctx)
@ -1718,12 +1726,13 @@ static void * blowfish_ctx_alloc( void )
mbedtls_blowfish_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_blowfish_init(ctx);
return( ctx );
return ctx;
}
static void blowfish_ctx_free(void *ctx)
@ -1815,18 +1824,19 @@ static int arc4_crypt_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output)
{
return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
return mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output);
}
static int arc4_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
/* we get key_bitlen in bits, arc4 expects it in bytes */
if( key_bitlen % 8 != 0 )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen % 8 != 0) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
mbedtls_arc4_setup((mbedtls_arc4_context *) ctx, key, key_bitlen / 8);
return( 0 );
return 0;
}
static void *arc4_ctx_alloc(void)
@ -1834,12 +1844,13 @@ static void * arc4_ctx_alloc( void )
mbedtls_arc4_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_arc4_init(ctx);
return( ctx );
return ctx;
}
static void arc4_ctx_free(void *ctx)
@ -1892,13 +1903,15 @@ static const mbedtls_cipher_info_t arc4_128_info = {
static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen != 256U) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
static int chacha20_stream_wrap(void *ctx, size_t length,
@ -1908,10 +1921,11 @@ static int chacha20_stream_wrap( void *ctx, size_t length,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chacha20_update(ctx, length, input, output);
if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( ret );
return ret;
}
static void *chacha20_ctx_alloc(void)
@ -1919,12 +1933,13 @@ static void * chacha20_ctx_alloc( void )
mbedtls_chacha20_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_chacha20_init(ctx);
return( ctx );
return ctx;
}
static void chacha20_ctx_free(void *ctx)
@ -1977,13 +1992,15 @@ static int chachapoly_setkey_wrap( void *ctx,
const unsigned char *key,
unsigned int key_bitlen)
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key_bitlen != 256U) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
static void *chachapoly_ctx_alloc(void)
@ -1991,12 +2008,13 @@ static void * chachapoly_ctx_alloc( void )
mbedtls_chachapoly_context *ctx;
ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
if( ctx == NULL )
return( NULL );
if (ctx == NULL) {
return NULL;
}
mbedtls_chachapoly_init(ctx);
return( ctx );
return ctx;
}
static void chachapoly_ctx_free(void *ctx)
@ -2050,7 +2068,7 @@ static int null_crypt_stream( void *ctx, size_t length,
{
((void) ctx);
memmove(output, input, length);
return( 0 );
return 0;
}
static int null_setkey(void *ctx, const unsigned char *key,
@ -2060,12 +2078,12 @@ static int null_setkey( void *ctx, const unsigned char *key,
((void) key);
((void) key_bitlen);
return( 0 );
return 0;
}
static void *null_ctx_alloc(void)
{
return( (void *) 1 );
return (void *) 1;
}
static void null_ctx_free(void *ctx)
@ -2117,10 +2135,11 @@ static void *kw_ctx_alloc( void )
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
if( ctx != NULL )
if (ctx != NULL) {
mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
}
return( ctx );
return ctx;
}
static void kw_ctx_free(void *ctx)

308
library/cmac.c
View File

@ -73,21 +73,15 @@ static int cmac_multiply_by_u( unsigned char *output,
unsigned char overflow = 0x00;
int i;
if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
{
if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
R_n = R_128;
}
else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
{
} else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
R_n = R_64;
}
else
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
} else {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
for( i = (int)blocksize - 1; i >= 0; i-- )
{
for (i = (int) blocksize - 1; i >= 0; i--) {
output[i] = input[i] << 1 | overflow;
overflow = input[i] >> 7;
}
@ -108,7 +102,7 @@ static int cmac_multiply_by_u( unsigned char *output,
output[blocksize - 1] ^= R_n & mask;
return( 0 );
return 0;
}
/*
@ -128,22 +122,25 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
block_size = ctx->cipher_info->block_size;
/* Calculate Ek(0) */
if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
goto exit;
}
/*
* Generate K1 and K2
*/
if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) {
goto exit;
}
if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) {
goto exit;
}
exit:
mbedtls_platform_zeroize(L, sizeof(L));
return( ret );
return ret;
}
#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
@ -154,9 +151,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
{
size_t idx;
for( idx = 0; idx < block_size; idx++ )
for (idx = 0; idx < block_size; idx++) {
output[idx] = input1[idx] ^ input2[idx];
}
}
/*
* Create padded last block from (partial) last block.
@ -171,16 +169,16 @@ static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
{
size_t j;
for( j = 0; j < padded_block_len; j++ )
{
if( j < last_block_len )
for (j = 0; j < padded_block_len; j++) {
if (j < last_block_len) {
padded_block[j] = last_block[j];
else if( j == last_block_len )
} else if (j == last_block_len) {
padded_block[j] = 0x80;
else
} else {
padded_block[j] = 0x00;
}
}
}
int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits)
@ -189,31 +187,33 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
mbedtls_cmac_context_t *cmac_ctx;
int retval;
if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
return( retval );
MBEDTLS_ENCRYPT)) != 0) {
return retval;
}
type = ctx->cipher_info->type;
switch( type )
{
switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_AES_192_ECB:
case MBEDTLS_CIPHER_AES_256_ECB:
case MBEDTLS_CIPHER_DES_EDE3_ECB:
break;
default:
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/* Allocated and initialise in the cipher context memory for the CMAC
* context */
cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
if( cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
if (cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
}
ctx->cmac_ctx = cmac_ctx;
@ -231,8 +231,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
size_t n, j, olen, block_size;
if (ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
ctx->cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
ctx->cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
@ -241,8 +242,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Is there data still to process from the last call, that's greater in
* size than a block? */
if (cmac_ctx->unprocessed_len > 0 &&
ilen > block_size - cmac_ctx->unprocessed_len )
{
ilen > block_size - cmac_ctx->unprocessed_len) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
block_size - cmac_ctx->unprocessed_len);
@ -250,8 +250,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -265,21 +264,20 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
/* Iterate across the input data in block sized chunks, excluding any
* final partial or complete block */
for( j = 1; j < n; j++ )
{
for (j = 1; j < n; j++) {
cmac_xor_block(state, input, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
&olen)) != 0) {
goto exit;
}
ilen -= block_size;
input += block_size;
}
/* If there is data left over that wasn't aligned to a block */
if( ilen > 0 )
{
if (ilen > 0) {
memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
input,
ilen);
@ -287,7 +285,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
}
exit:
return( ret );
return ret;
}
int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
@ -302,8 +300,9 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
size_t olen, block_size;
if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
@ -316,13 +315,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
last_block = cmac_ctx->unprocessed_block;
/* Calculate last block */
if( cmac_ctx->unprocessed_len < block_size )
{
if (cmac_ctx->unprocessed_len < block_size) {
cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
cmac_xor_block(M_last, M_last, K2, block_size);
}
else
{
} else {
/* Last block is complete block */
cmac_xor_block(M_last, last_block, K1, block_size);
}
@ -330,8 +326,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
cmac_xor_block(state, M_last, state, block_size);
if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
&olen ) ) != 0 )
{
&olen)) != 0) {
goto exit;
}
@ -348,15 +343,16 @@ exit:
sizeof(cmac_ctx->unprocessed_block));
mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
return( ret );
return ret;
}
int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
{
mbedtls_cmac_context_t *cmac_ctx;
if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cmac_ctx = ctx->cmac_ctx;
@ -367,7 +363,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
mbedtls_platform_zeroize(cmac_ctx->state,
sizeof(cmac_ctx->state));
return( 0 );
return 0;
}
int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
@ -378,28 +374,32 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
mbedtls_cipher_context_t ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
mbedtls_cipher_init(&ctx);
if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_update(&ctx, input, ilen);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
ret = mbedtls_cipher_cmac_finish(&ctx, output);
exit:
mbedtls_cipher_free(&ctx);
return( ret );
return ret;
}
#if defined(MBEDTLS_AES_C)
@ -415,31 +415,29 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
if( key == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if (key == NULL || input == NULL || output == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
if( key_length == MBEDTLS_AES_BLOCK_SIZE )
{
if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
/* Use key as is */
memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
}
else
{
} else {
memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
key_length, int_key);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
}
ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len,
output);
@ -447,7 +445,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
exit:
mbedtls_platform_zeroize(int_key, sizeof(int_key));
return( ret );
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -508,7 +506,8 @@ static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
}
};
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
@ -549,7 +548,8 @@ static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
}
};
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
@ -591,7 +591,8 @@ static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
}
};
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
{
{
/* Example #1 */
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
@ -643,7 +644,8 @@ static const unsigned char des3_2key_subkeys[2][8] = {
0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
}
};
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
= {
{
/* Sample #1 */
0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
@ -681,7 +683,8 @@ static const unsigned char des3_3key_subkeys[2][8] = {
0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
}
};
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
= {
{
/* Sample #1 */
0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
@ -757,30 +760,28 @@ static int cmac_test_subkeys( int verbose,
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
for( i = 0; i < num_tests; i++ )
{
if( verbose != 0 )
for (i = 0; i < num_tests; i++) {
if (verbose != 0) {
mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1);
}
mbedtls_cipher_init(&ctx);
if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
{
if( verbose != 0 )
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
if (verbose != 0) {
mbedtls_printf("test execution failed\n");
}
goto cleanup;
}
if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_ENCRYPT)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 may be unavailable. This should not cause the selftest
@ -788,37 +789,40 @@ static int cmac_test_subkeys( int verbose,
if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
cipher_type == MBEDTLS_CIPHER_AES_192_ECB) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("skipped\n");
}
goto next_test;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("test execution failed\n");
}
goto cleanup;
}
ret = cmac_generate_subkeys(&ctx, K1, K2);
if( ret != 0 )
{
if( verbose != 0 )
if (ret != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto cleanup;
}
if ((ret = memcmp(K1, subkeys, block_size)) != 0 ||
( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
{
if( verbose != 0 )
(ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto cleanup;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
next_test:
mbedtls_cipher_free(&ctx);
@ -831,7 +835,7 @@ cleanup:
mbedtls_cipher_free(&ctx);
exit:
return( ret );
return ret;
}
static int cmac_test_wth_cipher(int verbose,
@ -850,21 +854,19 @@ static int cmac_test_wth_cipher( int verbose,
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if( cipher_info == NULL )
{
if (cipher_info == NULL) {
/* Failing at this point must be due to a build issue */
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
goto exit;
}
for( i = 0; i < num_tests; i++ )
{
if( verbose != 0 )
for (i = 0; i < num_tests; i++) {
if (verbose != 0) {
mbedtls_printf(" %s CMAC #%d: ", testname, i + 1);
}
if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
message_lengths[i], output ) ) != 0 )
{
message_lengths[i], output)) != 0) {
/* When CMAC is implemented by an alternative implementation, or
* the underlying primitive itself is implemented alternatively,
* AES-192 and/or 3DES may be unavailable. This should not cause
@ -873,30 +875,33 @@ static int cmac_test_wth_cipher( int verbose,
ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
(cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("skipped\n");
}
continue;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
{
if( verbose != 0 )
if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
ret = 0;
exit:
return( ret );
return ret;
}
#if defined(MBEDTLS_AES_C)
@ -906,25 +911,22 @@ static int test_aes128_cmac_prf( int verbose )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
for( i = 0; i < NB_PRF_TESTS; i++ )
{
for (i = 0; i < NB_PRF_TESTS; i++) {
mbedtls_printf(" AES CMAC 128 PRF #%d: ", i);
ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
if (ret != 0 ||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
{
memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("failed\n");
return( ret );
}
else if( verbose != 0 )
{
return ret;
} else if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
return( ret );
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -941,9 +943,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_128_subkeys,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -955,9 +956,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_128_expected_result,
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* AES-192 */
@ -968,9 +968,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_192_subkeys,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -982,9 +981,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_192_expected_result,
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* AES-256 */
@ -995,9 +993,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_256_subkeys,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1009,9 +1006,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) aes_256_expected_result,
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_AES_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
#endif /* MBEDTLS_AES_C */
@ -1024,9 +1020,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_2key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1038,9 +1033,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_2key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
/* 3DES 3 key */
@ -1051,9 +1045,8 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_3key_subkeys,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
if ((ret = cmac_test_wth_cipher(verbose,
@ -1065,21 +1058,22 @@ int mbedtls_cmac_self_test( int verbose )
(const unsigned char *) des3_3key_expected_result,
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_DES3_BLOCK_SIZE,
NB_CMAC_TESTS_PER_KEY ) ) != 0 )
{
return( ret );
NB_CMAC_TESTS_PER_KEY)) != 0) {
return ret;
}
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
return( ret );
if ((ret = test_aes128_cmac_prf(verbose)) != 0) {
return ret;
}
#endif /* MBEDTLS_AES_C */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

4
library/common.h
View File

@ -77,7 +77,7 @@
static inline unsigned char *mbedtls_buffer_offset(
unsigned char *p, size_t n)
{
return( p == NULL ? NULL : p + n );
return p == NULL ? NULL : p + n;
}
/** Return an offset into a read-only buffer.
@ -94,7 +94,7 @@ static inline unsigned char *mbedtls_buffer_offset(
static inline const unsigned char *mbedtls_buffer_offset_const(
const unsigned char *p, size_t n)
{
return( p == NULL ? NULL : p + n );
return p == NULL ? NULL : p + n;
}
/** Byte Reading Macros

99
library/constant_time.c
View File

@ -55,8 +55,7 @@ int mbedtls_ct_memcmp( const void *a,
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
{
for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@ -64,7 +63,7 @@ int mbedtls_ct_memcmp( const void *a,
diff |= x ^ y;
}
return( (int)diff );
return (int) diff;
}
unsigned mbedtls_ct_uint_mask(unsigned value)
@ -75,7 +74,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -91,7 +90,7 @@ size_t mbedtls_ct_size_mask( size_t value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -109,7 +108,7 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
return -((value | -value) >> (sizeof(value) * 8 - 1));
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
@ -143,13 +142,13 @@ static size_t mbedtls_ct_size_mask_lt( size_t x,
/* mask = (x < y) ? 0xff... : 0x00... */
const size_t mask = mbedtls_ct_size_mask(sub1);
return( mask );
return mask;
}
size_t mbedtls_ct_size_mask_ge(size_t x,
size_t y)
{
return( ~mbedtls_ct_size_mask_lt( x, y ) );
return ~mbedtls_ct_size_mask_lt(x, y);
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@ -169,7 +168,7 @@ unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
unsigned low_mask = ((unsigned) c - low) >> 8;
/* high_mask is: 0 if c <= high, 0x...ff if c > high */
unsigned high_mask = ((unsigned) high - c) >> 8;
return( ~( low_mask | high_mask ) & 0xff );
return ~(low_mask | high_mask) & 0xff;
}
#endif /* MBEDTLS_BASE64_C */
@ -197,7 +196,7 @@ unsigned mbedtls_ct_size_bool_eq( size_t x,
/* diff1 = (x != y) ? 1 : 0 */
const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
return( 1 ^ diff1 );
return 1 ^ diff1;
}
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
@ -217,7 +216,7 @@ static unsigned mbedtls_ct_size_gt( size_t x,
size_t y)
{
/* Return the sign bit (1 for negative) of (y - x). */
return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
return (y - x) >> (sizeof(size_t) * 8 - 1);
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
@ -259,7 +258,7 @@ unsigned mbedtls_ct_uint_if( unsigned condition,
unsigned if0)
{
unsigned mask = mbedtls_ct_uint_mask(condition);
return( ( mask & if1 ) | (~mask & if0 ) );
return (mask & if1) | (~mask & if0);
}
#if defined(MBEDTLS_BIGNUM_C)
@ -295,7 +294,7 @@ static int mbedtls_ct_cond_select_sign( unsigned char condition,
unsigned ur = (uif0 & ~mask) | (uif1 & mask);
/* ur is now 0 or 2, convert back to -1 or +1 */
return( (int) ur - 1 );
return (int) ur - 1;
}
void mbedtls_ct_mpi_uint_cond_assign(size_t n,
@ -319,9 +318,10 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,
#pragma warning( pop )
#endif
for( i = 0; i < n; i++ )
for (i = 0; i < n; i++) {
dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
#endif /* MBEDTLS_BIGNUM_C */
@ -338,7 +338,7 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
return( digit );
return digit;
}
signed char mbedtls_ct_base64_dec_value(unsigned char c)
@ -355,7 +355,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c )
val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
* a digit with the value v. */
return( val - 1 );
return val - 1;
}
#endif /* MBEDTLS_BASE64_C */
@ -384,16 +384,15 @@ static void mbedtls_ct_mem_move_to_left( void *start,
{
volatile unsigned char *buf = start;
size_t i, n;
if( total == 0 )
if (total == 0) {
return;
for( i = 0; i < total; i++ )
{
}
for (i = 0; i < total; i++) {
unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
for( n = 0; n < total - 1; n++ )
{
for (n = 0; n < total - 1; n++) {
unsigned char current = buf[n];
unsigned char next = buf[n+1];
buf[n] = mbedtls_ct_uint_if(no_op, current, next);
@ -416,9 +415,10 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
for( size_t i = 0; i < len; i++ )
for (size_t i = 0; i < len; i++) {
dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
void mbedtls_ct_memcpy_offset(unsigned char *dest,
const unsigned char *src,
@ -429,8 +429,7 @@ void mbedtls_ct_memcpy_offset( unsigned char *dest,
{
size_t offsetval;
for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
{
for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
offsetval, offset);
}
@ -495,17 +494,17 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
memset(output, '!', hash_size);
/* For each possible length, compute the hash up to that point */
for( offset = min_data_len; offset <= max_data_len; offset++ )
{
for (offset = min_data_len; offset <= max_data_len; offset++) {
MD_CHK(mbedtls_md_clone(&aux, ctx));
MD_CHK(mbedtls_md_finish(&aux, aux_out));
/* Keep only the correct inner_hash in the output buffer */
mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
offset, data_len_secret);
if( offset < max_data_len )
if (offset < max_data_len) {
MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
}
}
/* The context needs to finish() before it starts() again */
MD_CHK(mbedtls_md_finish(ctx, aux_out));
@ -523,7 +522,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
cleanup:
mbedtls_md_free(&aux);
return( ret );
return ret;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@ -564,11 +563,12 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
mbedtls_ct_mpi_uint_cond_assign(Y->n, X->p, Y->p, assign);
for( i = Y->n; i < X->n; i++ )
for (i = Y->n; i < X->n; i++) {
X->p[i] &= ~limb_mask;
}
cleanup:
return( ret );
return ret;
}
/*
@ -588,8 +588,9 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
MPI_VALIDATE_RET(X != NULL);
MPI_VALIDATE_RET(Y != NULL);
if( X == Y )
return( 0 );
if (X == Y) {
return 0;
}
/* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
limb_mask = mbedtls_ct_mpi_uint_mask(swap);
@ -602,15 +603,14 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
for( i = 0; i < X->n; i++ )
{
for (i = 0; i < X->n; i++) {
tmp = X->p[i];
X->p[i] = (X->p[i] & ~limb_mask) | (Y->p[i] & limb_mask);
Y->p[i] = (Y->p[i] & ~limb_mask) | (tmp & limb_mask);
}
cleanup:
return( ret );
return ret;
}
/*
@ -628,8 +628,9 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
MPI_VALIDATE_RET(Y != NULL);
MPI_VALIDATE_RET(ret != NULL);
if( X->n != Y->n )
if (X->n != Y->n) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
/*
* Set sign_N to 1 if N >= 0, 0 if N < 0.
@ -652,8 +653,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
*/
done = cond;
for( i = X->n; i > 0; i-- )
{
for (i = X->n; i > 0; i--) {
/*
* If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
* X and Y are negative.
@ -677,7 +677,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
done |= cond;
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_BIGNUM_C */
@ -717,22 +717,18 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* memory trace. The first byte must be 0. */
bad |= input[0];
if( mode == MBEDTLS_RSA_PRIVATE )
{
if (mode == MBEDTLS_RSA_PRIVATE) {
/* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
* where PS must be at least 8 nonzero bytes. */
bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count. */
for( i = 2; i < ilen; i++ )
{
for (i = 2; i < ilen; i++) {
pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
}
}
else
{
} else {
/* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
* where PS must be at least 8 bytes with the value 0xFF. */
bad |= input[1] ^ MBEDTLS_RSA_SIGN;
@ -740,8 +736,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
/* Read the whole buffer. Set pad_done to nonzero if we find
* the 0x00 byte and remember the padding length in pad_count.
* If there's a non-0xff byte in the padding, the padding is bad. */
for( i = 2; i < ilen; i++ )
{
for (i = 2; i < ilen; i++) {
pad_done |= mbedtls_ct_uint_if(input[i], 0, 1);
pad_count += mbedtls_ct_uint_if(pad_done, 0, 1);
bad |= mbedtls_ct_uint_if(pad_done, 0, input[i] ^ 0xFF);
@ -788,8 +783,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* avoid leaking the padding validity through overall timing or
* through memory or cache access patterns. */
bad = mbedtls_ct_uint_mask(bad | output_too_large);
for( i = 11; i < ilen; i++ )
for (i = 11; i < ilen; i++) {
input[i] &= ~bad;
}
/* If the plaintext is too large, truncate it to the buffer size.
* Copy anyway to avoid revealing the length through timing, because
@ -816,8 +812,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* user-provided output buffer), which is independent from plaintext
* length, validity of padding, success of the decryption, and other
* secrets. */
if( output_max_len != 0 )
if (output_max_len != 0) {
memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
}
/* Report the amount of data we copied to the output buffer. In case
* of errors (bad padding or output too large), the value of *olen
@ -825,7 +822,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
* to the good case limits the risks of leaking the padding validity. */
*olen = plaintext_size;
return( ret );
return ret;
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */

278
library/ctr_drbg.c
View File

@ -57,13 +57,15 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
*/
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_THREADING_C)
/* The mutex is initialized iff f_entropy is set. */
if( ctx->f_entropy != NULL )
if (ctx->f_entropy != NULL) {
mbedtls_mutex_free(&ctx->mutex);
}
#endif
mbedtls_aes_free(&ctx->aes_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
@ -88,17 +90,20 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
{
/* If mbedtls_ctr_drbg_seed() has already been called, it's
* too late. Return the error code that's closest to making sense. */
if( ctx->f_entropy != NULL )
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (ctx->f_entropy != NULL) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
#if SIZE_MAX > INT_MAX
/* This shouldn't be an issue because
* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
* configuration, but make sure anyway. */
if( len > INT_MAX )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (len > INT_MAX) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
#endif
/* For backward compatibility with Mbed TLS <= 2.19, store the
@ -106,7 +111,7 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
* used until after the initial seeding. */
/* Due to the capping of len above, the value fits in an int. */
ctx->reseed_counter = (int) len;
return( 0 );
return 0;
}
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
@ -130,8 +135,9 @@ static int block_cipher_df( unsigned char *output,
int i, j;
size_t buf_len, use_len;
if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
@ -153,35 +159,33 @@ static int block_cipher_df( unsigned char *output,
buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) {
key[i] = i;
}
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
/*
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
*/
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
p = buf;
memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
use_len = buf_len;
while( use_len > 0 )
{
for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
while (use_len > 0) {
for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++) {
chain[i] ^= p[i];
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
chain, chain ) ) != 0 )
{
chain, chain)) != 0) {
goto exit;
}
}
@ -198,18 +202,15 @@ static int block_cipher_df( unsigned char *output,
* Do final encryption with reduced data
*/
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
p = output;
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
iv, iv ) ) != 0 )
{
iv, iv)) != 0) {
goto exit;
}
memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
@ -224,15 +225,14 @@ exit:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(chain, sizeof(chain));
if( 0 != ret )
{
if (0 != ret) {
/*
* wipe partial seed from memory
*/
mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN);
}
return( ret );
return ret;
}
/* CTR_DRBG_Update (SP 800-90A &sect;10.2.1.2)
@ -253,36 +253,36 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
/*
* Increase counter
*/
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
if (++ctx->counter[i - 1] != 0) {
break;
}
}
/*
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, p ) ) != 0 )
{
ctx->counter, p)) != 0) {
goto exit;
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
tmp[i] ^= data[i];
}
/*
* Update key and counter
*/
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
@ -290,7 +290,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
exit:
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return( ret );
return ret;
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@ -312,17 +312,20 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( add_len == 0 )
return( 0 );
if (add_len == 0) {
return 0;
}
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
}
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
exit:
mbedtls_platform_zeroize(add_input, sizeof(add_input));
return( ret );
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -332,8 +335,9 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
{
/* MAX_INPUT would be more logical here, but we have to match
* block_cipher_df()'s limits since we can't propagate errors */
if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
}
(void) mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -360,57 +364,58 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
size_t seedlen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
/* Gather entropy_len bytes of entropy to seed state. */
if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += ctx->entropy_len;
/* Gather entropy for a nonce if requested. */
if( nonce_len != 0 )
{
if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if (nonce_len != 0) {
if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
}
seedlen += nonce_len;
}
/* Add additional data if provided. */
if( additional != NULL && len != 0 )
{
if (additional != NULL && len != 0) {
memcpy(seed + seedlen, additional, len);
seedlen += len;
}
/* Reduce to 384 bits. */
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) {
goto exit;
}
/* Update state. */
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {
goto exit;
}
ctx->reseed_counter = 1;
exit:
mbedtls_platform_zeroize(seed, sizeof(seed));
return( ret );
return ret;
}
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len)
{
return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);
}
/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
@ -420,10 +425,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
* the nonce, don't make a second call to get a nonce. */
static size_t good_nonce_len(size_t entropy_len)
{
if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
return( 0 );
else
return( ( entropy_len + 1 ) / 2 );
if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) {
return 0;
} else {
return (entropy_len + 1) / 2;
}
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@ -459,8 +465,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
if( ctx->entropy_len == 0 )
if (ctx->entropy_len == 0) {
ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
}
/* ctx->reseed_counter contains the desired amount of entropy to
* grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
* If it's -1, indicating that the entropy nonce length was not set
@ -471,18 +478,16 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
/* Initialize with an empty key. */
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
return ret;
}
/* Do the initial seeding. */
if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
nonce_len ) ) != 0 )
{
return( ret );
nonce_len)) != 0) {
return ret;
}
return( 0 );
return 0;
}
/* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
@ -516,47 +521,48 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
int i;
size_t use_len;
if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG;
}
if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
if (ctx->reseed_counter > ctx->reseed_interval ||
ctx->prediction_resistance )
{
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
{
return( ret );
ctx->prediction_resistance) {
if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
return ret;
}
add_len = 0;
}
if( add_len > 0 )
{
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
goto exit;
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
if (add_len > 0) {
if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
goto exit;
}
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
}
while( output_len > 0 )
{
while (output_len > 0) {
/*
* Increase counter
*/
for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
if (++ctx->counter[i - 1] != 0) {
break;
}
}
/*
* Crypt counter block
*/
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, tmp ) ) != 0 )
{
ctx->counter, tmp)) != 0) {
goto exit;
}
@ -570,15 +576,16 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
output_len -= use_len;
}
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
goto exit;
}
ctx->reseed_counter++;
exit:
mbedtls_platform_zeroize(add_input, sizeof(add_input));
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return( ret );
return ret;
}
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
@ -588,18 +595,20 @@ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
return ret;
}
#endif
ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
return( ret );
return ret;
}
#if defined(MBEDTLS_FS_IO)
@ -610,20 +619,19 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
FILE *f;
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
if ((f = fopen(path, "wb")) == NULL) {
return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
if ((ret = mbedtls_ctr_drbg_random(ctx, buf,
MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) {
goto exit;
}
if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
MBEDTLS_CTR_DRBG_MAX_INPUT )
{
MBEDTLS_CTR_DRBG_MAX_INPUT) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
else
{
} else {
ret = 0;
}
@ -631,7 +639,7 @@ exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
fclose(f);
return( ret );
return ret;
}
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
@ -643,17 +651,16 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
unsigned char c;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
if ((f = fopen(path, "rb")) == NULL) {
return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
}
n = fread(buf, 1, sizeof(buf), f);
if( fread( &c, 1, 1, f ) != 0 )
{
if (fread(&c, 1, 1, f) != 0) {
ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
goto exit;
}
if( n == 0 || ferror( f ) )
{
if (n == 0 || ferror(f)) {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;
}
@ -664,11 +671,13 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
exit:
mbedtls_platform_zeroize(buf, sizeof(buf));
if( f != NULL )
if (f != NULL) {
fclose(f);
if( ret != 0 )
return( ret );
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
}
if (ret != 0) {
return ret;
}
return mbedtls_ctr_drbg_write_seed_file(ctx, path);
}
#endif /* MBEDTLS_FS_IO */
@ -811,14 +820,14 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
const unsigned char *p = data;
memcpy(buf, p + test_offset, len);
test_offset += len;
return( 0 );
return 0;
}
#define CHK(c) if ((c) != 0) \
{ \
if (verbose != 0) \
mbedtls_printf("failed\n"); \
return( 1 ); \
return 1; \
}
#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
@ -836,8 +845,9 @@ int mbedtls_ctr_drbg_self_test( int verbose )
/*
* Based on a NIST CTR_DRBG test vector (PR = True)
*/
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CTR_DRBG (PR = TRUE) : ");
}
test_offset = 0;
mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
@ -853,14 +863,16 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_ctr_drbg_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
/*
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
*/
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" CTR_DRBG (PR = FALSE): ");
}
mbedtls_ctr_drbg_init(&ctx);
@ -878,13 +890,15 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_ctr_drbg_free(&ctx);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( 0 );
return 0;
}
#endif /* MBEDTLS_SELF_TEST */

97
library/debug.c
View File

@ -72,8 +72,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -81,8 +80,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
{
if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
str[ret] = '\n';
str[ret + 1] = '\0';
}
@ -99,8 +97,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -109,8 +106,9 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
* the logs would be quickly flooded with WANT_READ, so ignore that.
* Don't ignore WANT_WRITE however, since is is usually rare.
*/
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
return;
}
mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n",
text, ret, (unsigned int) -ret);
@ -129,8 +127,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -141,15 +138,13 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx = 0;
memset(txt, 0, sizeof(txt));
for( i = 0; i < len; i++ )
{
if( i >= 4096 )
for (i = 0; i < len; i++) {
if (i >= 4096) {
break;
}
if( i % 16 == 0 )
{
if( i > 0 )
{
if (i % 16 == 0) {
if (i > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
@ -167,10 +162,10 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
}
if( len > 0 )
{
for( /* i = i */; i % 16 != 0; i++ )
if (len > 0) {
for (/* i = i */; i % 16 != 0; i++) {
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
}
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
@ -187,8 +182,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -213,8 +207,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
@ -224,16 +217,12 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
text, (unsigned) bitlen);
debug_send_line(ssl, level, file, line, str);
if( bitlen == 0 )
{
if (bitlen == 0) {
str[0] = ' '; str[1] = '0'; str[2] = '0';
idx = 3;
}
else
{
} else {
int n;
for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
{
for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
unsigned char octet =
@ -241,8 +230,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
if( idx >= 3 * 16 )
{
if (idx >= 3 * 16) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
idx = 0;
@ -250,8 +238,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
}
}
if( idx != 0 )
{
if (idx != 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
}
@ -269,31 +256,30 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
memset(items, 0, sizeof(items));
if( mbedtls_pk_debug( pk, items ) != 0 )
{
if (mbedtls_pk_debug(pk, items) != 0) {
debug_send_line(ssl, level, file, line,
"invalid PK context\n");
return;
}
for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
{
if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
return;
}
mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
name[sizeof(name) - 1] = '\0';
if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
else
} else
#if defined(MBEDTLS_ECP_C)
if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
else
} else
#endif
debug_send_line( ssl, level, file, line,
"should not happen\n" );
{ debug_send_line(ssl, level, file, line,
"should not happen\n"); }
}
}
@ -304,13 +290,12 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
const char *start, *cur;
start = text;
for( cur = text; *cur != '\0'; cur++ )
{
if( *cur == '\n' )
{
for (cur = text; *cur != '\0'; cur++) {
if (*cur == '\n') {
size_t len = cur - start + 1;
if( len > DEBUG_BUF_SIZE - 1 )
if (len > DEBUG_BUF_SIZE - 1) {
len = DEBUG_BUF_SIZE - 1;
}
memcpy(str, start, len);
str[len] = '\0';
@ -333,13 +318,11 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == crt ||
level > debug_threshold )
{
level > debug_threshold) {
return;
}
while( crt != NULL )
{
while (crt != NULL) {
char buf[1024];
mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
@ -368,8 +351,7 @@ static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
#endif
switch( attr )
{
switch (attr) {
case MBEDTLS_DEBUG_ECDH_Q:
mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
&ctx->Q);
@ -395,8 +377,7 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
#else
switch( ecdh->var )
{
switch (ecdh->var) {
default:
mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
attr);

259
library/des.c
View File

@ -281,8 +281,9 @@ void mbedtls_des_init( mbedtls_des_context *ctx )
void mbedtls_des_free(mbedtls_des_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
}
@ -294,30 +295,40 @@ void mbedtls_des3_init( mbedtls_des3_context *ctx )
void mbedtls_des3_free(mbedtls_des3_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
70, 73, 74, 76, 79, 81,
82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
104, 107, 109, 110, 112,
115, 117, 118, 121, 122, 124, 127, 128, 131,
133, 134, 137, 138, 140,
143, 145, 146, 148, 151, 152, 155, 157, 158,
161, 162, 164, 167, 168,
171, 173, 174, 176, 179, 181, 182, 185, 186,
188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214,
217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242,
244, 247, 248, 251, 253,
254 };
void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
{
int i;
for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
key[i] = odd_parity_table[key[i] / 2];
}
}
/*
* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
@ -326,11 +337,13 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
{
int i;
for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
if( key[i] != odd_parity_table[key[i] / 2] )
return( 1 );
for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
if (key[i] != odd_parity_table[key[i] / 2]) {
return 1;
}
}
return( 0 );
return 0;
}
/*
@ -381,11 +394,13 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
{
int i;
for( i = 0; i < WEAK_KEY_COUNT; i++ )
if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
return( 1 );
for (i = 0; i < WEAK_KEY_COUNT; i++) {
if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
return 1;
}
}
return( 0 );
return 0;
}
#if !defined(MBEDTLS_DES_SETKEY_ALT)
@ -419,15 +434,11 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
/*
* calculate subkeys
*/
for( i = 0; i < 16; i++ )
{
if( i < 2 || i == 8 || i == 15 )
{
for (i = 0; i < 16; i++) {
if (i < 2 || i == 8 || i == 15) {
X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
}
else
{
} else {
X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
}
@ -466,7 +477,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
{
mbedtls_des_setkey(ctx->sk, key);
return( 0 );
return 0;
}
/*
@ -478,13 +489,12 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
mbedtls_des_setkey(ctx->sk, key);
for( i = 0; i < 16; i += 2 )
{
for (i = 0; i < 16; i += 2) {
SWAP(ctx->sk[i], ctx->sk[30 - i]);
SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
}
return( 0 );
return 0;
}
static void des3_set2key(uint32_t esk[96],
@ -496,8 +506,7 @@ static void des3_set2key( uint32_t esk[96],
mbedtls_des_setkey(esk, key);
mbedtls_des_setkey(dsk + 32, key + 8);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i] = esk[30 - i];
dsk[i + 1] = esk[31 - i];
@ -523,7 +532,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
des3_set2key(ctx->sk, sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -537,7 +546,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
des3_set2key(sk, ctx->sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
static void des3_set3key(uint32_t esk[96],
@ -550,8 +559,7 @@ static void des3_set3key( uint32_t esk[96],
mbedtls_des_setkey(dsk + 32, key + 8);
mbedtls_des_setkey(esk + 64, key + 16);
for( i = 0; i < 32; i += 2 )
{
for (i = 0; i < 32; i += 2) {
dsk[i] = esk[94 - i];
dsk[i + 1] = esk[95 - i];
@ -574,7 +582,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
des3_set3key(ctx->sk, sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -588,7 +596,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
des3_set3key(sk, ctx->sk, key);
mbedtls_platform_zeroize(sk, sizeof(sk));
return( 0 );
return 0;
}
/*
@ -609,8 +617,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -620,7 +627,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
MBEDTLS_PUT_UINT32_BE(Y, output, 0);
MBEDTLS_PUT_UINT32_BE(X, output, 4);
return( 0 );
return 0;
}
#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
@ -639,37 +646,37 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
if (length % 8) {
return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
for( i = 0; i < 8; i++ )
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
ret = mbedtls_des_crypt_ecb(ctx, output, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
ret = mbedtls_des_crypt_ecb(ctx, input, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 8);
@ -681,7 +688,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
ret = 0;
exit:
return( ret );
return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -703,20 +710,17 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
DES_IP(X, Y);
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(X, Y);
DES_ROUND(Y, X);
}
for( i = 0; i < 8; i++ )
{
for (i = 0; i < 8; i++) {
DES_ROUND(Y, X);
DES_ROUND(X, Y);
}
@ -726,7 +730,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
MBEDTLS_PUT_UINT32_BE(Y, output, 0);
MBEDTLS_PUT_UINT32_BE(X, output, 4);
return( 0 );
return 0;
}
#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
@ -745,37 +749,37 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
if (length % 8) {
return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
}
if( mode == MBEDTLS_DES_ENCRYPT )
{
while( length > 0 )
{
for( i = 0; i < 8; i++ )
if (mode == MBEDTLS_DES_ENCRYPT) {
while (length > 0) {
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (input[i] ^ iv[i]);
}
ret = mbedtls_des3_crypt_ecb(ctx, output, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
memcpy(iv, output, 8);
input += 8;
output += 8;
length -= 8;
}
}
else /* MBEDTLS_DES_DECRYPT */
{
while( length > 0 )
{
} else { /* MBEDTLS_DES_DECRYPT */
while (length > 0) {
memcpy(temp, input, 8);
ret = mbedtls_des3_crypt_ecb(ctx, input, output);
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( i = 0; i < 8; i++ )
for (i = 0; i < 8; i++) {
output[i] = (unsigned char) (output[i] ^ iv[i]);
}
memcpy(iv, temp, 8);
@ -787,7 +791,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
ret = 0;
exit:
return( ret );
return ret;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -865,20 +869,19 @@ int mbedtls_des_self_test( int verbose )
/*
* ECB mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DES%c-ECB-%3d (%s): ",
(u == 0) ? ' ' : '3', 56 + u * 56,
(v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -904,60 +907,63 @@ int mbedtls_des_self_test( int verbose )
break;
default:
return( 1 );
return 1;
}
if( ret != 0 )
if (ret != 0) {
goto exit;
}
for( j = 0; j < 100; j++ )
{
if( u == 0 )
for (j = 0; j < 100; j++) {
if (u == 0) {
ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
}
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* CBC mode
*/
for( i = 0; i < 6; i++ )
{
for (i = 0; i < 6; i++) {
u = i >> 1;
v = i & 1;
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DES%c-CBC-%3d (%s): ",
(u == 0) ? ' ' : '3', 56 + u * 56,
(v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
}
memcpy(iv, des3_test_iv, 8);
memcpy(prv, des3_test_iv, 8);
memcpy(buf, des3_test_buf, 8);
switch( i )
{
switch (i) {
case 0:
ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
break;
@ -983,35 +989,35 @@ int mbedtls_des_self_test( int verbose )
break;
default:
return( 1 );
return 1;
}
if( ret != 0 )
if (ret != 0) {
goto exit;
}
if( v == MBEDTLS_DES_DECRYPT )
{
for( j = 0; j < 100; j++ )
{
if( u == 0 )
if (v == MBEDTLS_DES_DECRYPT) {
for (j = 0; j < 100; j++) {
if (u == 0) {
ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
}
else
{
for( j = 0; j < 100; j++ )
{
} else {
for (j = 0; j < 100; j++) {
unsigned char tmp[8];
if( u == 0 )
if (u == 0) {
ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
else
} else {
ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
if( ret != 0 )
}
if (ret != 0) {
goto exit;
}
memcpy(tmp, prv, 8);
memcpy(prv, buf, 8);
@ -1024,30 +1030,33 @@ int mbedtls_des_self_test( int verbose )
if ((v == MBEDTLS_DES_DECRYPT &&
memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
(v != MBEDTLS_DES_DECRYPT &&
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
exit:
mbedtls_des_free(&ctx);
mbedtls_des3_free(&ctx3);
if( ret != 0 )
if (ret != 0) {
ret = 1;
return( ret );
}
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

240
library/dhm.c
View File

@ -61,21 +61,24 @@ static int dhm_read_bignum( mbedtls_mpi *X,
{
int ret, n;
if( end - *p < 2 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (end - *p < 2) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
n = ((*p)[0] << 8) | (*p)[1];
(*p) += 2;
if( (int)( end - *p ) < n )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if ((int) (end - *p) < n) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret);
}
(*p) += n;
return( 0 );
return 0;
}
/*
@ -100,14 +103,13 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
if (mbedtls_mpi_cmp_int(param, 2) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
mbedtls_mpi_cmp_mpi(param, &U) > 0) {
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
mbedtls_mpi_free(&U);
return( ret );
return ret;
}
void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
@ -130,15 +132,17 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
if ((ret = dhm_read_bignum(&ctx->P, p, end)) != 0 ||
(ret = dhm_read_bignum(&ctx->G, p, end)) != 0 ||
( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
return( ret );
(ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) {
return ret;
}
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
return ret;
}
ctx->len = mbedtls_mpi_size(&ctx->P);
return( 0 );
return 0;
}
/*
@ -153,7 +157,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));
cleanup:
return( ret );
return ret;
}
static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size,
@ -162,23 +166,24 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
{
int ret = 0;
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( x_size < 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
else
{
if (x_size < 0) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) {
MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
} else {
/* Generate X as large as possible ( <= P - 2 ) */
ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng);
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
if( ret != 0 )
return( ret );
if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED;
}
if (ret != 0) {
return ret;
}
}
/*
@ -187,11 +192,12 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
&ctx->P, &ctx->RP));
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) {
return ret;
}
cleanup:
return( ret );
return ret;
}
/*
@ -211,8 +217,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
DHM_VALIDATE_RET(f_rng != NULL);
ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
if( ret != 0 )
if (ret != 0) {
goto cleanup;
}
/*
* Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
@ -242,9 +249,10 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
ctx->len = n1;
cleanup:
if( ret != 0 && ret > -128 )
if (ret != 0 && ret > -128) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret);
return( ret );
}
return ret;
}
/*
@ -260,13 +268,12 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(G != NULL);
if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
{
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
(ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret);
}
ctx->len = mbedtls_mpi_size(&ctx->P);
return( 0 );
return 0;
}
/*
@ -279,13 +286,15 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(ctx != NULL);
DHM_VALIDATE_RET(input != NULL);
if( ilen < 1 || ilen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (ilen < 1 || ilen > ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret);
}
return( 0 );
return 0;
}
/*
@ -301,21 +310,25 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
DHM_VALIDATE_RET(output != NULL);
DHM_VALIDATE_RET(f_rng != NULL);
if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (olen < 1 || olen > ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
if( ret != 0 )
if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) {
return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED;
}
if (ret != 0) {
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));
cleanup:
if( ret != 0 && ret > -128 )
if (ret != 0 && ret > -128) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret);
return( ret );
}
return ret;
}
@ -337,28 +350,26 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* Don't use any blinding the first time a particular X is used,
* but remember it to use blinding next time.
*/
if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
return( 0 );
return 0;
}
/*
* Ok, we need blinding. Can we re-use existing values?
* If yes, just update them by squaring them.
*/
if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
{
if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
return( 0 );
return 0;
}
/*
@ -383,7 +394,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
cleanup:
mbedtls_mpi_free(&R);
return( ret );
return ret;
}
/*
@ -400,31 +411,31 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET(output != NULL);
DHM_VALIDATE_RET(olen != NULL);
if( output_size < ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if (output_size < ctx->len) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
return ret;
}
mbedtls_mpi_init(&GYb);
/* Blind peer's value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));
}
else
} else {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY));
}
/* Do modular exponentiation */
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X,
&ctx->P, &ctx->RP));
/* Unblind secret value */
if( f_rng != NULL )
{
if (f_rng != NULL) {
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));
}
@ -437,10 +448,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
cleanup:
mbedtls_mpi_free(&GYb);
if( ret != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
if (ret != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret);
}
return( 0 );
return 0;
}
/*
@ -448,8 +460,9 @@ cleanup:
*/
void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->pX);
mbedtls_mpi_free(&ctx->Vf);
@ -486,23 +499,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
mbedtls_pem_init(&pem);
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
} else {
ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN DH PARAMETERS-----",
"-----END DH PARAMETERS-----",
dhmin, NULL, 0, &dhminlen);
}
if( ret == 0 )
{
if (ret == 0) {
/*
* Was PEM encoded
*/
dhminlen = pem.buflen;
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
goto exit;
}
p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
#else
@ -518,8 +531,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
* }
*/
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
@ -527,27 +539,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
end = p + len;
if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
if( p != end )
{
if (p != end) {
/* This might be the optional privateValueLength.
* If so, we can cleanly discard it */
mbedtls_mpi rec;
mbedtls_mpi_init(&rec);
ret = mbedtls_asn1_get_mpi(&p, end, &rec);
mbedtls_mpi_free(&rec);
if ( ret != 0 )
{
if (ret != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
goto exit;
}
if ( p != end )
{
if (p != end) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto exit;
@ -562,10 +570,11 @@ exit:
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_free(&pem);
#endif
if( ret != 0 )
if (ret != 0) {
mbedtls_dhm_free(dhm);
}
return( ret );
return ret;
}
#if defined(MBEDTLS_FS_IO)
@ -581,44 +590,43 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
FILE *f;
long size;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
if ((f = fopen(path, "rb")) == NULL) {
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fseek(f, 0, SEEK_END);
if( ( size = ftell( f ) ) == -1 )
{
if ((size = ftell(f)) == -1) {
fclose(f);
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fseek(f, 0, SEEK_SET);
*n = (size_t) size;
if (*n + 1 == 0 ||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
{
(*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
fclose(f);
return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
return MBEDTLS_ERR_DHM_ALLOC_FAILED;
}
if( fread( *buf, 1, *n, f ) != *n )
{
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
mbedtls_platform_zeroize(*buf, *n + 1);
mbedtls_free(*buf);
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
fclose(f);
(*buf)[*n] = '\0';
if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
++*n;
}
return( 0 );
return 0;
}
/*
@ -632,15 +640,16 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
DHM_VALIDATE_RET(dhm != NULL);
DHM_VALIDATE_RET(path != NULL);
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
if ((ret = load_file(path, &buf, &n)) != 0) {
return ret;
}
ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
mbedtls_platform_zeroize(buf, n);
mbedtls_free(buf);
return( ret );
return ret;
}
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
@ -668,7 +677,8 @@ static const char mbedtls_test_dhm_params[] = {
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
};
#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
@ -683,27 +693,29 @@ int mbedtls_dhm_self_test( int verbose )
mbedtls_dhm_init(&dhm);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" DHM parameter load: ");
}
if ((ret = mbedtls_dhm_parse_dhm(&dhm,
(const unsigned char *) mbedtls_test_dhm_params,
mbedtls_test_dhm_params_len ) ) != 0 )
{
if( verbose != 0 )
mbedtls_test_dhm_params_len)) != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
goto exit;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n\n");
}
exit:
mbedtls_dhm_free(&dhm);
return( ret );
return ret;
}
#endif /* MBEDTLS_SELF_TEST */

262
library/ecdh.c
View File

@ -48,9 +48,9 @@ static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx)
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ctx->grp.id );
return ctx->grp.id;
#else
return( ctx->grp_id );
return ctx->grp_id;
#endif
}
@ -58,7 +58,7 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
{
/* At this time, all groups support ECDH. */
(void) gid;
return( 1 );
return 1;
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@ -82,14 +82,15 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
#endif
/* If multiplication is in progress, we already generated a privkey */
if( !restarting )
if (!restarting) {
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
}
MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
f_rng, p_rng, rs_ctx));
cleanup:
return( ret );
return ret;
}
/*
@ -103,7 +104,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
ECDH_VALIDATE_RET(d != NULL);
ECDH_VALIDATE_RET(Q != NULL);
ECDH_VALIDATE_RET(f_rng != NULL);
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@ -126,8 +127,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
f_rng, p_rng, rs_ctx));
if( mbedtls_ecp_is_zero( &P ) )
{
if (mbedtls_ecp_is_zero(&P)) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -137,7 +137,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
cleanup:
mbedtls_ecp_point_free(&P);
return( ret );
return ret;
}
/*
@ -152,8 +152,8 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
ECDH_VALIDATE_RET(Q != NULL);
ECDH_VALIDATE_RET(d != NULL);
ECDH_VALIDATE_RET(z != NULL);
return( ecdh_compute_shared_restartable( grp, z, Q, d,
f_rng, p_rng, NULL ) );
return ecdh_compute_shared_restartable(grp, z, Q, d,
f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
@ -199,12 +199,11 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
if( ret != 0 )
{
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
if (ret != 0) {
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
return( 0 );
return 0;
}
/*
@ -215,23 +214,22 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
ECDH_VALIDATE_RET(ctx != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
return ecdh_setup_internal(ctx, grp_id);
#else
switch( grp_id )
{
switch (grp_id) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
ctx->grp_id = grp_id;
return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id);
#endif
default:
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
ctx->grp_id = grp_id;
ecdh_init_internal(&ctx->ctx.mbed_ecdh);
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id);
}
#endif
}
@ -266,8 +264,9 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
*/
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_point_free(&ctx->Vi);
@ -275,8 +274,7 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
mbedtls_mpi_free(&ctx->_d);
ecdh_free_internal(ctx);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
mbedtls_everest_free(&ctx->ctx.everest_ecdh);
@ -310,12 +308,14 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
@ -323,27 +323,31 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng, rs_ctx ) ) != 0 )
return( ret );
f_rng, p_rng, rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
blen ) ) != 0 )
return( ret );
blen)) != 0) {
return ret;
}
buf += grp_len;
blen -= grp_len;
if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
&pt_len, buf, blen ) ) != 0 )
return( ret );
&pt_len, buf, blen)) != 0) {
return ret;
}
*olen = grp_len + pt_len;
return( 0 );
return 0;
}
/*
@ -371,21 +375,20 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled ) );
return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -396,8 +399,8 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char **buf,
const unsigned char *end)
{
return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
end - *buf ) );
return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
end - *buf);
}
/*
@ -419,25 +422,26 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(end != NULL);
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
!= 0 )
return( ret );
!= 0) {
return ret;
}
if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
return( ret );
if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) {
return ret;
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_params_internal( ctx, buf, end ) );
return ecdh_read_params_internal(ctx, buf, end);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
buf, end) );
return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
buf, end);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
buf, end ) );
return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
buf, end);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -451,18 +455,21 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If it's not our key, just import the public part as Qp */
if( side == MBEDTLS_ECDH_THEIRS )
return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
if (side == MBEDTLS_ECDH_THEIRS) {
return mbedtls_ecp_copy(&ctx->Qp, &key->Q);
}
/* Our key: import public (as Q) and private parts */
if( side != MBEDTLS_ECDH_OURS )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (side != MBEDTLS_ECDH_OURS) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
return( ret );
(ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) {
return ret;
}
return( 0 );
return 0;
}
/*
@ -478,40 +485,38 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS);
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) {
return ret;
}
else
{
} else {
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_get_params_internal( ctx, key, side ) );
return ecdh_get_params_internal(ctx, key, side);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
{
mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
MBEDTLS_EVEREST_ECDH_OURS :
MBEDTLS_EVEREST_ECDH_THEIRS;
return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
key, s) );
return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
key, s);
}
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
key, side ) );
return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
key, side);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -532,24 +537,28 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng, rs_ctx ) ) != 0 )
return( ret );
f_rng, p_rng, rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
@ -575,21 +584,20 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled ) );
return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
f_rng, p_rng, restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -603,13 +611,15 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *p = buf;
if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
blen ) ) != 0 )
return( ret );
blen)) != 0) {
return ret;
}
if( (size_t)( p - buf ) != blen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if ((size_t) (p - buf) != blen) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
/*
@ -622,18 +632,17 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET(buf != NULL);
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_public_internal( ctx, buf, blen ) );
return ecdh_read_public_internal(ctx, buf, blen);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
buf, blen ) );
return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
buf, blen);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, blen ) );
return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
buf, blen);
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -654,12 +663,14 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
if( ctx == NULL || ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (ctx == NULL || ctx->grp.pbits == 0) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( restart_enabled )
if (restart_enabled) {
rs_ctx = &ctx->rs;
}
#else
(void) restart_enabled;
#endif
@ -667,25 +678,25 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
#if defined(MBEDTLS_ECP_RESTARTABLE)
if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng,
rs_ctx ) ) != 0 )
{
return( ret );
rs_ctx)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
&ctx->d, f_rng, p_rng ) ) != 0 )
{
return( ret );
&ctx->d, f_rng, p_rng)) != 0) {
return ret;
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
if( mbedtls_mpi_size( &ctx->z ) > blen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (mbedtls_mpi_size(&ctx->z) > blen) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
*olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
}
return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
}
@ -708,22 +719,21 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
restart_enabled ) );
return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
restart_enabled);
#else
switch( ctx->var )
{
switch (ctx->var) {
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng ) );
return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
buf, blen, f_rng, p_rng);
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
blen, f_rng, p_rng,
restart_enabled ) );
restart_enabled);
default:
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}

201
library/ecdsa.c
View File

@ -52,8 +52,7 @@
/*
* Sub-context for ecdsa_verify()
*/
struct mbedtls_ecdsa_restart_ver
{
struct mbedtls_ecdsa_restart_ver {
mbedtls_mpi u1, u2; /* intermediate values */
enum { /* what to do next? */
ecdsa_ver_init = 0, /* getting started */
@ -76,8 +75,9 @@ static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
*/
static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->u1);
mbedtls_mpi_free(&ctx->u2);
@ -88,8 +88,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
/*
* Sub-context for ecdsa_sign()
*/
struct mbedtls_ecdsa_restart_sig
{
struct mbedtls_ecdsa_restart_sig {
int sign_tries;
int key_tries;
mbedtls_mpi k; /* per-signature random */
@ -118,8 +117,9 @@ static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
*/
static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_mpi_free(&ctx->k);
mbedtls_mpi_free(&ctx->r);
@ -129,8 +129,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
/*
* Sub-context for ecdsa_sign_det()
*/
struct mbedtls_ecdsa_restart_det
{
struct mbedtls_ecdsa_restart_det {
mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */
enum { /* what to do next? */
ecdsa_det_init = 0, /* getting started */
@ -152,8 +151,9 @@ static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
*/
static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_hmac_drbg_free(&ctx->rng_ctx);
@ -179,7 +179,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
{ \
rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \
if (rs_ctx->SUB == NULL) \
return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
return MBEDTLS_ERR_ECP_ALLOC_FAILED; \
\
ecdsa_restart_## SUB ##_init(rs_ctx->SUB); \
} \
@ -226,15 +226,17 @@ static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
size_t use_size = blen > n_size ? n_size : blen;
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size));
if( use_size * 8 > grp->nbits )
if (use_size * 8 > grp->nbits) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));
}
/* While at it, reduce modulo N */
if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));
}
cleanup:
return( ret );
return ret;
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
@ -258,12 +260,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi *pk = &k, *pr = r;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/* Make sure d is in range 1..n-1 */
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
return MBEDTLS_ERR_ECP_INVALID_KEY;
}
mbedtls_ecp_point_init(&R);
mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t);
@ -271,8 +275,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(sig);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
{
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
/* redirect to our context */
p_sign_tries = &rs_ctx->sig->sign_tries;
p_key_tries = &rs_ctx->sig->key_tries;
@ -280,18 +283,18 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
pr = &rs_ctx->sig->r;
/* jump to current step */
if( rs_ctx->sig->state == ecdsa_sig_mul )
if (rs_ctx->sig->state == ecdsa_sig_mul) {
goto mul;
if( rs_ctx->sig->state == ecdsa_sig_modn )
}
if (rs_ctx->sig->state == ecdsa_sig_modn) {
goto modn;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
*p_sign_tries = 0;
do
{
if( (*p_sign_tries)++ > 10 )
{
do {
if ((*p_sign_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -301,10 +304,8 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
* and set r = xR mod n
*/
*p_key_tries = 0;
do
{
if( (*p_key_tries)++ > 10 )
{
do {
if ((*p_key_tries)++ > 10) {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
@ -312,8 +313,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_mul;
}
mul:
#endif
@ -322,12 +324,12 @@ mul:
p_rng_blind,
ECDSA_RS_ECP));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
}
while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(pr, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
rs_ctx->sig->state = ecdsa_sig_modn;
}
modn:
#endif
@ -360,12 +362,12 @@ modn:
MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
}
while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
} while (mbedtls_mpi_cmp_int(s, 0) == 0);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->sig != NULL )
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
mbedtls_mpi_copy(r, pr);
}
#endif
cleanup:
@ -374,13 +376,12 @@ cleanup:
ECDSA_RS_LEAVE(sig);
return( ret );
return ret;
}
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
{
switch( gid )
{
switch (gid) {
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
case MBEDTLS_ECP_DP_CURVE25519: return 0;
#endif
@ -406,8 +407,8 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
/* Use the same RNG for both blinding and ephemeral key generation */
return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL ) );
return ecdsa_sign_restartable(grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL);
}
#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
@ -431,8 +432,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
const mbedtls_md_info_t *md_info;
mbedtls_mpi h;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
mbedtls_mpi_init(&h);
mbedtls_hmac_drbg_init(&rng_ctx);
@ -440,15 +442,15 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
ECDSA_RS_ENTER(det);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
{
if (rs_ctx != NULL && rs_ctx->det != NULL) {
/* redirect to our context */
p_rng = &rs_ctx->det->rng_ctx;
/* jump to current step */
if( rs_ctx->det->state == ecdsa_det_sign )
if (rs_ctx->det->state == ecdsa_det_sign) {
goto sign;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
@ -458,8 +460,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->det != NULL )
if (rs_ctx != NULL && rs_ctx->det != NULL) {
rs_ctx->det->state = ecdsa_det_sign;
}
sign:
#endif
@ -469,12 +472,11 @@ sign:
ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng);
#else
if( f_rng_blind != NULL )
if (f_rng_blind != NULL) {
ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
f_rng_blind, p_rng_blind, rs_ctx);
else
{
} else {
mbedtls_hmac_drbg_context *p_rng_blind_det;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
@ -494,8 +496,7 @@ sign:
ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det,
(const unsigned char *) blind_label,
strlen(blind_label));
if( ret != 0 )
{
if (ret != 0) {
mbedtls_hmac_drbg_free(&rng_ctx_blind);
goto cleanup;
}
@ -540,7 +541,7 @@ cleanup:
ECDSA_RS_LEAVE(det);
return( ret );
return ret;
}
/*
@ -559,8 +560,8 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
ECDSA_VALIDATE_RET(d != NULL);
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
NULL, NULL, NULL ) );
return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
NULL, NULL, NULL);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -579,8 +580,8 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
ECDSA_VALIDATE_RET(f_rng_blind != NULL);
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL ) );
return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL);
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@ -605,30 +606,30 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
ECDSA_RS_ENTER(ver);
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ver != NULL )
{
if (rs_ctx != NULL && rs_ctx->ver != NULL) {
/* redirect to our context */
pu1 = &rs_ctx->ver->u1;
pu2 = &rs_ctx->ver->u2;
/* jump to current step */
if( rs_ctx->ver->state == ecdsa_ver_muladd )
if (rs_ctx->ver->state == ecdsa_ver_muladd) {
goto muladd;
}
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Step 1: make sure r and s are in range 1..n-1
*/
if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
{
mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -652,8 +653,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->ver != NULL )
if (rs_ctx != NULL && rs_ctx->ver != NULL) {
rs_ctx->ver->state = ecdsa_ver_muladd;
}
muladd:
#endif
@ -663,8 +665,7 @@ muladd:
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
&R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
if( mbedtls_ecp_is_zero( &R ) )
{
if (mbedtls_ecp_is_zero(&R)) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -678,8 +679,7 @@ muladd:
/*
* Step 8: check if v (that is, R.X) is equal to r
*/
if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
{
if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -691,7 +691,7 @@ cleanup:
ECDSA_RS_LEAVE(ver);
return( ret );
return ret;
}
/*
@ -709,7 +709,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
ECDSA_VALIDATE_RET(s != NULL);
ECDSA_VALIDATE_RET(buf != NULL || blen == 0);
return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
}
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
@ -729,12 +729,13 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
memcpy(sig, p, len);
*slen = len;
return( 0 );
return 0;
}
/*
@ -784,7 +785,7 @@ cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return( ret );
return ret;
}
/*
@ -801,8 +802,8 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
ECDSA_VALIDATE_RET(slen != NULL);
return( mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
return mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL);
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
@ -816,8 +817,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
ECDSA_VALIDATE_RET(slen != NULL);
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL ) );
return mbedtls_ecdsa_write_signature(ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL);
}
#endif
@ -831,8 +832,8 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
ECDSA_VALIDATE_RET(ctx != NULL);
ECDSA_VALIDATE_RET(hash != NULL);
ECDSA_VALIDATE_RET(sig != NULL);
return( mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL ) );
return mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL);
}
/*
@ -856,22 +857,19 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
mbedtls_mpi_init(&s);
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
if( p + len != end )
{
if (p + len != end) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto cleanup;
}
if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
{
(ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -879,25 +877,28 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
(void) rs_ctx;
if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
&ctx->Q, &r, &s ) ) != 0 )
&ctx->Q, &r, &s)) != 0) {
goto cleanup;
}
#else
if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen,
&ctx->Q, &r, &s, rs_ctx ) ) != 0 )
&ctx->Q, &r, &s, rs_ctx)) != 0) {
goto cleanup;
}
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific
* error code if the valid signature is followed by more data. */
if( p != end )
if (p != end) {
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
}
cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return( ret );
return ret;
}
#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
@ -912,11 +913,12 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
ECDSA_VALIDATE_RET(f_rng != NULL);
ret = mbedtls_ecp_group_load(&ctx->grp, gid);
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
&ctx->Q, f_rng, p_rng ) );
return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,
&ctx->Q, f_rng, p_rng);
}
#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
@ -931,12 +933,11 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke
if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
(ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
{
(ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
mbedtls_ecdsa_free(ctx);
}
return( ret );
return ret;
}
/*
@ -954,8 +955,9 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
*/
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_ecp_keypair_free(ctx);
}
@ -982,8 +984,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
*/
void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
mbedtls_ecp_restart_free(&ctx->ecp);

173
library/ecjpake.c
View File

@ -78,8 +78,9 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
*/
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
{
if( ctx == NULL )
if (ctx == NULL) {
return;
}
ctx->md_info = NULL;
mbedtls_ecp_group_free(&ctx->grp);
@ -114,18 +115,20 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
ctx->role = role;
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
if ((ctx->md_info = mbedtls_md_info_from_type(hash)) == NULL) {
return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
cleanup:
if( ret != 0 )
if (ret != 0) {
mbedtls_ecjpake_free(ctx);
}
return( ret );
return ret;
}
/*
@ -137,12 +140,11 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
if (ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
{
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ctx->s.p == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
return( 0 );
return 0;
}
/*
@ -158,19 +160,21 @@ static int ecjpake_write_len_point( unsigned char **p,
size_t len;
/* Need at least 4 for length plus 1 for point */
if( end < *p || end - *p < 5 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p || end - *p < 5) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
ret = mbedtls_ecp_point_write_binary(grp, P, pf,
&len, *p + 4, end - (*p + 4));
if( ret != 0 )
return( ret );
if (ret != 0) {
return ret;
}
MBEDTLS_PUT_UINT32_BE(len, *p, 0);
*p += 4 + len;
return( 0 );
return 0;
}
/*
@ -203,14 +207,16 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V));
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X));
if( end - p < 4 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end - p < 4) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
MBEDTLS_PUT_UINT32_BE(id_len, p, 0);
p += 4;
if( end < p || (size_t)( end - p ) < id_len )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < p || (size_t) (end - p) < id_len) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
memcpy(p, id, id_len);
p += id_len;
@ -224,7 +230,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
cleanup:
return( ret );
return ret;
}
/*
@ -255,21 +261,20 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
* opaque r<1..2^8-1>;
* } ECSchnorrZKP;
*/
if( end < *p )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (end < *p) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
if( end < *p || (size_t)( end - *p ) < 1 )
{
if (end < *p || (size_t) (end - *p) < 1) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
r_len = *(*p)++;
if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
{
if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -284,8 +289,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
&VV, &h, X, &r, G));
if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
{
if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@ -296,7 +300,7 @@ cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&h);
return( ret );
return ret;
}
/*
@ -320,8 +324,9 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
mbedtls_mpi h; /* later recycled to hold r */
size_t len;
if( end < *p )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
mbedtls_ecp_point_init(&V);
mbedtls_mpi_init(&v);
@ -341,8 +346,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
*p += len;
len = mbedtls_mpi_size(&h); /* actually r */
if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
{
if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -356,7 +360,7 @@ cleanup:
mbedtls_mpi_free(&v);
mbedtls_mpi_free(&h);
return( ret );
return ret;
}
/*
@ -374,8 +378,9 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( end < *p )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (end < *p) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
/*
* struct {
@ -384,8 +389,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
* } ECJPAKEKeyKP;
*/
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
if( mbedtls_ecp_is_zero( X ) )
{
if (mbedtls_ecp_is_zero(X)) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
@ -393,7 +397,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_info, grp, pf, G, X, id, p, end));
cleanup:
return( ret );
return ret;
}
/*
@ -415,8 +419,9 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( end < *p )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (end < *p) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
/* Generate key (7.4.2.3.1) and write it out */
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
@ -430,7 +435,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
p, end, f_rng, p_rng));
cleanup:
return( ret );
return ret;
}
/*
@ -459,11 +464,12 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xa, id, &p, end));
MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xb, id, &p, end));
if( p != end )
if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
cleanup:
return( ret );
return ret;
}
/*
@ -497,7 +503,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
*olen = p - buf;
cleanup:
return( ret );
return ret;
}
/*
@ -510,10 +516,10 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(ctx != NULL);
ECJPAKE_VALIDATE_RET(buf != NULL);
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
return ecjpake_kkpp_read(ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->Xp1, &ctx->Xp2, ID_PEER,
buf, len ) );
buf, len);
}
/*
@ -529,10 +535,10 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(olen != NULL);
ECJPAKE_VALIDATE_RET(f_rng != NULL);
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
return ecjpake_kkpp_write(ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
ID_MINE, buf, len, olen, f_rng, p_rng ) );
ID_MINE, buf, len, olen, f_rng, p_rng);
}
/*
@ -555,7 +561,7 @@ static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup:
mbedtls_mpi_free(&one);
return( ret );
return ret;
}
/*
@ -592,11 +598,9 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
{
if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
if( grp.id != ctx->grp.id )
{
if (grp.id != ctx->grp.id) {
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
}
@ -606,8 +610,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
ctx->point_format,
&G, &ctx->Xp, ID_PEER, &p, end));
if( p != end )
{
if (p != end) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
@ -616,7 +619,7 @@ cleanup:
mbedtls_ecp_group_free(&grp);
mbedtls_ecp_point_free(&G);
return( ret );
return ret;
}
/*
@ -647,7 +650,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
cleanup:
mbedtls_mpi_free(&b);
return( ret );
return ret;
}
/*
@ -696,10 +699,8 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
* ECJPAKEKeyKP ecjpake_key_kp;
* } Client/ServerECJPAKEParams;
*/
if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
{
if( end < p )
{
if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -708,8 +709,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
p += ec_len;
}
if( end < p )
{
if (end < p) {
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
goto cleanup;
}
@ -729,7 +729,7 @@ cleanup:
mbedtls_ecp_point_free(&Xm);
mbedtls_mpi_free(&xm);
return( ret );
return ret;
}
/*
@ -752,8 +752,9 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
ECJPAKE_VALIDATE_RET(f_rng != NULL);
*olen = mbedtls_md_get_size(ctx->md_info);
if( len < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if (len < *olen) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
mbedtls_ecp_point_init(&K);
mbedtls_mpi_init(&m_xm2_s);
@ -784,7 +785,7 @@ cleanup:
mbedtls_mpi_free(&m_xm2_s);
mbedtls_mpi_free(&one);
return( ret );
return ret;
}
#undef ID_MINE
@ -801,7 +802,7 @@ cleanup:
int mbedtls_ecjpake_self_test(int verbose)
{
(void) verbose;
return( 0 );
return 0;
}
#else
@ -953,7 +954,7 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
&ctx->grp.G, NULL, NULL));
cleanup:
return( ret );
return ret;
}
#endif /* ! MBEDTLS_ECJPAKE_ALT */
@ -965,8 +966,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
static uint32_t x = 42;
(void) p;
while( len > 0 )
{
while (len > 0) {
size_t use_len = len > 4 ? 4 : len;
x = 1664525 * x + 1013904223;
memcpy(out, &x, use_len);
@ -974,7 +974,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
len -= use_len;
}
return( 0 );
return 0;
}
#define TEST_ASSERT(x) \
@ -1002,8 +1002,9 @@ int mbedtls_ecjpake_self_test( int verbose )
mbedtls_ecjpake_init(&cli);
mbedtls_ecjpake_init(&srv);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #0 (setup): ");
}
TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
@ -1015,11 +1016,13 @@ int mbedtls_ecjpake_self_test( int verbose )
ecjpake_test_password,
sizeof(ecjpake_test_password)) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #1 (random handshake): ");
}
TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli,
buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
@ -1050,8 +1053,9 @@ int mbedtls_ecjpake_self_test( int verbose )
TEST_ASSERT(len == pmslen);
TEST_ASSERT(memcmp(buf, pms, len) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
@ -1059,8 +1063,9 @@ int mbedtls_ecjpake_self_test( int verbose )
* are generated. This is only the case for the internal mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf(" ECJPAKE test #2 (reference handshake): ");
}
/* Simulate generation of round one */
MBEDTLS_MPI_CHK(ecjpake_test_load(&cli,
@ -1105,26 +1110,28 @@ int mbedtls_ecjpake_self_test( int verbose )
TEST_ASSERT(len == sizeof(ecjpake_test_pms));
TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("passed\n");
}
#endif /* ! MBEDTLS_ECJPAKE_ALT */
cleanup:
mbedtls_ecjpake_free(&cli);
mbedtls_ecjpake_free(&srv);
if( ret != 0 )
{
if( verbose != 0 )
if (ret != 0) {
if (verbose != 0) {
mbedtls_printf("failed\n");
}
ret = 1;
}
if( verbose != 0 )
if (verbose != 0) {
mbedtls_printf("\n");
}
return( ret );
return ret;
}
#undef TEST_ASSERT

996
library/ecp.c
View File

File diff suppressed because it is too large Load Diff

173
library/ecp_curves.c
View File

@ -565,8 +565,9 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
const mbedtls_mpi_uint *n, size_t nlen)
{
ecp_mpi_load(&grp->P, p, plen);
if( a != NULL )
if (a != NULL) {
ecp_mpi_load(&grp->A, a, alen);
}
ecp_mpi_load(&grp->B, b, blen);
ecp_mpi_load(&grp->N, n, nlen);
@ -579,7 +580,7 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
grp->h = 1;
return( 0 );
return 0;
}
#endif /* ECP_LOAD_GROUP */
@ -680,10 +681,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
grp->nbits = 254;
cleanup:
if( ret != 0 )
if (ret != 0) {
mbedtls_ecp_group_free(grp);
}
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@ -735,10 +737,11 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
cleanup:
mbedtls_mpi_free(&Ns);
if( ret != 0 )
if (ret != 0) {
mbedtls_ecp_group_free(grp);
}
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@ -754,86 +757,85 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
grp->id = id;
switch( id )
{
switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
NIST_MODP(p192);
return( LOAD_GROUP( secp192r1 ) );
return LOAD_GROUP(secp192r1);
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
NIST_MODP(p224);
return( LOAD_GROUP( secp224r1 ) );
return LOAD_GROUP(secp224r1);
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
NIST_MODP(p256);
return( LOAD_GROUP( secp256r1 ) );
return LOAD_GROUP(secp256r1);
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
NIST_MODP(p384);
return( LOAD_GROUP( secp384r1 ) );
return LOAD_GROUP(secp384r1);
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
NIST_MODP(p521);
return( LOAD_GROUP( secp521r1 ) );
return LOAD_GROUP(secp521r1);
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
grp->modp = ecp_mod_p192k1;
return( LOAD_GROUP_A( secp192k1 ) );
return LOAD_GROUP_A(secp192k1);
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
grp->modp = ecp_mod_p224k1;
return( LOAD_GROUP_A( secp224k1 ) );
return LOAD_GROUP_A(secp224k1);
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
grp->modp = ecp_mod_p256k1;
return( LOAD_GROUP_A( secp256k1 ) );
return LOAD_GROUP_A(secp256k1);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
return( LOAD_GROUP_A( brainpoolP256r1 ) );
return LOAD_GROUP_A(brainpoolP256r1);
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
return( LOAD_GROUP_A( brainpoolP384r1 ) );
return LOAD_GROUP_A(brainpoolP384r1);
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
return( LOAD_GROUP_A( brainpoolP512r1 ) );
return LOAD_GROUP_A(brainpoolP512r1);
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
grp->modp = ecp_mod_p255;
return( ecp_use_curve25519( grp ) );
return ecp_use_curve25519(grp);
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
grp->modp = ecp_mod_p448;
return( ecp_use_curve448( grp ) );
return ecp_use_curve448(grp);
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
default:
grp->id = MBEDTLS_ECP_DP_NONE;
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
}
@ -866,8 +868,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
{
unsigned char i;
mbedtls_mpi_uint c = 0;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
{
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
*dst += c; c = (*dst < c);
*dst += *src; c += (*dst < *src);
}
@ -878,8 +879,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
{
unsigned char i;
for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
{
for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
*dst += *carry;
*carry = (*dst < *carry);
}
@ -911,7 +911,7 @@ static int ecp_mod_p192( mbedtls_mpi *N )
ADD(4); ADD(5); LAST; // A2 += A4 + A5
cleanup:
return( ret );
return ret;
}
#undef WIDTH
@ -1024,15 +1024,14 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
/* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
* set the absolute value to 0xfff...fff - N. There is no carry
* since we're subtracting from all-bits-one. */
for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
{
for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
}
/* Add 1, taking care of the carry. */
i = 0;
do
do {
++N->p[i];
while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
} while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
/* Invert the sign.
* Now N = N0 - 2^bits where N0 is the initial value of N. */
N->s = -1;
@ -1041,8 +1040,9 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
* negative, this adds c * 2^bits. */
mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
#if defined(MBEDTLS_HAVE_INT64)
if( bits == 224 )
if (bits == 224) {
msw <<= 32;
}
#endif
N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
}
@ -1064,7 +1064,7 @@ static int ecp_mod_p224( mbedtls_mpi *N )
SUB(13); ADD(10); LAST; // A6 += -A13 + A10
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
@ -1101,7 +1101,7 @@ static int ecp_mod_p256( mbedtls_mpi *N )
SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
@ -1150,7 +1150,7 @@ static int ecp_mod_p384( mbedtls_mpi *N )
SUB(22); LAST; // A11
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
@ -1192,28 +1192,31 @@ static int ecp_mod_p521( mbedtls_mpi *N )
* we need to hold bits 513 to 1056, which is 34 limbs, that is
* P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
if( N->n < P521_WIDTH )
return( 0 );
if (N->n < P521_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P521_WIDTH - 1);
if( M.n > P521_WIDTH + 1 )
if (M.n > P521_WIDTH + 1) {
M.n = P521_WIDTH + 1;
}
M.p = Mp;
memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
/* N = A0 */
N->p[P521_WIDTH - 1] &= P521_MASK;
for( i = P521_WIDTH; i < N->n; i++ )
for (i = P521_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#undef P521_WIDTH
@ -1238,14 +1241,16 @@ static int ecp_mod_p255( mbedtls_mpi *N )
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P255_WIDTH + 2];
if( N->n < P255_WIDTH )
return( 0 );
if (N->n < P255_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P255_WIDTH - 1);
if( M.n > P255_WIDTH + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if (M.n > P255_WIDTH + 1) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
memset(Mp, 0, sizeof Mp);
memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
@ -1254,15 +1259,16 @@ static int ecp_mod_p255( mbedtls_mpi *N )
/* N = A0 */
MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0));
for( i = P255_WIDTH; i < N->n; i++ )
for (i = P255_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + 19 * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@ -1295,22 +1301,25 @@ static int ecp_mod_p448( mbedtls_mpi *N )
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
if( N->n <= P448_WIDTH )
return( 0 );
if (N->n <= P448_WIDTH) {
return 0;
}
/* M = A1 */
M.s = 1;
M.n = N->n - (P448_WIDTH);
if( M.n > P448_WIDTH )
if (M.n > P448_WIDTH) {
/* Shouldn't be called with N larger than 2^896! */
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
/* N = A0 */
for( i = P448_WIDTH; i < N->n; i++ )
for (i = P448_WIDTH; i < N->n; i++) {
N->p[i] = 0;
}
/* N += A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
@ -1323,17 +1332,19 @@ static int ecp_mod_p448( mbedtls_mpi *N )
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
/* M = (B0 + B1) * 2^224, N += M */
if( sizeof( mbedtls_mpi_uint ) > 4 )
if (sizeof(mbedtls_mpi_uint) > 4) {
Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
for( i = P224_WIDTH_MAX; i < M.n; ++i )
}
for (i = P224_WIDTH_MAX; i < M.n; ++i) {
Mp[i] = 0;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@ -1357,8 +1368,9 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs )
return( 0 );
if (N->n < p_limbs) {
return 0;
}
/* Init R */
R.s = 1;
@ -1371,19 +1383,23 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
/* M = A1 */
M.n = N->n - (p_limbs - adjust);
if( M.n > p_limbs + adjust )
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
memset(Mp, 0, sizeof Mp);
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if( shift != 0 )
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
}
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
if (mask != 0) {
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
}
for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
@ -1393,26 +1409,30 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
/* M = A1 */
M.n = N->n - (p_limbs - adjust);
if( M.n > p_limbs + adjust )
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
memset(Mp, 0, sizeof Mp);
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if( shift != 0 )
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
}
M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
if (mask != 0) {
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
}
for (i = p_limbs; i < N->n; i++) {
N->p[i] = 0;
}
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return( ret );
return ret;
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
@ -1427,10 +1447,11 @@ static int ecp_mod_p192k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
0x00)
};
return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
@ -1443,13 +1464,14 @@ static int ecp_mod_p224k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
0x00)
};
#if defined(MBEDTLS_HAVE_INT64)
return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
#else
return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
#endif
}
@ -1464,9 +1486,10 @@ static int ecp_mod_p256k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00 ) };
return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
0 ) );
0x00)
};
return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
0);
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */

Some files were not shown because too many files have changed in this diff Show More