ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #12814 from artokin/feature_wisun_update_mbed_os_and_nanostack 

[feature-wisun] Nanostack release to feature-wisun branch and update to mbed-os-5.15.2
pull/12657/head
Arto Kinnunen 2020-04-23 13:15:30 +03:00 committed by GitHub
parent e1eb4c4e11 13f5df4b8b
commit e519efd8fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
612 changed files with 48009 additions and 20737 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
TESTS/mbed-crypto/sanity/main.cpp
View File

@ -262,13 +262,13 @@ void test_crypto_asymmetric_sign_verify(void)
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
signature, sizeof(signature), &signature_len));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_sign_hash(key_handle, alg, input, sizeof(input),
signature, sizeof(signature), &signature_len));
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_signature, signature, signature_len);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_verify(key_handle, alg, input, sizeof(input),
signature, signature_len));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_verify_hash(key_handle, alg, input, sizeof(input),
signature, signature_len));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
}

3
TESTS/mbed_hal_fpga_ci_test_shield/uart/main.cpp
View File

@ -133,6 +133,9 @@ static void uart_test_common(int baudrate, int data_bits, SerialParity parity, i
serial_set_flow_control_direct(&serial, FlowControlRTSCTS, &pinmap);
#else
//skip this test case if static pinmap is not supported
// Cleanup uart to be able execute next test case
serial_free(&serial);
tester.reset();
return;
#endif
} else {

34
TESTS/mbedtls/multi/main.cpp
View File

@ -33,7 +33,7 @@
using namespace utest::v1;
#if defined(MBEDTLS_SHA256_C)
/* Tests several call to mbedtls_sha256_update function that are not modulo 64 bytes */
/* Tests several call to mbedtls_sha256_update_ret function that are not modulo 64 bytes */
void test_case_sha256_split()
{
const unsigned char test_buf[] = {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"};
@ -50,18 +50,18 @@ void test_case_sha256_split()
mbedtls_sha256_context ctx;
printf("test sha256\n");
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts(&ctx, 0);
(void)mbedtls_sha256_starts_ret(&ctx, 0);
#if 0
printf("test not splitted\n");
mbedtls_sha256_update(&ctx, test_buf, 168);
(void)mbedtls_sha256_update_ret(&ctx, test_buf, 168);
#else
printf("test splitted into 3 pieces\n");
mbedtls_sha256_update(&ctx, test_buf, 2);
mbedtls_sha256_update(&ctx, test_buf + 2, 66);
mbedtls_sha256_update(&ctx, test_buf + 68, 100);
(void)mbedtls_sha256_update_ret(&ctx, test_buf, 2);
(void)mbedtls_sha256_update_ret(&ctx, test_buf + 2, 66);
(void)mbedtls_sha256_update_ret(&ctx, test_buf + 68, 100);
#endif
mbedtls_sha256_finish(&ctx, outsum);
(void)mbedtls_sha256_finish_ret(&ctx, outsum);
mbedtls_sha256_free(&ctx);
printf("\nreceived result : ");
@ -113,29 +113,29 @@ void test_case_sha256_multi()
mbedtls_sha256_init(&ctx2);
mbedtls_sha256_init(&ctx3);
//Start both contexts
mbedtls_sha256_starts(&ctx1, 0);
mbedtls_sha256_starts(&ctx2, 0);
(void)mbedtls_sha256_starts_ret(&ctx1, 0);
(void)mbedtls_sha256_starts_ret(&ctx2, 0);
printf("upd ctx1\n");
mbedtls_sha256_update(&ctx1, test_buf, 56);
(void)mbedtls_sha256_update_ret(&ctx1, test_buf, 56);
printf("upd ctx2\n");
mbedtls_sha256_update(&ctx2, test_buf, 66);
(void)mbedtls_sha256_update_ret(&ctx2, test_buf, 66);
printf("finish ctx1\n");
mbedtls_sha256_finish(&ctx1, outsum1);
(void)mbedtls_sha256_finish_ret(&ctx1, outsum1);
printf("upd ctx2\n");
mbedtls_sha256_update(&ctx2, test_buf + 66, 46);
(void)mbedtls_sha256_update_ret(&ctx2, test_buf + 66, 46);
printf("clone ctx2 in ctx3\n");
mbedtls_sha256_clone(&ctx3, (const mbedtls_sha256_context *)&ctx2);
printf("free ctx1\n");
mbedtls_sha256_free(&ctx1);
printf("upd ctx2\n");
mbedtls_sha256_update(&ctx2, test_buf + 112, 56);
(void)mbedtls_sha256_update_ret(&ctx2, test_buf + 112, 56);
printf("upd ctx3 with different values than ctx2\n");
mbedtls_sha256_update(&ctx3, test_buf2, 56);
(void)mbedtls_sha256_update_ret(&ctx3, test_buf2, 56);
printf("finish ctx2\n");
mbedtls_sha256_finish(&ctx2, outsum2);
(void)mbedtls_sha256_finish_ret(&ctx2, outsum2);
printf("finish ctx3\n");
mbedtls_sha256_finish(&ctx3, outsum3);
(void)mbedtls_sha256_finish_ret(&ctx3, outsum3);
printf("free ctx2\n");
mbedtls_sha256_free(&ctx2);
printf("free ctx3\n");

2
TESTS/psa/attestation/main.cpp
View File

@ -98,7 +98,7 @@ static void check_initial_attestation_get_token()
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
status = psa_attestation_inject_key(private_key_data,
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1),
exported,
sizeof(exported),
&exported_length);

10
TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp
View File

@ -348,7 +348,7 @@ void test_use_other_partition_key_aead(void)
void test_use_other_partition_key_asymmetric_sign_verify(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1);
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1);
static const psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const size_t key_bits = 256;
@ -373,12 +373,12 @@ void test_use_other_partition_key_asymmetric_sign_verify(void)
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to asymmetric sign using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_sign(key_handle, key_alg, input, sizeof(input),
signature, sizeof(signature), &len));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_sign_hash(key_handle, key_alg, input, sizeof(input),
signature, sizeof(signature), &len));
/* try to asymmetric verify using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_verify(key_handle, key_alg, input, sizeof(input),
signature, sizeof(signature)));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_verify_hash(key_handle, key_alg, input, sizeof(input),
signature, sizeof(signature)));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));

46
components/802.15.4_RF/atmel-rf-driver/atmel-rf-driver/NanostackRfPhyAtmel.h
View File

@ -24,6 +24,9 @@
#include "NanostackRfPhy.h"
// Uncomment to use testing gpios attached to TX/RX processes
// #define TEST_GPIOS_ENABLED
// Arduino pin defaults for convenience
#if !defined(ATMEL_SPI_MOSI)
#define ATMEL_SPI_MOSI D11
@ -52,8 +55,24 @@
#if !defined(ATMEL_I2C_SCL)
#define ATMEL_I2C_SCL D15
#endif
#if !defined(TEST_PIN_TX)
#define TEST_PIN_TX D6
#endif
#if !defined(TEST_PIN_RX)
#define TEST_PIN_RX D3
#endif
#if !defined(TEST_PIN_CSMA)
#define TEST_PIN_CSMA D4
#endif
#if !defined(TEST_PIN_SPARE_1)
#define TEST_PIN_SPARE_1 D2
#endif
#if !defined(TEST_PIN_SPARE_2)
#define TEST_PIN_SPARE_2 D8
#endif
class RFBits;
class TestPins;
class NanostackRfPhyAtmel : public NanostackRfPhy {
public:
@ -70,6 +89,7 @@ private:
AT24Mac _mac;
uint8_t _mac_addr[8];
RFBits *_rf;
TestPins *_test_pins;
bool _mac_set;
const PinName _spi_mosi;
@ -81,5 +101,31 @@ private:
const PinName _spi_irq;
};
#ifdef TEST_GPIOS_ENABLED
#define TEST_TX_STARTED test_pins->TEST1 = 1;
#define TEST_TX_DONE test_pins->TEST1 = 0;
#define TEST_RX_STARTED test_pins->TEST2 = 1;
#define TEST_RX_DONE test_pins->TEST2 = 0;
#define TEST_CSMA_STARTED test_pins->TEST3 = 1;
#define TEST_CSMA_DONE test_pins->TEST3 = 0;
#define TEST_SPARE_1_ON test_pins->TEST4 = 1;
#define TEST_SPARE_1_OFF test_pins->TEST4 = 0;
#define TEST_SPARE_2_ON test_pins->TEST5 = 1;
#define TEST_SPARE_2_OFF test_pins->TEST5 = 0;
extern void (*fhss_uc_switch)(void);
extern void (*fhss_bc_switch)(void);
#else
#define TEST_TX_STARTED
#define TEST_TX_DONE
#define TEST_RX_STARTED
#define TEST_RX_DONE
#define TEST_CSMA_STARTED
#define TEST_CSMA_DONE
#define TEST_SPARE_1_ON
#define TEST_SPARE_1_OFF
#define TEST_SPARE_2_ON
#define TEST_SPARE_2_OFF
#endif //TEST_GPIOS_ENABLED
#endif /* MBED_CONF_NANOSTACK_CONFIGURATION */
#endif /* NANOSTACK_RF_PHY_ATMEL_H_ */

262
components/802.15.4_RF/atmel-rf-driver/source/AT86RF215Reg.h Normal file
View File

@ -0,0 +1,262 @@
/*
* Copyright (c) 2020 ARM Limited. All rights reserved.
* SPDX-License-Identifier: Apache-2.0
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef AT86RF215REG_H_
#define AT86RF215REG_H_
#ifdef __cplusplus
extern "C" {
#endif
/*Register addresses*/
#define RF09_IRQS 0x00
#define RF24_IRQS 0x01
#define BBC0_IRQS 0x02
#define BBC1_IRQS 0x03
#define RF_CFG 0x06
#define RF_IQIFC1 0x0B
#define RF_PN 0x0D
#define RF_VN 0x0E
#define RF_IRQM 0x00
#define RF_STATE 0x02
#define RF_CMD 0x03
#define RF_CS 0x04
#define RF_CCF0L 0x05
#define RF_CCF0H 0x06
#define RF_CNL 0x07
#define RF_CNM 0x08
#define RF_RXBWC 0x09
#define RF_RXDFE 0x0A
#define RF_AGCC 0x0B
#define RF_AGCS 0x0C
#define RF_RSSI 0x0D
#define RF_EDC 0x0E
#define RF_EDV 0x10
#define RF_TXCUTC 0x12
#define RF_TXDFE 0x13
#define BBC_IRQM 0x00
#define BBC_PC 0x01
#define BBC_RXFLL 0x04
#define BBC_RXFLH 0x05
#define BBC_TXFLL 0x06
#define BBC_TXFLH 0x07
#define BBC_FBLL 0x08
#define BBC_FBLH 0x09
#define BBC_OQPSKC0 0x10
#define BBC_OQPSKC1 0x11
#define BBC_OQPSKC2 0x12
#define BBC_OQPSKC3 0x13
#define BBC_OQPSKPHRTX 0x14
#define BBC_OQPSKPHRRX 0x15
#define BBC_AFC0 0x20
#define BBC_AFFTM 0x22
#define BBC_MACEA0 0x25
#define BBC_MACPID0F0 0x2D
#define BBC_MACSHA0F0 0x2F
#define BBC_AMCS 0x40
#define BBC_AMEDT 0x41
#define BBC_AMAACKTL 0x43
#define BBC_AMAACKTH 0x44
#define BBC_FSKC0 0x60
#define BBC_FSKC1 0x61
#define BBC_FSKC2 0x62
#define BBC_FSKC3 0x63
#define BBC_FSKPLL 0x65
#define BBC_FSKPHRTX 0x6A
#define BBC_FSKPHRRX 0x6B
#define BBC0_FBRXS 0x2000
#define BBC0_FBTXS 0x2800
#define BBC1_FBRXS 0x3000
#define BBC1_FBTXS 0x3800
// RF_AGCC
#define AGCI (1 << 6)
#define AVGS 0x30
#define AVGS_8_SAMPLES (0 << 4)
// RF_AGCS
#define TGT 0xE0
#define TGT_1 (1 << 5)
// RF_RXBWC
#define BW 0x0F
#define RF_BW2000KHZ_IF2000KHZ (11 << 0)
#define RF_BW1600KHZ_IF2000KHZ (10 << 0)
#define RF_BW1250KHZ_IF2000KHZ (9 << 0)
#define RF_BW1000KHZ_IF1000KHZ (8 << 0)
#define RF_BW800KHZ_IF1000KHZ (7 << 0)
#define RF_BW630KHZ_IF1000KHZ (6 << 0)
#define RF_BW500KHZ_IF500KHZ (5 << 0)
#define RF_BW400KHZ_IF500KHZ (4 << 0)
#define RF_BW320KHZ_IF500KHZ (3 << 0)
#define RF_BW250KHZ_IF250KHZ (2 << 0)
#define RF_BW200KHZ_IF250KHZ (1 << 0)
#define RF_BW160KHZ_IF250KHZ (0 << 0)
#define IFS (1 << 4)
// RF_TXCUTC
#define PARAMP 0xC0
#define RF_PARAMP32U (3 << 6)
#define RF_PARAMP16U (2 << 6)
#define RF_PARAMP8U (1 << 6)
#define RF_PARAMP4U (0 << 6)
#define LPFCUT 0x0F
#define RF_FLC80KHZ (0 << 0)
#define RF_FLC100KHZ (1 << 0)
#define RF_FLC125KHZ (2 << 0)
#define RF_FLC160KHZ (3 << 0)
#define RF_FLC200KHZ (4 << 0)
#define RF_FLC250KHZ (5 << 0)
#define RF_FLC315KHZ (6 << 0)
#define RF_FLC400KHZ (7 << 0)
#define RF_FLC500KHZ (8 << 0)
#define RF_FLC625KHZ (9 << 0)
#define RF_FLC800KHZ (10 << 0)
#define RF_FLC1000KHZ (11 << 0)
// RF_TXDFE, RF_RXDFE
#define RCUT 0xE0
#define RCUT_4 (4 << 5)
#define RCUT_2 (2 << 5)
#define RCUT_1 (1 << 5)
#define RCUT_0 (0 << 5)
#define SR 0x0F
#define SR_10 (10 << 0)
#define SR_8 (8 << 0)
#define SR_6 (6 << 0)
#define SR_5 (5 << 0)
#define SR_4 (4 << 0)
#define SR_3 (3 << 0)
#define SR_2 (2 << 0)
#define SR_1 (1 << 0)
// BBC_FSKC0
#define BT 0xC0
#define BT_20 (3 << 6)
#define BT_10 (1 << 6)
#define MIDXS 0x30
#define MIDXS_0 (0 << 4)
#define MIDX 0x0E
#define MIDX_10 (3 << 1)
#define MIDX_075 (2 << 1)
#define MIDX_05 (1 << 1)
#define MIDX_0375 (0 << 1)
// BBC_FSKC1
#define SRATE 0x0F
#define SRATE_400KHZ (5 << 0)
#define SRATE_300KHZ (4 << 0)
#define SRATE_200KHZ (3 << 0)
#define SRATE_150KHZ (2 << 0)
#define SRATE_100KHZ (1 << 0)
#define SRATE_50KHZ (0 << 0)
// BBC_FSKC2
#define RXO 0x60
#define RXO_DIS (0 << 5)
#define FECIE (1 << 0)
// BBC_FSKC3
#define SFDT 0xF0
#define PDT 0x0F
#define PDT_6 (6 << 0)
// BBC_AFFTM
#define TYPE_2 (1 << 2)
// BBC_AFC0
#define PM (1 << 4)
#define AFEN3 (1 << 3)
#define AFEN2 (1 << 2)
#define AFEN1 (1 << 1)
#define AFEN0 (1 << 0)
// BBC_OQPSKPHRTX
#define LEG (1 << 0)
// BBC_OQPSKC0
#define FCHIP 0x03
#define BB_FCHIP100 (0 << 0)
#define BB_FCHIP200 (1 << 0)
#define BB_FCHIP1000 (2 << 0)
#define BB_FCHIP2000 (3 << 0)
// BBC_OQPSKC2
#define FCSTLEG 0x04
#define RXM 0x03
#define FCS_16 (1 << 2)
#define RXM_2 (2 << 0)
// BBC_IRQS, BBC_IRQM
#define FBLI (1 << 7)
#define AGCR (1 << 6)
#define AGCH (1 << 5)
#define TXFE (1 << 4)
#define RXEM (1 << 3)
#define RXAM (1 << 2)
#define RXFE (1 << 1)
#define RXFS (1 << 0)
//BBC_PC
#define BBEN (1 << 2)
#define PT 0x03
#define BB_PHYOFF (0 << 0)
#define BB_MRFSK (1 << 0)
#define BB_MROFDM (2 << 0)
#define BB_MROQPSK (3 << 0)
#define FCSOK (1 << 5)
#define TXAFCS (1 << 4)
#define FCST (1 << 3)
#define FCSFE (1 << 6)
//BBC_AMCS
#define AACKFT (1 << 7)
#define AACK (1 << 3)
#define CCAED (1 << 2)
// RF_IQIFC1
#define CHPM 0x70
#define RF_MODE_BBRF (0 << 4)
#define RF_MODE_RF (1 << 4)
#define RF_MODE_BBRF09 (4 << 4)
#define RF_MODE_BBRF24 (5 << 4)
/*RF_CFG bits*/
#define IRQMM 0x08
#define IRQP 0x04
/*RFn_IRQM bits*/
#define TRXRDY (1 << 1)
#define EDC (1 << 2)
/*RFn_EDC bits*/
#define EDM 0x03
#define RF_EDAUTO (0 << 0)
#define RF_EDSINGLE (1 << 0)
#define RF_EDCONT (2 << 0)
#define RF_EDOFF (3 << 0)
/*Masks*/
#define CNH 0x01
#define EDM 0x03
#define CHPM 0x70
#ifdef __cplusplus
}
#endif
#endif /* AT86RF215REG_H_ */

1
components/802.15.4_RF/atmel-rf-driver/source/AT86RFReg.h
View File

@ -47,6 +47,7 @@ extern "C" {
#define PART_AT86RF231 0x03
#define PART_AT86RF212 0x07
#define PART_AT86RF233 0x0B
#define PART_AT86RF215 0x34
#define VERSION_AT86RF212 0x01
#define VERSION_AT86RF212B 0x03

1103
components/802.15.4_RF/atmel-rf-driver/source/NanostackRfPhyAT86RF215.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

87
components/802.15.4_RF/atmel-rf-driver/source/NanostackRfPhyAtmel.cpp
View File

@ -23,6 +23,7 @@
#include "NanostackRfPhyAtmel.h"
#include "randLIB.h"
#include "AT86RFReg.h"
#include "AT86RF215Reg.h"
#include "nanostack/platform/arm_hal_phy.h"
#include "mbed_trace.h"
#include "mbed_toolchain.h"
@ -244,34 +245,8 @@ static void rf_if_irq_task_process_irq();
#endif
// HW pins to RF chip
#include "rfbits.h"
class UnlockedSPI : public SPI {
public:
UnlockedSPI(PinName mosi, PinName miso, PinName sclk) :
SPI(mosi, miso, sclk) { }
virtual void lock() { }
virtual void unlock() { }
};
class RFBits {
public:
RFBits(PinName spi_mosi, PinName spi_miso,
PinName spi_sclk, PinName spi_cs,
PinName spi_rst, PinName spi_slp, PinName spi_irq);
UnlockedSPI spi;
DigitalOut CS;
DigitalOut RST;
DigitalOut SLP_TR;
InterruptIn IRQ;
Timeout ack_timer;
Timeout cal_timer;
Timeout cca_timer;
#ifdef MBED_CONF_RTOS_PRESENT
Thread irq_thread;
Mutex mutex;
void rf_if_irq_task();
#endif
};
RFBits::RFBits(PinName spi_mosi, PinName spi_miso,
PinName spi_sclk, PinName spi_cs,
@ -282,7 +257,8 @@ RFBits::RFBits(PinName spi_mosi, PinName spi_miso,
SLP_TR(spi_slp),
IRQ(spi_irq)
#ifdef MBED_CONF_RTOS_PRESENT
, irq_thread(osPriorityRealtime, MBED_CONF_ATMEL_RF_IRQ_THREAD_STACK_SIZE, NULL, "atmel_irq_thread")
, irq_thread(osPriorityRealtime, MBED_CONF_ATMEL_RF_IRQ_THREAD_STACK_SIZE, NULL, "atmel_irq_thread"),
irq_thread_215(osPriorityRealtime, MBED_CONF_ATMEL_RF_IRQ_THREAD_STACK_SIZE, NULL, "atmel_215_irq_thread")
#endif
{
#ifdef MBED_CONF_RTOS_PRESENT
@ -290,7 +266,17 @@ RFBits::RFBits(PinName spi_mosi, PinName spi_miso,
#endif
}
TestPins::TestPins(PinName test_pin_1, PinName test_pin_2, PinName test_pin_3, PinName test_pin_4, PinName test_pin_5)
: TEST1(test_pin_1),
TEST2(test_pin_2),
TEST3(test_pin_3),
TEST4(test_pin_4),
TEST5(test_pin_5)
{
}
static RFBits *rf;
static TestPins *test_pins;
static uint8_t rf_part_num = 0;
/*TODO: RSSI Base value setting*/
static int8_t rf_rssi_base_val = -91;
@ -652,6 +638,10 @@ static void rf_if_write_set_tx_power_register(uint8_t value)
*/
static uint8_t rf_if_read_part_num(void)
{
// Part number is already set
if (rf_part_num) {
return rf_part_num;
}
return rf_if_read_register(PART_NUM);
}
@ -664,9 +654,6 @@ static uint8_t rf_if_read_part_num(void)
*/
static void rf_if_write_rf_settings(void)
{
/*Reset RF module*/
rf_if_reset_radio();
rf_part_num = rf_if_read_part_num();
rf_if_write_register(XAH_CTRL_0, 0);
@ -675,7 +662,9 @@ static void rf_if_write_rf_settings(void)
rf_if_write_register(TRX_CTRL_1, TX_AUTO_CRC_ON | SPI_CMD_MODE_TRX_STATUS);
rf_if_write_register(IRQ_MASK, CCA_ED_DONE | TRX_END | TRX_UR);
#ifdef TEST_GPIOS_ENABLED
rf_if_set_bit(IRQ_MASK, RX_START, RX_START);
#endif
xah_ctrl_1 = rf_if_read_register(XAH_CTRL_1);
/*Read transceiver PART_NUM*/
@ -1024,6 +1013,11 @@ static void rf_if_interrupt_handler(void)
/*Read and clear interrupt flag, and pick up trx_status*/
irq_status = rf_if_read_register_with_status(IRQ_STATUS, &full_trx_status);
#ifdef TEST_GPIOS_ENABLED
if (irq_status & RX_START) {
TEST_RX_STARTED
}
#endif
/*Frame end interrupt (RX and TX)*/
if (irq_status & TRX_END) {
rf_trx_states_t trx_status = rf_if_trx_status_from_full(full_trx_status);
@ -1384,7 +1378,6 @@ static void rf_channel_set(uint8_t ch)
rf_if_unlock();
}
/*
* \brief Function initialises the radio driver and resets the radio.
*
@ -1526,6 +1519,7 @@ static int8_t rf_start_cca(uint8_t *data_ptr, uint16_t data_length, uint8_t tx_h
rf_tx_length = data_length;
/*Start CCA timeout*/
rf_cca_timer_start(RF_CCA_BASE_BACKOFF + randLIB_get_random_in_range(0, RF_CCA_RANDOM_BACKOFF));
TEST_CSMA_STARTED
/*Store TX handle*/
mac_tx_handle = tx_handle;
rf_if_unlock();
@ -1544,6 +1538,7 @@ static int8_t rf_start_cca(uint8_t *data_ptr, uint16_t data_length, uint8_t tx_h
*/
static void rf_cca_abort(void)
{
TEST_CSMA_DONE
rf_cca_timer_stop();
rf_flags_clear(RFF_CCA);
}
@ -1585,6 +1580,7 @@ static bool rf_start_tx()
rf_flags_set(RFF_TX);
/*RF state change: SLP_TR pulse triggers PLL_ON->BUSY_TX*/
rf_if_enable_slptr();
TEST_TX_STARTED
/*Chip permits us to write frame buffer while it is transmitting*/
/*As long as first byte of data is in within 176us of TX start, we're good */
rf_if_write_frame_buffer(rf_tx_data, rf_tx_length);
@ -1601,6 +1597,7 @@ static bool rf_start_tx()
*/
static void rf_receive(rf_trx_states_t trx_status)
{
TEST_RX_DONE
uint16_t while_counter = 0;
if (rf_flags_check(RFF_ON) == 0) {
rf_on();
@ -1765,6 +1762,7 @@ static void rf_handle_ack(uint8_t seq_number, uint8_t data_pending)
*/
static void rf_handle_rx_end(rf_trx_states_t trx_status)
{
TEST_RX_DONE
/*Frame received interrupt*/
if (!rf_flags_check(RFF_RX)) {
return;
@ -1827,6 +1825,7 @@ static void rf_shutdown(void)
*/
static void rf_handle_tx_end(rf_trx_states_t trx_status)
{
TEST_TX_DONE
rf_rx_mode = 0;
/*If ACK is needed for this transmission*/
if ((rf_tx_data[0] & 0x20) && rf_flags_check(RFF_TX)) {
@ -1853,6 +1852,7 @@ static void rf_handle_tx_end(rf_trx_states_t trx_status)
*/
static void rf_handle_cca_ed_done(uint8_t full_trx_status)
{
TEST_CSMA_DONE
if (!rf_flags_check(RFF_CCA)) {
return;
}
@ -2168,11 +2168,14 @@ static uint8_t rf_scale_lqi(int8_t rssi)
NanostackRfPhyAtmel::NanostackRfPhyAtmel(PinName spi_mosi, PinName spi_miso,
PinName spi_sclk, PinName spi_cs, PinName spi_rst, PinName spi_slp, PinName spi_irq,
PinName i2c_sda, PinName i2c_scl)
: _mac(i2c_sda, i2c_scl), _mac_addr(), _rf(NULL), _mac_set(false),
: _mac(i2c_sda, i2c_scl), _mac_addr(), _rf(NULL), _test_pins(NULL), _mac_set(false),
_spi_mosi(spi_mosi), _spi_miso(spi_miso), _spi_sclk(spi_sclk),
_spi_cs(spi_cs), _spi_rst(spi_rst), _spi_slp(spi_slp), _spi_irq(spi_irq)
{
_rf = new RFBits(_spi_mosi, _spi_miso, _spi_sclk, _spi_cs, _spi_rst, _spi_slp, _spi_irq);
#ifdef TEST_GPIOS_ENABLED
_test_pins = new TestPins(TEST_PIN_TX, TEST_PIN_RX, TEST_PIN_CSMA, TEST_PIN_SPARE_1, TEST_PIN_SPARE_2);
#endif
}
NanostackRfPhyAtmel::~NanostackRfPhyAtmel()
@ -2196,6 +2199,7 @@ int8_t NanostackRfPhyAtmel::rf_register()
// Read the mac address if it hasn't been set by a user
rf = _rf;
test_pins = _test_pins;
if (!_mac_set) {
int ret = _mac.read_eui64((void *)_mac_addr);
if (ret < 0) {
@ -2204,9 +2208,20 @@ int8_t NanostackRfPhyAtmel::rf_register()
return -1;
}
}
int8_t radio_id = rf_device_register(_mac_addr);
/*Reset RF module*/
rf_if_reset_radio();
rf_part_num = rf_if_read_part_num();
int8_t radio_id = -1;
if (rf_part_num != PART_AT86RF231 && rf_part_num != PART_AT86RF233 && rf_part_num != PART_AT86RF212) {
// Register RF type 215. Jumps to AT86RF215 driver.
radio_id = rf->init_215_driver(_rf, _test_pins, _mac_addr, &rf_part_num);
} else {
// Register other RF types.
radio_id = rf_device_register(_mac_addr);
}
tr_info("RF part number: %x", rf_part_num);
if (radio_id < 0) {
tr_err("RF registration failed");
rf = NULL;
}

73
components/802.15.4_RF/atmel-rf-driver/source/rfbits.h Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (c) 2020 ARM Limited. All rights reserved.
* SPDX-License-Identifier: Apache-2.0
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef RFBITS_H_
#define RFBITS_H_
#include "DigitalIn.h"
#include "DigitalOut.h"
#include "InterruptIn.h"
#include "SPI.h"
#include <Timer.h>
#include "Timeout.h"
#include "rtos.h"
using namespace mbed;
using namespace rtos;
class UnlockedSPI : public SPI {
public:
UnlockedSPI(PinName mosi, PinName miso, PinName sclk) :
SPI(mosi, miso, sclk) { }
virtual void lock() { }
virtual void unlock() { }
};
class RFBits {
public:
RFBits(PinName spi_mosi, PinName spi_miso,
PinName spi_sclk, PinName spi_cs,
PinName spi_rst, PinName spi_slp, PinName spi_irq);
UnlockedSPI spi;
DigitalOut CS;
DigitalOut RST;
DigitalOut SLP_TR;
InterruptIn IRQ;
Timeout ack_timer;
Timeout cal_timer;
Timeout cca_timer;
Timer tx_timer;
int init_215_driver(RFBits *_rf, TestPins *_test_pins, const uint8_t mac[8], uint8_t *rf_part_num);
#ifdef MBED_CONF_RTOS_PRESENT
Thread irq_thread;
Thread irq_thread_215;
Mutex mutex;
void rf_if_irq_task();
void rf_irq_task();
#endif
};
class TestPins {
public:
TestPins(PinName test_pin_1, PinName test_pin_2, PinName test_pin_3, PinName test_pin_4, PinName test_pin_5);
DigitalOut TEST1;
DigitalOut TEST2;
DigitalOut TEST3;
DigitalOut TEST4;
DigitalOut TEST5;
};
#endif /* RFBITS_H_ */

111
components/802.15.4_RF/stm-s2lp-rf-driver/source/NanostackRfPhys2lp.cpp
View File

@ -49,16 +49,16 @@ using namespace rtos;
#endif
#ifdef TEST_GPIOS_ENABLED
#define TEST_TX_STARTED rf->TEST1 = 1;
#define TEST_TX_DONE rf->TEST1 = 0;
#define TEST_RX_STARTED rf->TEST2 = 1;
#define TEST_RX_DONE rf->TEST2 = 0;
#define TEST_ACK_TX_STARTED rf->TEST3 = 1;
#define TEST_ACK_TX_DONE rf->TEST3 = 0;
#define TEST1_ON rf->TEST4 = 1;
#define TEST1_OFF rf->TEST4 = 0;
#define TEST2_ON rf->TEST5 = 1;
#define TEST2_OFF rf->TEST5 = 0;
#define TEST_TX_STARTED test_pins->TEST1 = 1;
#define TEST_TX_DONE test_pins->TEST1 = 0;
#define TEST_RX_STARTED test_pins->TEST2 = 1;
#define TEST_RX_DONE test_pins->TEST2 = 0;
#define TEST_CSMA_STARTED test_pins->TEST3 = 1;
#define TEST_CSMA_DONE test_pins->TEST3 = 0;
#define TEST_SPARE_1_ON test_pins->TEST4 = 1;
#define TEST_SPARE_1_OFF test_pins->TEST4 = 0;
#define TEST_SPARE_2_ON test_pins->TEST5 = 1;
#define TEST_SPARE_2_OFF test_pins->TEST5 = 0;
extern void (*fhss_uc_switch)(void);
extern void (*fhss_bc_switch)(void);
#else //TEST_GPIOS_ENABLED
@ -66,12 +66,12 @@ extern void (*fhss_bc_switch)(void);
#define TEST_TX_DONE
#define TEST_RX_STARTED
#define TEST_RX_DONE
#define TEST_ACK_TX_STARTED
#define TEST_ACK_TX_DONE
#define TEST1_ON
#define TEST1_OFF
#define TEST2_ON
#define TEST2_OFF
#define TEST_CSMA_STARTED
#define TEST_CSMA_DONE
#define TEST_SPARE_1_ON
#define TEST_SPARE_1_OFF
#define TEST_SPARE_2_ON
#define TEST_SPARE_2_OFF
#endif //TEST_GPIOS_ENABLED
#define MAC_FRAME_TYPE_MASK 0x07
@ -116,21 +116,11 @@ class RFPins {
public:
RFPins(PinName spi_sdi, PinName spi_sdo,
PinName spi_sclk, PinName spi_cs, PinName spi_sdn,
#ifdef TEST_GPIOS_ENABLED
PinName spi_test1, PinName spi_test2, PinName spi_test3, PinName spi_test4, PinName spi_test5,
#endif //TEST_GPIOS_ENABLED
PinName spi_gpio0, PinName spi_gpio1, PinName spi_gpio2,
PinName spi_gpio3);
UnlockedSPI spi;
DigitalOut CS;
DigitalOut SDN;
#ifdef TEST_GPIOS_ENABLED
DigitalOut TEST1;
DigitalOut TEST2;
DigitalOut TEST3;
DigitalOut TEST4;
DigitalOut TEST5;
#endif //TEST_GPIOS_ENABLED
InterruptIn RF_S2LP_GPIO0;
InterruptIn RF_S2LP_GPIO1;
InterruptIn RF_S2LP_GPIO2;
@ -145,21 +135,11 @@ public:
RFPins::RFPins(PinName spi_sdi, PinName spi_sdo,
PinName spi_sclk, PinName spi_cs, PinName spi_sdn,
#ifdef TEST_GPIOS_ENABLED
PinName spi_test1, PinName spi_test2, PinName spi_test3, PinName spi_test4, PinName spi_test5,
#endif //TEST_GPIOS_ENABLED
PinName spi_gpio0, PinName spi_gpio1, PinName spi_gpio2,
PinName spi_gpio3)
: spi(spi_sdi, spi_sdo, spi_sclk),
CS(spi_cs),
SDN(spi_sdn),
#ifdef TEST_GPIOS_ENABLED
TEST1(spi_test1),
TEST2(spi_test2),
TEST3(spi_test3),
TEST4(spi_test4),
TEST5(spi_test5),
#endif //TEST_GPIOS_ENABLED
RF_S2LP_GPIO0(spi_gpio0),
RF_S2LP_GPIO1(spi_gpio1),
RF_S2LP_GPIO2(spi_gpio2),
@ -169,6 +149,25 @@ RFPins::RFPins(PinName spi_sdi, PinName spi_sdo,
irq_thread.start(mbed::callback(this, &RFPins::rf_irq_task));
}
class TestPins_S2LP {
public:
TestPins_S2LP(PinName test_pin_1, PinName test_pin_2, PinName test_pin_3, PinName test_pin_4, PinName test_pin_5);
DigitalOut TEST1;
DigitalOut TEST2;
DigitalOut TEST3;
DigitalOut TEST4;
DigitalOut TEST5;
};
TestPins_S2LP::TestPins_S2LP(PinName test_pin_1, PinName test_pin_2, PinName test_pin_3, PinName test_pin_4, PinName test_pin_5)
: TEST1(test_pin_1),
TEST2(test_pin_2),
TEST3(test_pin_3),
TEST4(test_pin_4),
TEST5(test_pin_5)
{
}
static uint8_t rf_read_register(uint8_t addr);
static s2lp_states_e rf_read_state(void);
static void rf_write_register(uint8_t addr, uint8_t data);
@ -183,6 +182,7 @@ static bool rf_rx_filter(uint8_t *mac_header, uint8_t *mac_64bit_addr, uint8_t *
static void rf_cca_timer_start(uint32_t slots);
static RFPins *rf;
static TestPins_S2LP *test_pins;
static phy_device_driver_s device_driver;
static int8_t rf_radio_driver_id = -1;
static uint8_t *tx_data_ptr;
@ -246,20 +246,20 @@ static void rf_irq_task_process_irq();
#define ACK_SENDING_TIME (uint32_t)(8000000/phy_subghz.datarate)*ACK_FRAME_LENGTH + PACKET_SENDING_EXTRA_TIME
#ifdef TEST_GPIOS_ENABLED
void test1_toggle(void)
static void test1_toggle(void)
{
if (rf->TEST4) {
rf->TEST4 = 0;
if (test_pins->TEST4) {
test_pins->TEST4 = 0;
} else {
rf->TEST4 = 1;
test_pins->TEST4 = 1;
}
}
void test2_toggle(void)
static void test2_toggle(void)
{
if (rf->TEST5) {
rf->TEST5 = 0;
if (test_pins->TEST5) {
test_pins->TEST5 = 0;
} else {
rf->TEST5 = 1;
test_pins->TEST5 = 1;
}
}
#endif //TEST_GPIOS_ENABLED
@ -749,19 +749,18 @@ static int8_t rf_interface_state_control(phy_interface_state_e new_state, uint8_
static void rf_tx_sent_handler(void)
{
TEST_TX_DONE
rf_backup_timer_stop();
rf_disable_interrupt(TX_DATA_SENT);
if (rf_state != RF_TX_ACK) {
tx_finnish_time = rf_get_timestamp();
rf_update_tx_active_time();
TEST_TX_DONE
rf_state = RF_IDLE;
rf_receive(rf_rx_channel);
if (device_driver.phy_tx_done_cb) {
device_driver.phy_tx_done_cb(rf_radio_driver_id, mac_tx_handle, PHY_LINK_TX_SUCCESS, 0, 0);
}
} else {
TEST_ACK_TX_DONE
rf_receive(rf_rx_channel);
}
}
@ -807,6 +806,7 @@ static int rf_cca_check(void)
static void rf_cca_timer_interrupt(void)
{
TEST_CSMA_DONE
int8_t status = device_driver.phy_tx_done_cb(rf_radio_driver_id, mac_tx_handle, PHY_LINK_CCA_PREPARE, 0, 0);
if (status == PHY_TX_NOT_ALLOWED) {
rf_flush_tx_fifo();
@ -851,12 +851,14 @@ static void rf_cca_timer_interrupt(void)
static void rf_cca_timer_stop(void)
{
TEST_CSMA_DONE
rf->cca_timer.detach();
}
static void rf_cca_timer_start(uint32_t slots)
{
rf->cca_timer.attach_us(rf_cca_timer_signal, slots);
TEST_CSMA_STARTED
}
static void rf_backup_timer_interrupt(void)
@ -941,7 +943,7 @@ static void rf_send_ack(uint8_t seq)
rf_write_packet_length(sizeof(ack_frame) + 4);
tx_data_ptr = NULL;
rf_start_tx();
TEST_ACK_TX_STARTED
TEST_TX_STARTED
rf_backup_timer_start(ACK_SENDING_TIME);
if (device_driver.phy_rf_statistics) {
device_driver.phy_rf_statistics->tx_bytes += sizeof(ack_frame);
@ -1278,6 +1280,7 @@ int8_t NanostackRfPhys2lp::rf_register()
}
rf = _rf;
test_pins = _test_pins;
int8_t radio_id = rf_device_register(_mac_addr);
if (radio_id < 0) {
@ -1300,9 +1303,6 @@ void NanostackRfPhys2lp::rf_unregister()
}
NanostackRfPhys2lp::NanostackRfPhys2lp(PinName spi_sdi, PinName spi_sdo, PinName spi_sclk, PinName spi_cs, PinName spi_sdn
#ifdef TEST_GPIOS_ENABLED
,PinName spi_test1, PinName spi_test2, PinName spi_test3, PinName spi_test4, PinName spi_test5
#endif //TEST_GPIOS_ENABLED
,PinName spi_gpio0, PinName spi_gpio1, PinName spi_gpio2, PinName spi_gpio3
#ifdef AT24MAC
,PinName i2c_sda, PinName i2c_scl
@ -1314,16 +1314,12 @@ NanostackRfPhys2lp::NanostackRfPhys2lp(PinName spi_sdi, PinName spi_sdo, PinName
#endif //AT24MAC
_mac_addr(), _rf(NULL), _mac_set(false),
_spi_sdi(spi_sdi), _spi_sdo(spi_sdo), _spi_sclk(spi_sclk), _spi_cs(spi_cs), _spi_sdn(spi_sdn),
#ifdef TEST_GPIOS_ENABLED
_spi_test1(spi_test1), _spi_test2(spi_test2), _spi_test3(spi_test3), _spi_test4(spi_test4), _spi_test5(spi_test5),
#endif //TEST_GPIOS_ENABLED
_spi_gpio0(spi_gpio0), _spi_gpio1(spi_gpio1), _spi_gpio2(spi_gpio2), _spi_gpio3(spi_gpio3)
{
_rf = new RFPins(_spi_sdi, _spi_sdo, _spi_sclk, _spi_cs, _spi_sdn,
_rf = new RFPins(_spi_sdi, _spi_sdo, _spi_sclk, _spi_cs, _spi_sdn, _spi_gpio0, _spi_gpio1, _spi_gpio2, _spi_gpio3);
#ifdef TEST_GPIOS_ENABLED
_spi_test1, _spi_test2, _spi_test3, _spi_test4, _spi_test5,
_test_pins = new TestPins_S2LP(TEST_PIN_TX, TEST_PIN_RX, TEST_PIN_CSMA, TEST_PIN_SPARE_1, TEST_PIN_SPARE_2);
#endif //TEST_GPIOS_ENABLED
_spi_gpio0, _spi_gpio1, _spi_gpio2, _spi_gpio3);
}
NanostackRfPhys2lp::~NanostackRfPhys2lp()
@ -1428,9 +1424,6 @@ static bool rf_rx_filter(uint8_t *mac_header, uint8_t *mac_64bit_addr, uint8_t *
NanostackRfPhy &NanostackRfPhy::get_default_instance()
{
static NanostackRfPhys2lp rf_phy(S2LP_SPI_SDI, S2LP_SPI_SDO, S2LP_SPI_SCLK, S2LP_SPI_CS, S2LP_SPI_SDN
#ifdef TEST_GPIOS_ENABLED
,S2LP_SPI_TEST1, S2LP_SPI_TEST2, S2LP_SPI_TEST3, S2LP_SPI_TEST4, S2LP_SPI_TEST5
#endif //TEST_GPIOS_ENABLED
,S2LP_SPI_GPIO0, S2LP_SPI_GPIO1, S2LP_SPI_GPIO2, S2LP_SPI_GPIO3
#ifdef AT24MAC
,S2LP_I2C_SDA, S2LP_I2C_SCL

74
components/802.15.4_RF/stm-s2lp-rf-driver/stm-s2lp-rf-driver/NanostackRfPhys2lp.h
View File

@ -26,98 +26,96 @@
#include "SPI.h"
// Uncomment to use testing gpios attached to TX/RX processes
//#define TEST_GPIOS_ENABLED
// #define TEST_GPIOS_ENABLED
#if defined(TARGET_MTB_STM_S2LP)
#if !defined(S2LP_SPI_SDI)
#define S2LP_SPI_SDI PA_7
#define S2LP_SPI_SDI PA_7
#endif
#if !defined(S2LP_SPI_SDO)
#define S2LP_SPI_SDO PA_6
#define S2LP_SPI_SDO PA_6
#endif
#if !defined(S2LP_SPI_SCLK)
#define S2LP_SPI_SCLK PA_5
#define S2LP_SPI_SCLK PA_5
#endif
#if !defined(S2LP_SPI_CS)
#define S2LP_SPI_CS PC_0
#define S2LP_SPI_CS PC_0
#endif
#if !defined(S2LP_SPI_SDN)
#define S2LP_SPI_SDN PF_13
#define S2LP_SPI_SDN PF_13
#endif
#if !defined(S2LP_SPI_GPIO0)
#define S2LP_SPI_GPIO0 PA_3
#define S2LP_SPI_GPIO0 PA_3
#endif
#if !defined(S2LP_SPI_GPIO1)
#define S2LP_SPI_GPIO1 PC_3
#define S2LP_SPI_GPIO1 PC_3
#endif
#if !defined(S2LP_SPI_GPIO2)
#define S2LP_SPI_GPIO2 PF_3
#define S2LP_SPI_GPIO2 PF_3
#endif
#if !defined(S2LP_SPI_GPIO3)
#define S2LP_SPI_GPIO3 PF_10
#define S2LP_SPI_GPIO3 PF_10
#endif
#if !defined(S2LP_I2C_SDA)
#define S2LP_I2C_SDA PB_7
#define S2LP_I2C_SDA PB_7
#endif
#if !defined(S2LP_I2C_SCL)
#define S2LP_I2C_SCL PB_6
#define S2LP_I2C_SCL PB_6
#endif
#define AT24MAC
#else
#if !defined(S2LP_SPI_SDI)
#define S2LP_SPI_SDI D11
#define S2LP_SPI_SDI D11
#endif
#if !defined(S2LP_SPI_SDO)
#define S2LP_SPI_SDO D12
#define S2LP_SPI_SDO D12
#endif
#if !defined(S2LP_SPI_SCLK)
#define S2LP_SPI_SCLK D13
#define S2LP_SPI_SCLK D13
#endif
#if !defined(S2LP_SPI_CS)
#define S2LP_SPI_CS A1
#define S2LP_SPI_CS A1
#endif
#if !defined(S2LP_SPI_SDN)
#define S2LP_SPI_SDN D7
#define S2LP_SPI_SDN D7
#endif
#if !defined(S2LP_SPI_TEST1)
#define S2LP_SPI_TEST1 D6
#if !defined(TEST_PIN_TX)
#define TEST_PIN_TX D6
#endif
#if !defined(S2LP_SPI_TEST2)
#define S2LP_SPI_TEST2 D5
#if !defined(TEST_PIN_RX)
#define TEST_PIN_RX D5
#endif
#if !defined(S2LP_SPI_TEST3)
#define S2LP_SPI_TEST3 D4
#if !defined(TEST_PIN_CSMA)
#define TEST_PIN_CSMA D4
#endif
#if !defined(S2LP_SPI_TEST4)
#define S2LP_SPI_TEST4 D2
#if !defined(TEST_PIN_SPARE_1)
#define TEST_PIN_SPARE_1 D2
#endif
#if !defined(S2LP_SPI_TEST5)
#define S2LP_SPI_TEST5 D8
#if !defined(TEST_PIN_SPARE_2)
#define TEST_PIN_SPARE_2 D8
#endif
#if !defined(S2LP_SPI_GPIO0)
#define S2LP_SPI_GPIO0 A0
#define S2LP_SPI_GPIO0 A0
#endif
#if !defined(S2LP_SPI_GPIO1)
#define S2LP_SPI_GPIO1 A2
#define S2LP_SPI_GPIO1 A2
#endif
#if !defined(S2LP_SPI_GPIO2)
#define S2LP_SPI_GPIO2 A3
#define S2LP_SPI_GPIO2 A3
#endif
#if !defined(S2LP_SPI_GPIO3)
#define S2LP_SPI_GPIO3 A5
#define S2LP_SPI_GPIO3 A5
#endif
#endif
#include "at24mac_s2lp.h"
class RFPins;
class TestPins_S2LP;
class NanostackRfPhys2lp : public NanostackRfPhy {
public:
NanostackRfPhys2lp(PinName spi_sdi, PinName spi_sdo, PinName spi_sclk, PinName spi_cs, PinName spi_sdn
#ifdef TEST_GPIOS_ENABLED
,PinName spi_test1, PinName spi_test2, PinName spi_test3, PinName spi_test4, PinName spi_test5
#endif //TEST_GPIOS_ENABLED
,PinName spi_gpio0, PinName spi_gpio1, PinName spi_gpio2, PinName spi_gpio3
#ifdef AT24MAC
,PinName i2c_sda, PinName i2c_scl
@ -135,6 +133,7 @@ private:
#endif //AT24MAC
uint8_t _mac_addr[8];
RFPins *_rf;
TestPins_S2LP *_test_pins;
bool _mac_set;
const PinName _spi_sdi;
@ -142,13 +141,6 @@ private:
const PinName _spi_sclk;
const PinName _spi_cs;
const PinName _spi_sdn;
#ifdef TEST_GPIOS_ENABLED
const PinName _spi_test1;
const PinName _spi_test2;
const PinName _spi_test3;
const PinName _spi_test4;
const PinName _spi_test5;
#endif //TEST_GPIOS_ENABLED
const PinName _spi_gpio0;
const PinName _spi_gpio1;
const PinName _spi_gpio2;

14
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
View File

@ -58,13 +58,13 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
return T_COSE_ERR_NO_KID;
}
crypto_ret = psa_asymmetric_sign(handle,
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
hash_to_sign.ptr,
hash_to_sign.len,
signature_buffer.ptr,
signature_buffer.len,
&(signature->len));
crypto_ret = psa_sign_hash(handle,
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
hash_to_sign.ptr,
hash_to_sign.len,
signature_buffer.ptr,
signature_buffer.len,
&(signature->len));
if (crypto_ret != PSA_SUCCESS)

13
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c
View File

@ -48,21 +48,12 @@ static psa_status_t get_curve(psa_key_type_t type, enum ecc_curve_t *curve_type)
{
psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE(type);
switch (curve) {
case PSA_ECC_CURVE_SECP256R1:
case PSA_ECC_CURVE_SECP_R1:
*curve_type = P_256;
break;
case PSA_ECC_CURVE_SECP384R1:
*curve_type = P_384;
break;
case PSA_ECC_CURVE_SECP521R1:
*curve_type = P_521;
break;
case PSA_ECC_CURVE_CURVE25519:
case PSA_ECC_CURVE_MONTGOMERY:
*curve_type = X25519;
break;
case PSA_ECC_CURVE_CURVE448:
*curve_type = X448;
break;
default:
return (PSA_ERROR_NOT_SUPPORTED);
}

2
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c
View File

@ -942,7 +942,7 @@ error:
/* Limitations of the current implementation:
* - Token is not signed yet properly, just a fake signature is added to the
* token due to lack of psa_asymmetric_sign() implementation in crypto
* token due to lack of psa_sign_hash() implementation in crypto
* service.
*/
enum psa_attest_err_t

4
components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h
View File

@ -87,8 +87,8 @@ typedef enum psa_sec_function_s {
PSA_AEAD_FINISH,
PSA_AEAD_VERIFY,
PSA_AEAD_ABORT,
PSA_ASYMMETRIC_SIGN,
PSA_ASYMMETRIC_VERIFY,
PSA_SIGN_HASH,
PSA_VERIFY_HASH,
PSA_ASYMMETRIC_ENCRYPT,
PSA_ASYMMETRIC_DECRYPT,
PSA_KEY_DERIVATION_SETUP,

30
components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c
View File

@ -1216,16 +1216,16 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
return ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true);
}
psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
psa_status_t psa_sign_hash(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
.func = PSA_ASYMMETRIC_SIGN,
.func = PSA_SIGN_HASH,
.handle = handle,
.alg = alg,
.input_length = 0,
@ -1246,15 +1246,15 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
return (status);
}
psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_size)
psa_status_t psa_verify_hash(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_size)
{
psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
.func = PSA_ASYMMETRIC_VERIFY,
.func = PSA_VERIFY_HASH,
.handle = handle,
.alg = alg,
.input_length = 0,

4
components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h
View File

@ -59,8 +59,8 @@ extern "C" {
#define psa_aead_finish psa_sec_aead_finish
#define psa_aead_verify psa_sec_aead_verify
#define psa_aead_abort psa_sec_aead_abort
#define psa_asymmetric_sign psa_sec_asymmetric_sign
#define psa_asymmetric_verify psa_sec_asymmetric_verify
#define psa_sign_hash psa_sec_sign_hash
#define psa_verify_hash psa_sec_verify_hash
#define psa_asymmetric_encrypt psa_sec_asymmetric_encrypt
#define psa_asymmetric_decrypt psa_sec_asymmetric_decrypt
#define psa_key_derivation_setup psa_sec_key_derivation_setup

16
components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c
View File

@ -989,7 +989,7 @@ static void psa_asymmetric_operation(void)
}
switch (psa_crypto.func) {
case PSA_ASYMMETRIC_SIGN: {
case PSA_SIGN_HASH: {
uint8_t *signature = NULL;
uint8_t *hash = NULL;
size_t signature_length = 0,
@ -1015,9 +1015,9 @@ static void psa_asymmetric_operation(void)
}
if (status == PSA_SUCCESS) {
status = psa_asymmetric_sign(psa_crypto.handle, psa_crypto.alg,
hash, hash_size,
signature, signature_size, &signature_length);
status = psa_sign_hash(psa_crypto.handle, psa_crypto.alg,
hash, hash_size,
signature, signature_size, &signature_length);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, signature, signature_length);
@ -1030,7 +1030,7 @@ static void psa_asymmetric_operation(void)
break;
}
case PSA_ASYMMETRIC_VERIFY: {
case PSA_VERIFY_HASH: {
uint8_t *signature = NULL;
uint8_t *hash = NULL;
size_t signature_size = msg.in_size[1],
@ -1060,9 +1060,9 @@ static void psa_asymmetric_operation(void)
}
if (status == PSA_SUCCESS) {
status = psa_asymmetric_verify(psa_crypto.handle, psa_crypto.alg,
hash, hash_size,
signature, signature_size);
status = psa_verify_hash(psa_crypto.handle, psa_crypto.alg,
hash, hash_size,
signature, signature_size);
}
mbedtls_free(signature);

57
drivers/source/usb/USBMSD.cpp
View File

@ -565,6 +565,14 @@ void USBMSD::_read_next()
void USBMSD::memoryWrite(uint8_t *buf, uint16_t size)
{
// Max sized packets are required to be sent until the transfer is complete
MBED_ASSERT(_block_size % MAX_PACKET == 0);
if ((size != MAX_PACKET) && (size != 0)) {
_stage = ERROR;
endpoint_stall(_bulk_out);
return;
}
if ((_addr + size) > _memory_size) {
size = _memory_size - _addr;
_stage = ERROR;
@ -869,24 +877,26 @@ void USBMSD::memoryRead(void)
n = (_length > MAX_PACKET) ? MAX_PACKET : _length;
if ((_addr + n) > _memory_size) {
n = _memory_size - _addr;
if (_addr > (_memory_size - n)) {
n = _addr < _memory_size ? _memory_size - _addr : 0;
_stage = ERROR;
}
// we read an entire block
if (!(_addr % _block_size)) {
disk_read(_page, _addr / _block_size, 1);
if (n > 0) {
// we read an entire block
if (!(_addr % _block_size)) {
disk_read(_page, _addr / _block_size, 1);
}
// write data which are in RAM
_write_next(&_page[_addr % _block_size], MAX_PACKET);
_addr += n;
_length -= n;
_csw.DataResidue -= n;
}
// write data which are in RAM
_write_next(&_page[_addr % _block_size], MAX_PACKET);
_addr += n;
_length -= n;
_csw.DataResidue -= n;
if (!_length || (_stage != PROCESS_CBW)) {
_csw.Status = (_stage == PROCESS_CBW) ? CSW_PASSED : CSW_FAILED;
_stage = (_stage == PROCESS_CBW) ? SEND_CSW : _stage;
@ -896,30 +906,37 @@ void USBMSD::memoryRead(void)
bool USBMSD::infoTransfer(void)
{
uint32_t n;
uint32_t addr_block;
// Logical Block Address of First Block
n = (_cbw.CB[2] << 24) | (_cbw.CB[3] << 16) | (_cbw.CB[4] << 8) | (_cbw.CB[5] << 0);
addr_block = (_cbw.CB[2] << 24) | (_cbw.CB[3] << 16) | (_cbw.CB[4] << 8) | (_cbw.CB[5] << 0);
_addr = n * _block_size;
_addr = addr_block * _block_size;
if ((addr_block >= _block_count) || (_addr >= _memory_size)) {
_csw.Status = CSW_FAILED;
sendCSW();
return false;
}
uint32_t length_blocks = 0;
// Number of Blocks to transfer
switch (_cbw.CB[0]) {
case READ10:
case WRITE10:
case VERIFY10:
n = (_cbw.CB[7] << 8) | (_cbw.CB[8] << 0);
length_blocks = (_cbw.CB[7] << 8) | (_cbw.CB[8] << 0);
break;
case READ12:
case WRITE12:
n = (_cbw.CB[6] << 24) | (_cbw.CB[7] << 16) | (_cbw.CB[8] << 8) | (_cbw.CB[9] << 0);
length_blocks = (_cbw.CB[6] << 24) | (_cbw.CB[7] << 16) | (_cbw.CB[8] << 8) | (_cbw.CB[9] << 0);
break;
}
_length = n * _block_size;
_length = length_blocks * _block_size;
if (!_cbw.DataLength) { // host requests no data
if (!_cbw.DataLength || !length_blocks || (length_blocks > _block_count - addr_block) || (_length > _memory_size - _addr)) { // host requests no data or wrong length
_csw.Status = CSW_FAILED;
sendCSW();
return false;

2
features/FEATURE_BLE/targets/TARGET_Cypress/COMPONENT_CYW43XXX/firmware/COMPONENT_43012/w_bt_firmware_controller.c
View File

@ -2,6 +2,7 @@
/* labelling: appname-(chipname)(stepping)-frequency-(headset GIT SHA)-(generating SDK version)-
* Wiced-release.hcd */
#ifndef TARGET_CYW9P62S1_43012EVB_01
const char brcm_patch_version[] = "CYW43012C0_003.001.015.0128.0000_Generic_UART_37_4MHz_wlcsp_ref3_sLNA";
const uint8_t brcm_patchram_format = 0x01;
/* Configuration Data Records (Write_RAM) */
@ -4061,3 +4062,4 @@ const uint8_t brcm_patchram_buf[] = {
};
const int brcm_patch_ram_length = sizeof(brcm_patchram_buf);
#endif

4222
features/FEATURE_BLE/targets/TARGET_Cypress/COMPONENT_CYW43XXX/firmware/TARGET_CYW9P62S1_43012EVB_01/w_bt_firmware_controller.c Normal file
View File

File diff suppressed because it is too large Load Diff

121
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP.cpp Executable file
View File

@ -0,0 +1,121 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ALT1250_PPP.h"
#include "ALT1250_PPP_CellularContext.h"
#include "AT_CellularNetwork.h"
#include "ALT1250_PPP_CellularNetwork.h"
#include "CellularLog.h"
#include "rtos/ThisThread.h"
using namespace rtos;
using namespace mbed;
using namespace events;
#define CONNECT_DELIM "\r\n"
#define CONNECT_BUFFER_SIZE (1280 + 80 + 80) // AT response + sscanf format
#define CONNECT_TIMEOUT 8000
#if !defined(MBED_CONF_ALT1250_PPP_RST)
#define MBED_CONF_ALT1250_PPP_RST NC
#endif
static const intptr_t cellular_properties[AT_CellularBase::PROPERTY_MAX] = {
AT_CellularNetwork::RegistrationModeEnable,// C_EREG
AT_CellularNetwork::RegistrationModeDisable, // C_GREG
AT_CellularNetwork::RegistrationModeLAC, // C_REG
1, // AT_CGSN_WITH_TYPE
0, // AT_CGDATA
0, // AT_CGAUTH
1, // AT_CNMI
1, // AT_CSMP
1, // AT_CMGF
1, // AT_CSDH
1, // PROPERTY_IPV4_STACK
0, // PROPERTY_IPV6_STACK
0, // PROPERTY_IPV4V6_STACK
0, // PROPERTY_NON_IP_PDP_TYPE
1, // PROPERTY_AT_CGEREP
};
ALT1250_PPP::ALT1250_PPP(FileHandle *fh, PinName rst, PinDirection pin_dir, PinMode pin_mode, bool value)
: AT_CellularDevice(fh),
_rst(rst, pin_dir, pin_mode, value)
{
AT_CellularBase::set_cellular_properties(cellular_properties);
}
AT_CellularContext *ALT1250_PPP::create_context_impl(ATHandler &at, const char *apn, bool cp_req, bool nonip_req)
{
return new ALT1250_PPP_CellularContext(at, this, apn, cp_req, nonip_req);
}
AT_CellularNetwork *ALT1250_PPP::open_network_impl(ATHandler &at)
{
return new ALT1250_PPP_CellularNetwork(at);
}
nsapi_error_t ALT1250_PPP::soft_power_on()
{
// check if modem is already ready
_at->lock();
_at->flush();
_at->set_at_timeout(30);
_at->cmd_start("AT");
_at->cmd_stop_read_resp();
nsapi_error_t err = _at->get_last_error();
_at->restore_at_timeout();
_at->unlock();
// modem is not responding to AT commands, power it on
if (err != NSAPI_ERROR_OK) {
tr_warn("Modem is not responding to AT commands, reset it");
if (_rst.is_connected()) {
_rst = 0;
ThisThread::sleep_for(100);
_rst = 1;
}
if (_at->sync(2000)) {
tr_warn("Modem is AT ready");
return NSAPI_ERROR_OK;
}
tr_warn("Modem is not AT ready following reset");
return _at->get_last_error();
}
return NSAPI_ERROR_OK;
}
#if MBED_CONF_ALT1250_PPP_PROVIDE_DEFAULT
#if !NSAPI_PPP_AVAILABLE
#error Must define lwip.ppp-enabled
#endif
#include "UARTSerial.h"
CellularDevice *CellularDevice::get_default_instance()
{
static UARTSerial serial(MBED_CONF_ALT1250_PPP_TX, MBED_CONF_ALT1250_PPP_RX, MBED_CONF_ALT1250_PPP_BAUDRATE);
#if defined (MBED_CONF_ALT1250_PPP_RTS) && defined (MBED_CONF_ALT1250_PPP_CTS)
tr_debug("ALT1250_PPP flow control: RTS %d CTS %d", MBED_CONF_ALT1250_PPP_RTS, MBED_CONF_ALT1250_PPP_CTS);
serial.set_flow_control(SerialBase::RTSCTS, MBED_CONF_ALT1250_PPP_RTS, MBED_CONF_ALT1250_PPP_CTS);
#endif
static ALT1250_PPP device(&serial, MBED_CONF_ALT1250_PPP_RST, PIN_OUTPUT, OpenDrainNoPull, 1);
return &device;
}
#endif

48
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP.h Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ALT1250_PPP_H_
#define ALT1250_PPP_H_
#ifdef TARGET_FF_ARDUINO
#ifndef MBED_CONF_ALT1250_PPP_TX
#define MBED_CONF_ALT1250_PPP_TX D1
#endif
#ifndef MBED_CONF_ALT1250_PPP_RX
#define MBED_CONF_ALT1250_PPP_RX D0
#endif
#endif /* TARGET_FF_ARDUINO */
#include "AT_CellularDevice.h"
#include "DigitalInOut.h"
namespace mbed {
class ALT1250_PPP : public AT_CellularDevice {
public:
ALT1250_PPP(FileHandle *fh, PinName rst = NC, PinDirection pin_dir = PIN_OUTPUT, PinMode pin_mode = PullUp, bool value = 1);
protected: // AT_CellularDevice
virtual AT_CellularContext *create_context_impl(ATHandler &at, const char *apn, bool cp_req = false, bool nonip_req = false);
AT_CellularNetwork *open_network_impl(ATHandler &at);
virtual nsapi_error_t soft_power_on();
DigitalInOut _rst;
};
} // namespace mbed
#endif // ALT1250_PPP_H_

44
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP_CellularContext.cpp Normal file
View File

@ -0,0 +1,44 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ALT1250_PPP_CellularContext.h"
namespace mbed {
ALT1250_PPP_CellularContext::ALT1250_PPP_CellularContext(ATHandler &at, CellularDevice *device, const char *apn, bool cp_req, bool nonip_req) :
AT_CellularContext(at, device, apn, cp_req, nonip_req)
{
}
ALT1250_PPP_CellularContext::~ALT1250_PPP_CellularContext()
{
}
nsapi_error_t ALT1250_PPP_CellularContext::do_user_authentication()
{
nsapi_error_t err = NSAPI_ERROR_OK;
if (_pwd && _uname) {
err = _at.at_cmd_discard("%PPPAUTH", "=", "%d%d%s%s", _cid, _authentication_type,
_uname, _pwd);
if (err != NSAPI_ERROR_OK) {
return NSAPI_ERROR_AUTH_FAILURE;
}
}
return err;
}
} /* namespace mbed */

35
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP_CellularContext.h Normal file
View File

@ -0,0 +1,35 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ALT1250_PPP_CELLULARCONTEXT_H_
#define ALT1250_PPP_CELLULARCONTEXT_H_
#include "AT_CellularContext.h"
namespace mbed {
class ALT1250_PPP_CellularContext: public AT_CellularContext {
public:
ALT1250_PPP_CellularContext(ATHandler &at, CellularDevice *device, const char *apn, bool cp_req = false, bool nonip_req = false);
virtual ~ALT1250_PPP_CellularContext();
protected:
virtual nsapi_error_t do_user_authentication();
};
} /* namespace mbed */
#endif // ALT1250_PPP_CELLULARCONTEXT_H_

68
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP_CellularNetwork.cpp Executable file
View File

@ -0,0 +1,68 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ALT1250_PPP_CellularNetwork.h"
#include "CellularLog.h"
using namespace mbed;
ALT1250_PPP_CellularNetwork::ALT1250_PPP_CellularNetwork(ATHandler &atHandler) : AT_CellularNetwork(atHandler)
{
}
ALT1250_PPP_CellularNetwork::~ALT1250_PPP_CellularNetwork()
{
}
nsapi_error_t ALT1250_PPP_CellularNetwork::set_access_technology_impl(RadioAccessTechnology opsAct)
{
_at.lock();
_at.set_at_timeout(10000);
char resp[20];
_at.at_cmd_str("%RATACT", "?", resp, 20);
tr_debug("ALT1250_PPP RAT: %s", resp);
switch (opsAct) {
case RAT_CATM1:
if (memcmp(resp, "CATM", 4)) {
_at.at_cmd_discard("%RATACT", "=\"CATM\"");
}
break;
case RAT_NB1:
if (memcmp(resp, "NBIOT", 5)) {
_at.at_cmd_discard("%RATACT", "=\"NBIOT\"");
}
break;
case RAT_GSM:
case RAT_GSM_COMPACT:
case RAT_UTRAN:
case RAT_EGPRS:
break;
default:
if (memcmp(resp, "DEFAULT", 7)) {
_at.at_cmd_discard("%RATACT", "=\"DEFAULT\"");
}
_at.unlock();
_op_act = RAT_UNKNOWN;
return NSAPI_ERROR_UNSUPPORTED;
}
_at.restore_at_timeout();
return _at.unlock_return_error();
}

36
features/cellular/framework/targets/Altair/ALT1250/PPP/ALT1250_PPP_CellularNetwork.h Executable file
View File

@ -0,0 +1,36 @@
/*
* Copyright (c) 2020, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ALT1250_PPP_CELLULAR_NETWORK_H_
#define ALT1250_PPP_CELLULAR_NETWORK_H_
#include "AT_CellularNetwork.h"
namespace mbed {
class ALT1250_PPP_CellularNetwork : public AT_CellularNetwork {
public:
ALT1250_PPP_CellularNetwork(ATHandler &atHandler);
virtual ~ALT1250_PPP_CellularNetwork();
protected:
virtual nsapi_error_t set_access_technology_impl(RadioAccessTechnology opRat);
};
} // namespace mbed
#endif // ALT1250_PPP_CELLULAR_NETWORK_H_

33
features/cellular/framework/targets/Altair/ALT1250/PPP/mbed_lib.json Normal file
View File

@ -0,0 +1,33 @@
{
"name": "ALT1250_PPP",
"config": {
"tx": {
"help": "TX pin for serial connection. D1 assumed if Arduino Form Factor, needs to be set/overwritten otherwise.",
"value": null
},
"rx": {
"help": "RX pin for serial connection. D0 assumed if Arduino Form Factor, needs to be set/overwritten otherwise.",
"value": null
},
"rts": {
"help": "RTS pin for serial connection",
"value": null
},
"cts": {
"help": "CTS pin for serial connection",
"value": null
},
"rst": {
"help": "Reset control pin",
"value": null
},
"baudrate": {
"help": "Serial connection baud rate",
"value": 115200
},
"provide-default": {
"help": "Provide as default CellularDevice [true/false]",
"value": false
}
}
}

6
features/device_key/TESTS/device_key/functionality/main.cpp
View File

@ -72,10 +72,12 @@ void generate_derived_key_long_consistency_test()
generate_derived_key_consistency_16_byte_key_long_consistency_test(key);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP2);
generate_derived_key_consistency_16_byte_key_long_consistency_test(key);
#ifndef MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
strcpy(key, MSG_KEY_DEVICE_TEST_STEP3);
generate_derived_key_consistency_32_byte_key_long_consistency_test(key);
strcpy(key, MSG_KEY_DEVICE_TEST_STEP4);
generate_derived_key_consistency_32_byte_key_long_consistency_test(key);
#endif
}
@ -476,12 +478,16 @@ Case cases[] = {
Case("Device Key - long consistency test", generate_derived_key_long_consistency_test, greentea_failure_handler),
Case("Device Key - inject value wrong size", device_inject_root_of_trust_wrong_size_test, greentea_failure_handler),
Case("Device Key - inject value 16 byte size", device_inject_root_of_trust_16_byte_size_test, greentea_failure_handler),
#ifndef MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Case("Device Key - inject value 32 byte size", device_inject_root_of_trust_32_byte_size_test, greentea_failure_handler),
#endif
Case("Device Key - inject value several times", device_inject_root_of_trust_several_times_test, greentea_failure_handler),
Case("Device Key - derived key consistency 16 byte key", generate_derived_key_consistency_16_byte_key_test, greentea_failure_handler),
Case("Device Key - derived key consistency 32 byte key", generate_derived_key_consistency_32_byte_key_test, greentea_failure_handler),
Case("Device Key - derived key key type 16", generate_derived_key_key_type_16_test, greentea_failure_handler),
#ifndef MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Case("Device Key - derived key key type 32", generate_derived_key_key_type_32_test, greentea_failure_handler),
#endif
Case("Device Key - derived key wrong key type", generate_derived_key_wrong_key_type_test, greentea_failure_handler)
};

2
features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp
View File

@ -63,7 +63,7 @@ static void psa_attestation_inject_key_for_test(void)
psa_attestation_destroy_key_for_test();
psa_attestation_inject_key(private_key_data,
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1),
exported,
sizeof(exported),
&exported_length);

45
features/lwipstack/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
View File

@ -69,6 +69,7 @@
/* @todo: which includes are really needed? */
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
@ -98,7 +99,19 @@ extern const struct altcp_functions altcp_mbedtls_functions;
struct altcp_tls_config {
mbedtls_ssl_config conf;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context _drbg;
#define DRBG_INIT mbedtls_ctr_drbg_init
#define DRBG_SEED_ERROR "mbedtls_ctr_drbg_seed failed: %d\n"
#define DRBG_RANDOM mbedtls_ctr_drbg_random
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_context _drbg;
#define DRBG_INIT mbedtls_hmac_drbg_init
#define DRBG_SEED_ERROR "mbedtls_hmac_drbg_seed failed: %d\n"
#define DRBG_RANDOM mbedtls_hmac_drbg_random
#else
#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
#endif
mbedtls_x509_crt *cert;
mbedtls_pk_context *pkey;
mbedtls_x509_crt *ca;
@ -599,8 +612,15 @@ altcp_mbedtls_setup(void *conf, struct altcp_pcb *conn, struct altcp_pcb *inner_
altcp_mbedtls_free(conf, state);
return ERR_MEM;
}
// Defines MBEDTLS_SSL_CONF_RECV/SEND/RECV_TIMEOUT define global functions which should be the same for all
// callers of mbedtls_ssl_set_bio_ctx and there should be only one ssl context. If these rules don't apply,
// these defines can't be used.
#if !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
/* tell mbedtls about our I/O functions */
mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);
#else
mbedtls_ssl_set_bio_ctx(&state->ssl_context, conn);
#endif /* !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT) */
altcp_mbedtls_setup_callbacks(conn, inner_conn);
conn->inner_conn = inner_conn;
@ -714,12 +734,24 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
mbedtls_ssl_config_init(&conf->conf);
mbedtls_entropy_init(&conf->entropy);
mbedtls_ctr_drbg_init(&conf->ctr_drbg);
DRBG_INIT(&conf->_drbg);
/* Seed the RNG */
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
#if defined(MBEDTLS_CTR_DRBG_C)
ret = mbedtls_ctr_drbg_seed(&conf->_drbg, ALTCP_MBEDTLS_RNG_FN,
&conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
#elif defined(MBEDTLS_HMAC_DRBG_C)
ret = mbedtls_hmac_drbg_seed(&conf->_drbg, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
ALTCP_MBEDTLS_RNG_FN, &conf->entropy,
ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
#else
#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
#endif
if (ret != 0) {
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ctr_drbg_seed failed: %d\n", ret));
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, (DRBG_SEED_ERROR, ret));
altcp_mbedtls_free_config(conf);
return NULL;
}
@ -734,7 +766,10 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
}
mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &conf->ctr_drbg);
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng(&conf->conf, DRBG_RANDOM, &conf->ctr_drbg);
#endif
#if ALTCP_MBEDTLS_DEBUG != LWIP_DBG_OFF
mbedtls_ssl_conf_dbg(&conf->conf, altcp_mbedtls_debug, stdout);
#endif

2
features/mbedtls/VERSION.txt
View File

@ -1 +1 @@
mbedtls-2.20.0d0
mbedtls-2.21.0

4
features/mbedtls/importer/Makefile
View File

@ -27,8 +27,8 @@
#
# Set the mbed TLS release to import (this can/should be edited before import)
MBED_TLS_RELEASE ?= mbedtls-2.20.0d0
MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git
MBED_TLS_RELEASE ?= mbedtls-2.21.0
MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls.git
# Translate between mbed TLS namespace and mbed namespace
TARGET_PREFIX:=../

24
features/mbedtls/inc/mbedtls/check_config.h
View File

@ -342,6 +342,14 @@
#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS11_C)
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
#elif defined(MBEDTLS_DEPRECATED_WARNING)
#warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
#endif
#endif /* MBEDTLS_PKCS11_C */
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
#endif
@ -769,6 +777,22 @@
#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
#elif defined(MBEDTLS_DEPRECATED_WARNING)
#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
#endif
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
#elif defined(MBEDTLS_DEPRECATED_WARNING)
#warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
#endif
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the

31
features/mbedtls/inc/mbedtls/config.h
View File

@ -249,27 +249,27 @@
/**
* \def MBEDTLS_DEPRECATED_WARNING
*
* Mark deprecated functions so that they generate a warning if used.
* Functions deprecated in one version will usually be removed in the next
* version. You can enable this to help you prepare the transition to a new
* major version by making sure your code is not using these functions.
* Mark deprecated functions and features so that they generate a warning if
* used. Functionality deprecated in one version will usually be removed in the
* next version. You can enable this to help you prepare the transition to a
* new major version by making sure your code is not using this functionality.
*
* This only works with GCC and Clang. With other compilers, you may want to
* use MBEDTLS_DEPRECATED_REMOVED
*
* Uncomment to get warnings on using deprecated functions.
* Uncomment to get warnings on using deprecated functions and features.
*/
//#define MBEDTLS_DEPRECATED_WARNING
/**
* \def MBEDTLS_DEPRECATED_REMOVED
*
* Remove deprecated functions so that they generate an error if used.
* Functions deprecated in one version will usually be removed in the next
* version. You can enable this to help you prepare the transition to a new
* major version by making sure your code is not using these functions.
* Remove deprecated functions and features so that they generate an error if
* used. Functionality deprecated in one version will usually be removed in the
* next version. You can enable this to help you prepare the transition to a
* new major version by making sure your code is not using this functionality.
*
* Uncomment to get errors on using deprecated functions.
* Uncomment to get errors on using deprecated functions and features.
*/
//#define MBEDTLS_DEPRECATED_REMOVED
@ -1587,6 +1587,9 @@
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (MBEDTLS_SSL_SRV_C).
*
* \deprecated This option is deprecated and will be removed in a future
* version of Mbed TLS.
*
* Uncomment this macro to enable support for SSLv2 Client Hello messages.
*/
//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@ -1618,6 +1621,9 @@
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* \deprecated This option is deprecated and will be removed in a future
* version of Mbed TLS.
*
* Comment this macro to disable support for SSL 3.0
*/
//#define MBEDTLS_SSL_PROTO_SSL3
@ -2828,7 +2834,10 @@
/**
* \def MBEDTLS_PKCS11_C
*
* Enable wrapper for PKCS#11 smartcard support.
* Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
*
* \deprecated This option is deprecated and will be removed in a future
* version of Mbed TLS.
*
* Module: library/pkcs11.c
* Caller: library/pk.c

8
features/mbedtls/inc/mbedtls/error.h
View File

@ -52,9 +52,10 @@
* For historical reasons, low-level error codes are divided in even and odd,
* even codes were assigned first, and -1 is reserved for other errors.
*
* Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
* Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
*
* Module Nr Codes assigned
* ERROR 2 0x006E 0x0001
* MPI 7 0x0002-0x0010
* GCM 3 0x0012-0x0014 0x0013-0x0013
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
@ -86,7 +87,7 @@
* CHACHA20 3 0x0051-0x0055
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
* PLATFORM 1 0x0070-0x0072
* PLATFORM 2 0x0070-0x0072
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors
@ -112,6 +113,9 @@
extern "C" {
#endif
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */
/**
* \brief Translate a mbed TLS error code into a string representation,
* Result is truncated if necessary and always includes a terminating

121
features/mbedtls/inc/mbedtls/pkcs11.h
View File

@ -47,6 +47,8 @@
extern "C" {
#endif
#if defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* Context for PKCS #11 private keys.
*/
@ -56,47 +58,71 @@ typedef struct mbedtls_pkcs11_context
int len;
} mbedtls_pkcs11_context;
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/**
* Initialize a mbedtls_pkcs11_context.
* (Just making memory references valid.)
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
*/
void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
/**
* Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
*
* \param cert X.509 certificate to fill
* \param pkcs11h_cert PKCS #11 helper certificate
*
* \return 0 on success.
*/
int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
pkcs11h_certificate_t pkcs11h_cert );
/**
* Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
* mbedtls_pkcs11_context will take over control of the certificate, freeing it when
* done.
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
*
* \param priv_key Private key structure to fill.
* \param pkcs11_cert PKCS #11 helper certificate
*
* \return 0 on success
*/
int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
pkcs11h_certificate_t pkcs11_cert );
MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
mbedtls_pkcs11_context *priv_key,
pkcs11h_certificate_t pkcs11_cert );
/**
* Free the contents of the given private key context. Note that the structure
* itself is not freed.
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
*
* \param priv_key Private key structure to cleanup
*/
void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
mbedtls_pkcs11_context *priv_key );
/**
* \brief Do an RSA private key decrypt, then remove the message
* padding
*
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*
* \param ctx PKCS #11 context
* \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
* \param input buffer holding the encrypted data
@ -110,15 +136,18 @@ void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
/**
* \brief Do a private RSA to sign a message digest
*
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*
* \param ctx PKCS #11 context
* \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
* \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
@ -132,28 +161,58 @@ int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
/**
* SSL/TLS wrappers for PKCS#11 functions
*
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*/
static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
output_max_len );
}
static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
/**
* \brief This function signs a message digest using RSA.
*
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*
* \param ctx The PKCS #11 context.
* \param f_rng The RNG function. This parameter is unused.
* \param p_rng The RNG context. This parameter is unused.
* \param mode The operation to run. This must be set to
* MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's
* signature.
* \param md_alg The message digest algorithm. One of the MBEDTLS_MD_XXX
* must be passed to this function and MBEDTLS_MD_NONE can be
* used for signing raw data.
* \param hashlen The message digest length (for MBEDTLS_MD_NONE only).
* \param hash The buffer holding the message digest.
* \param sig The buffer that will hold the ciphertext.
*
* \return \c 0 if the signing operation was successful.
* \return A non-zero error code on failure.
*
* \note The \p sig buffer must be as large as the size of
* <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
* used.
*/
MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
((void) f_rng);
((void) p_rng);
@ -161,11 +220,25 @@ static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
hashlen, hash, sig );
}
static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
/**
* This function gets the length of the private key.
*
* \deprecated This function is deprecated and will be removed in a future
* version of the library.
*
* \param ctx The PKCS #11 context.
*
* \return The length of the private key.
*/
MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
{
return ( (mbedtls_pkcs11_context *) ctx )->len;
}
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif

45
features/mbedtls/inc/mbedtls/ssl_internal.h
View File

@ -319,7 +319,8 @@ struct mbedtls_ssl_handshake_params
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_ecc_curve_t ecdh_psa_curve;
psa_key_type_t ecdh_psa_type;
uint16_t ecdh_bits;
psa_key_handle_t ecdh_psa_privkey;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
@ -1062,4 +1063,46 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform,
mbedtls_record *rec );
/* Length of the "epoch" field in the record header */
static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
#else
((void) ssl);
#endif
return( 0 );
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
#endif
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#endif /* ssl_internal.h */

10
features/mbedtls/inc/mbedtls/version.h
View File

@ -39,17 +39,17 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 19
#define MBEDTLS_VERSION_PATCH 1
#define MBEDTLS_VERSION_MINOR 21
#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x02130100
#define MBEDTLS_VERSION_STRING "2.19.1"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.1"
#define MBEDTLS_VERSION_NUMBER 0x02150000
#define MBEDTLS_VERSION_STRING "2.21.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0"
#if defined(MBEDTLS_VERSION_C)

2
features/mbedtls/mbed-crypto/VERSION.txt
View File

@ -1 +1 @@
mbedcrypto-2.1.0d0
mbedcrypto-3.1.0

4
features/mbedtls/mbed-crypto/importer/Makefile
View File

@ -29,8 +29,8 @@
# Set the Mbed Crypto release to import (this can/should be edited before
# import)
CRYPTO_RELEASE ?= mbedcrypto-2.1.0d0
CRYPTO_REPO_URL ?= git@github.com:ARMmbed/mbedtls-psa.git
CRYPTO_RELEASE ?= mbedcrypto-3.1.0
CRYPTO_REPO_URL ?= git@github.com:ARMmbed/mbed-crypto.git
# Translate between Mbed Crypto namespace and Mbed OS namespace
TARGET_PREFIX:=..

166
features/mbedtls/mbed-crypto/inc/mbedtls/asn1.h
View File

@ -75,6 +75,7 @@
#define MBEDTLS_ASN1_OCTET_STRING 0x04
#define MBEDTLS_ASN1_NULL 0x05
#define MBEDTLS_ASN1_OID 0x06
#define MBEDTLS_ASN1_ENUMERATED 0x0A
#define MBEDTLS_ASN1_UTF8_STRING 0x0C
#define MBEDTLS_ASN1_SEQUENCE 0x10
#define MBEDTLS_ASN1_SET 0x11
@ -89,6 +90,18 @@
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
( ( tag ) < 32u && ( \
( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
( 1u << MBEDTLS_ASN1_T61_STRING ) | \
( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
@ -119,6 +132,10 @@
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
#ifdef __cplusplus
extern "C" {
#endif
@ -254,13 +271,32 @@ int mbedtls_asn1_get_bool( unsigned char **p,
* a valid ASN.1 INTEGER.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 INTEGER.
*/
int mbedtls_asn1_get_int( unsigned char **p,
const unsigned char *end,
int *val );
/**
* \brief Retrieve an enumerated ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
*
* \param p On entry, \c *p points to the start of the ASN.1 element.
* On successful completion, \c *p points to the first byte
* beyond the ASN.1 element.
* On error, the value of \c *p is undefined.
* \param end End of data.
* \param val On success, the parsed value.
*
* \return 0 if successful.
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 ENUMERATED.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
int mbedtls_asn1_get_enum( unsigned char **p,
const unsigned char *end,
int *val );
/**
* \brief Retrieve a bitstring ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
@ -307,6 +343,9 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p,
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>".
* Updates the pointer to immediately behind the full sequence tag.
*
* This function allocates memory for the sequence elements. You can free
* the allocated memory with mbedtls_asn1_sequence_free().
*
* \note On error, this function may return a partial list in \p cur.
* You must set `cur->next = NULL` before calling this function!
* Otherwise it is impossible to distinguish a previously non-null
@ -340,14 +379,133 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p,
* \return 0 if successful.
* \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
* extra data after a valid SEQUENCE OF \p tag.
* \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
* an ASN.1 SEQUENCE in which an element has a tag that
* is different from \p tag.
* \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
* a valid ASN.1 SEQUENCE.
*/
int mbedtls_asn1_get_sequence_of( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_sequence *cur,
int tag );
/**
* \brief Free a heap-allocated linked list presentation of
* an ASN.1 sequence, including the first element.
*
* There are two common ways to manage the memory used for the representation
* of a parsed ASN.1 sequence:
* - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
* Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
* When you have finished processing the sequence,
* call mbedtls_asn1_sequence_free() on `head`.
* - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
* for example on the stack. Make sure that `head->next == NULL`.
* Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
* When you have finished processing the sequence,
* call mbedtls_asn1_sequence_free() on `head->cur`,
* then free `head` itself in the appropriate manner.
*
* \param seq The address of the first sequence component. This may
* be \c NULL, in which case this functions returns
* immediately.
*/
void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
/**
* \brief Traverse an ASN.1 SEQUENCE container and
* call a callback for each entry.
*
* This function checks that the input is a SEQUENCE of elements that
* each have a "must" tag, and calls a callback function on the elements
* that have a "may" tag.
*
* For example, to validate that the input is a SEQUENCE of `tag1` and call
* `cb` on each element, use
* ```
* mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
* ```
*
* To validate that the input is a SEQUENCE of ANY and call `cb` on
* each element, use
* ```
* mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
* ```
*
* To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
* and call `cb` on each element that is an OCTET STRING, use
* ```
* mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
* ```
*
* The callback is called on the elements with a "may" tag from left to
* right. If the input is not a valid SEQUENCE of elements with a "must" tag,
* the callback is called on the elements up to the leftmost point where
* the input is invalid.
*
* \warning This function is still experimental and may change
* at any time.
*
* \param p The address of the pointer to the beginning of
* the ASN.1 SEQUENCE header. This is updated to
* point to the end of the ASN.1 SEQUENCE container
* on a successful invocation.
* \param end The end of the ASN.1 SEQUENCE container.
* \param tag_must_mask A mask to be applied to the ASN.1 tags found within
* the SEQUENCE before comparing to \p tag_must_value.
* \param tag_must_val The required value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_must_mask.
* Mismatching tags lead to an error.
* For example, a value of \c 0 for both \p tag_must_mask
* and \p tag_must_val means that every tag is allowed,
* while a value of \c 0xFF for \p tag_must_mask means
* that \p tag_must_val is the only allowed tag.
* \param tag_may_mask A mask to be applied to the ASN.1 tags found within
* the SEQUENCE before comparing to \p tag_may_value.
* \param tag_may_val The desired value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_may_mask.
* Mismatching tags will be silently ignored.
* For example, a value of \c 0 for \p tag_may_mask and
* \p tag_may_val means that any tag will be considered,
* while a value of \c 0xFF for \p tag_may_mask means
* that all tags with value different from \p tag_may_val
* will be ignored.
* \param cb The callback to trigger for each component
* in the ASN.1 SEQUENCE that matches \p tag_may_val.
* The callback function is called with the following
* parameters:
* - \p ctx.
* - The tag of the current element.
* - A pointer to the start of the current element's
* content inside the input.
* - The length of the content of the current element.
* If the callback returns a non-zero value,
* the function stops immediately,
* forwarding the callback's return value.
* \param ctx The context to be passed to the callback \p cb.
*
* \return \c 0 if successful the entire ASN.1 SEQUENCE
* was traversed without parsing or callback errors.
* \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
* contains extra data after a valid SEQUENCE
* of elements with an accepted tag.
* \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
* with an ASN.1 SEQUENCE in which an element has a tag
* that is not accepted.
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 SEQUENCE.
* \return A non-zero error code forwarded from the callback
* \p cb in case the latter returns a non-zero value.
*/
int mbedtls_asn1_traverse_sequence_of(
unsigned char **p,
const unsigned char *end,
unsigned char tag_must_mask, unsigned char tag_must_val,
unsigned char tag_may_mask, unsigned char tag_may_val,
int (*cb)( void *ctx, int tag,
unsigned char* start, size_t len ),
void *ctx );
#if defined(MBEDTLS_BIGNUM_C)
/**
@ -367,8 +525,6 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
* \return An MPI error code if the parsed value is too large.
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 INTEGER.
*/
int mbedtls_asn1_get_mpi( unsigned char **p,
const unsigned char *end,

15
features/mbedtls/mbed-crypto/inc/mbedtls/asn1write.h
View File

@ -192,6 +192,21 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
*/
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
/**
* \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
* in ASN.1 format.
*
* \note This function works backwards in data buffer.
*
* \param p The reference to the current position pointer.
* \param start The start of the buffer, for bounds-checking.
* \param val The integer value to write.
*
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
/**
* \brief Write a string in ASN.1 format using a specific
* string encoding tag.

20
features/mbedtls/mbed-crypto/inc/mbedtls/bignum.h
View File

@ -185,7 +185,7 @@ extern "C" {
*/
typedef struct mbedtls_mpi
{
int s; /*!< integer sign */
int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t n; /*!< total # of limbs */
mbedtls_mpi_uint *p; /*!< pointer to limbs */
}
@ -594,6 +594,24 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
*/
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
/**
* \brief Check if an MPI is less than the other in constant time.
*
* \param X The left-hand MPI. This must point to an initialized MPI
* with the same allocated length as Y.
* \param Y The right-hand MPI. This must point to an initialized MPI
* with the same allocated length as X.
* \param ret The result of the comparison:
* \c 1 if \p X is less than \p Y.
* \c 0 if \p X is greater than or equal to \p Y.
*
* \return 0 on success.
* \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
* the two input MPIs is not the same.
*/
int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
unsigned *ret );
/**
* \brief Compare an MPI with an integer.
*

187
features/mbedtls/mbed-crypto/inc/mbedtls/ctr_drbg.h
View File

@ -12,30 +12,14 @@
* The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
* (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
* as the underlying block cipher, with a derivation function.
* The initial seeding grabs #MBEDTLS_CTR_DRBG_ENTROPY_LEN bytes of entropy.
* See the documentation of mbedtls_ctr_drbg_seed() for more details.
*
* Based on NIST SP 800-90A §10.2.1 table 3 and NIST SP 800-57 part 1 table 2,
* here are the security strengths achieved in typical configuration:
* - 256 bits under the default configuration of the library, with AES-256
* and with #MBEDTLS_CTR_DRBG_ENTROPY_LEN set to 48 or more.
* - 256 bits if AES-256 is used, #MBEDTLS_CTR_DRBG_ENTROPY_LEN is set
* to 32 or more, and the DRBG is initialized with an explicit
* nonce in the \c custom parameter to mbedtls_ctr_drbg_seed().
* - 128 bits if AES-256 is used but #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
* between 24 and 47 and the DRBG is not initialized with an explicit
* nonce (see mbedtls_ctr_drbg_seed()).
* - 128 bits if AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and #MBEDTLS_CTR_DRBG_ENTROPY_LEN is set to 24 or more (which is
* always the case unless it is explicitly set to a different value
* in config.h).
*
* Note that the value of #MBEDTLS_CTR_DRBG_ENTROPY_LEN defaults to:
* - \c 48 if the module \c MBEDTLS_SHA512_C is enabled and the symbol
* \c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled at compile time.
* This is the default configuration of the library.
* - \c 32 if the module \c MBEDTLS_SHA512_C is disabled at compile time.
* - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
* The security strength as defined in NIST SP 800-90A is
* 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
* kept at its default value (and not overridden in config.h) and that the
* DRBG instance is set up with default parameters.
* See the documentation of mbedtls_ctr_drbg_seed() for more
* information.
*/
/*
* Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
@ -163,20 +147,49 @@
extern "C" {
#endif
#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
/** The default length of the nonce read from the entropy source.
*
* This is \c 0 because a single read from the entropy source is sufficient
* to include a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
#else
/** The default length of the nonce read from the entropy source.
*
* This is half of the default entropy length because a single read from
* the entropy source does not provide enough material to form a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
#endif
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter. */
int reseed_counter; /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
* Before the initial seeding, this field
* contains the amount of entropy in bytes
* to use as a nonce for the initial seeding,
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
int prediction_resistance; /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
size_t entropy_len; /*!< The amount of entropy grabbed on each
seed or reseed operation. */
int reseed_interval; /*!< The reseed interval. */
seed or reseed operation, in bytes. */
int reseed_interval; /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
mbedtls_aes_context aes_ctx; /*!< The AES context. */
@ -214,47 +227,71 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* with mbedtls_entropy_init() (which registers the platform's default
* entropy sources).
*
* \p f_entropy is always called with a buffer size equal to the entropy
* length. The entropy length is initially #MBEDTLS_CTR_DRBG_ENTROPY_LEN
* and this value is always used for the initial seeding. You can change
* the entropy length for subsequent seeding by calling
* mbedtls_ctr_drbg_set_entropy_len() after this function.
* The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
* You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
*
* You can provide a personalization string in addition to the
* The entropy nonce length is:
* - \c 0 if the entropy length is at least 3/2 times the entropy length,
* which guarantees that the security strength is the maximum permitted
* by the key size and entropy length according to NIST SP 800-90A §10.2.1;
* - Half the entropy length otherwise.
* You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
* With the default entropy length, the entropy nonce length is
* #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
*
* You can provide a nonce and personalization string in addition to the
* entropy source, to make this instantiation as unique as possible.
* See SP 800-90A §8.6.7 for more details about nonces.
*
* \note The _seed_material_ value passed to the derivation
* function in the CTR_DRBG Instantiate Process
* described in NIST SP 800-90A §10.2.1.3.2
* is the concatenation of the string obtained from
* calling \p f_entropy and the \p custom string.
* The origin of the nonce depends on the value of
* the entropy length relative to the security strength.
* - If the entropy length is at least 1.5 times the
* security strength then the nonce is taken from the
* string obtained with \p f_entropy.
* - If the entropy length is less than the security
* strength, then the nonce is taken from \p custom.
* In this case, for compliance with SP 800-90A,
* you must pass a unique value of \p custom at
* each invocation. See SP 800-90A §8.6.7 for more
* details.
* The _seed_material_ value passed to the derivation function in
* the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
* is the concatenation of the following strings:
* - A string obtained by calling \p f_entropy function for the entropy
* length.
*/
#if MBEDTLS_CTR_DRBG_ENTROPY_LEN < MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
/** \warning When #MBEDTLS_CTR_DRBG_ENTROPY_LEN is less than
* #MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2, to achieve the
* maximum security strength permitted by CTR_DRBG,
* you must pass a value of \p custom that is a nonce:
* this value must never be repeated in subsequent
* runs of the same application or on a different
* device.
#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
/**
* - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
* obtained by calling \p f_entropy function for the specified length.
*/
#else
/**
* - A string obtained by calling \p f_entropy function for the entropy nonce
* length. If the entropy nonce length is \c 0, this function does not
* make a second call to \p f_entropy.
*/
#endif
/**
* - The \p custom string.
*
* \note To achieve the nominal security strength permitted
* by CTR_DRBG, the entropy length must be:
* - at least 16 bytes for a 128-bit strength
* (maximum achievable strength when using AES-128);
* - at least 32 bytes for a 256-bit strength
* (maximum achievable strength when using AES-256).
*
* In addition, if you do not pass a nonce in \p custom,
* the sum of the entropy length
* and the entropy nonce length must be:
* - at least 24 bytes for a 128-bit strength
* (maximum achievable strength when using AES-128);
* - at least 48 bytes for a 256-bit strength
* (maximum achievable strength when using AES-256).
*
* \param ctx The CTR_DRBG context to seed.
* It must have been initialized with
* mbedtls_ctr_drbg_init().
* After a successful call to mbedtls_ctr_drbg_seed(),
* you may not call mbedtls_ctr_drbg_seed() again on
* the same context unless you call
* mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
* again first.
* \param f_entropy The entropy callback, taking as arguments the
* \p p_entropy context, the buffer to fill, and the
* length of the buffer.
* \p f_entropy is always called with a buffer size
* less than or equal to the entropy length.
* \param p_entropy The entropy context to pass to \p f_entropy.
* \param custom The personalization string.
* This can be \c NULL, in which case the personalization
@ -298,15 +335,10 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
/**
* \brief This function sets the amount of entropy grabbed on each
* subsequent reseed.
* seed or reseed.
*
* The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
*
* \note mbedtls_ctr_drbg_seed() always sets the entropy length
* to #MBEDTLS_CTR_DRBG_ENTROPY_LEN, so this function
* only has an effect when it is called after
* mbedtls_ctr_drbg_seed().
*
* \note The security strength of CTR_DRBG is bounded by the
* entropy length. Thus:
* - When using AES-256
@ -321,11 +353,35 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
*
* \param ctx The CTR_DRBG context.
* \param len The amount of entropy to grab, in bytes.
* This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
* and at most the maximum length accepted by the
* entropy function that is set in the context.
*/
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
size_t len );
/**
* \brief This function sets the amount of entropy grabbed
* as a nonce for the initial seeding.
*
* Call this function before calling mbedtls_ctr_drbg_seed() to read
* a nonce from the entropy source during the initial seeding.
*
* \param ctx The CTR_DRBG context.
* \param len The amount of entropy to grab for the nonce, in bytes.
* This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
* and at most the maximum length accepted by the
* entropy function that is set in the context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
* more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
* if the initial seeding has already taken place.
*/
int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
size_t len );
/**
* \brief This function sets the reseed interval.
*
@ -499,11 +555,6 @@ int mbedtls_ctr_drbg_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
/* Internal functions (do not call directly) */
int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
int (*)(void *, unsigned char *, size_t), void *,
const unsigned char *, size_t, size_t );
#ifdef __cplusplus
}
#endif

19
features/mbedtls/mbed-crypto/inc/mbedtls/hmac_drbg.h
View File

@ -139,13 +139,11 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* Note that SHA-256 is just as efficient as SHA-224.
* The security strength can be reduced if a smaller
* entropy length is set with
* mbedtls_hmac_drbg_set_entropy_len() afterwards.
* mbedtls_hmac_drbg_set_entropy_len().
*
* \note The entropy length for the initial seeding is
* the security strength (converted from bits to bytes).
* You can set a different entropy length for subsequent
* seeding by calling mbedtls_hmac_drbg_set_entropy_len()
* after this function.
* \note The default entropy length is the security strength
* (converted from bits to bytes). You can override
* it by calling mbedtls_hmac_drbg_set_entropy_len().
*
* \note During the initial seeding, this function calls
* the entropy source to obtain a nonce
@ -224,14 +222,9 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx
/**
* \brief This function sets the amount of entropy grabbed on each
* reseed.
* seed or reseed.
*
* The default value is set by mbedtls_hmac_drbg_seed().
*
* \note mbedtls_hmac_drbg_seed() always sets the entropy length
* to the default value based on the chosen MD algorithm,
* so this function only has an effect if it is called
* after mbedtls_hmac_drbg_seed().
* See the documentation of mbedtls_hmac_drbg_seed() for the default value.
*
* \param ctx The HMAC_DRBG context.
* \param len The amount of entropy to grab, in bytes.

2
features/mbedtls/mbed-crypto/inc/mbedtls/md_internal.h
View File

@ -79,7 +79,9 @@ extern const mbedtls_md_info_t mbedtls_sha224_info;
extern const mbedtls_md_info_t mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
extern const mbedtls_md_info_t mbedtls_sha384_info;
#endif
extern const mbedtls_md_info_t mbedtls_sha512_info;
#endif

76
features/mbedtls/mbed-crypto/inc/mbedtls/pk.h
View File

@ -101,6 +101,58 @@ typedef struct mbedtls_pk_rsassa_pss_options
} mbedtls_pk_rsassa_pss_options;
/**
* \brief Maximum size of a signature made by mbedtls_pk_sign().
*/
/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
* size among the supported signature types. Do it by starting at 0,
* then incrementally increasing to be large enough for each supported
* signature mechanism.
*
* The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
* (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
* nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
*/
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For RSA, the signature can be as large as the bignum module allows.
* For RSA_ALT, the signature size is not necessarily tied to what the
* bignum module can do, but in the absence of any specific setting,
* we use that (rsa_alt_sign_wrap in pk_wrap will check). */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
#if defined(MBEDTLS_ECDSA_C) && \
MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For ECDSA, the ecdsa module exports a constant for the maximum
* signature size. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
* through the PSA API in the PSA representation. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
#endif
#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* The Mbed TLS representation is different for ECDSA signatures:
* PSA uses the raw concatenation of r and s,
* whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
* Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
* types, lengths (represented by up to 2 bytes), and potential leading
* zeros of the INTEGERs and the SEQUENCE. */
#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
#endif
#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
/**
* \brief Types for interfacing with the debug module
*/
@ -442,8 +494,13 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
* \param sig Place to write the signature
* \param sig_len Number of bytes written
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
* You may use a smaller buffer if it is large enough
* given the key type.
* \param sig_len On successful return,
* the number of bytes written to \p sig.
* \param f_rng RNG function
* \param p_rng RNG parameter
*
@ -474,16 +531,21 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
*
* \param ctx The PK context to use. It must have been set up
* with a private key.
* \param md_alg Hash algorithm used (see notes)
* \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
* \param sig Place to write the signature
* \param sig_len Number of bytes written
* \param hash_len Hash length or 0 (see notes for mbedtls_pk_sign())
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
* You may use a smaller buffer if it is large enough
* given the key type.
* \param sig_len On successful return,
* the number of bytes written to \p sig.
* \param f_rng RNG function
* \param p_rng RNG parameter
* \param rs_ctx Restart context (NULL to disable restart)
*
* \return See \c mbedtls_pk_sign(), or
* \return See \c mbedtls_pk_sign().
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/

210
features/mbedtls/mbed-crypto/inc/mbedtls/psa_util.h
View File

@ -160,79 +160,96 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg
/* Translations for ECC. */
static inline int mbedtls_psa_get_ecc_oid_from_id(
psa_ecc_curve_t curve, char const **oid, size_t *oid_len )
psa_ecc_curve_t curve, size_t bits,
char const **oid, size_t *oid_len )
{
switch( curve )
{
case PSA_ECC_CURVE_SECP_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case PSA_ECC_CURVE_SECP192R1:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
return( 0 );
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case PSA_ECC_CURVE_SECP224R1:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
return( 0 );
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case PSA_ECC_CURVE_SECP256R1:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
return( 0 );
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case PSA_ECC_CURVE_SECP384R1:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
return( 0 );
case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case PSA_ECC_CURVE_SECP521R1:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
return( 0 );
case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_CURVE_SECP_K1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case PSA_ECC_CURVE_SECP192K1:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
return( 0 );
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case PSA_ECC_CURVE_SECP224K1:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
return( 0 );
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case PSA_ECC_CURVE_SECP256K1:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
return( 0 );
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_CURVE_BRAINPOOL_P_R1:
switch( bits )
{
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P256R1:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
return( 0 );
case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P384R1:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
return( 0 );
case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case PSA_ECC_CURVE_BRAINPOOL_P512R1:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
return( 0 );
case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
}
return( -1 );
(void) oid;
(void) oid_len;
return( -1 );
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
@ -315,85 +332,6 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
{
switch( grpid )
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
return( PSA_ECC_CURVE_SECP192R1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
return( PSA_ECC_CURVE_SECP224R1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
return( PSA_ECC_CURVE_SECP256R1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
return( PSA_ECC_CURVE_SECP384R1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
return( PSA_ECC_CURVE_SECP521R1 );
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
return( PSA_ECC_CURVE_CURVE25519 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
return( PSA_ECC_CURVE_SECP192K1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
return( PSA_ECC_CURVE_SECP224K1 );
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
return( PSA_ECC_CURVE_SECP256K1 );
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
return( PSA_ECC_CURVE_CURVE448 );
#endif
default:
return( 0 );
}
}
#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \
( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \
curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \
curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \
curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \
curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \
curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \
curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \
curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \
curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
0 )
#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \
( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 )
/* Translations for PK layer */
static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
@ -427,13 +365,18 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* into a PSA ECC group identifier. */
static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
uint16_t tls_ecc_grp_reg_id )
#if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
uint16_t tls_ecc_grp_reg_id, size_t *bits )
{
/* The PSA identifiers are currently aligned with those from
* the TLS Supported Groups registry, so no conversion is necessary. */
return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
}
#endif /* MBEDTLS_ECP_C */
/* This function takes a buffer holding an EC public key
* exported through psa_export_public_key(), and converts
@ -460,15 +403,12 @@ static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
* exchanges) and converts it into a format that the PSA key
* agreement API understands.
*/
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,
unsigned char const *src,
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
size_t srclen,
unsigned char *dst,
size_t dstlen,
size_t *olen )
{
((void) curve);
if( srclen > dstlen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );

9
features/mbedtls/mbed-crypto/inc/mbedtls/rsa.h
View File

@ -907,7 +907,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
* for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -954,7 +955,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
* for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -1015,7 +1017,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
* for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.

18
features/mbedtls/mbed-crypto/inc/mbedtls/sha512.h
View File

@ -59,8 +59,10 @@ typedef struct mbedtls_sha512_context
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
#if !defined(MBEDTLS_SHA512_NO_SHA384)
int is384; /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;
@ -101,7 +103,11 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
*
* \param ctx The SHA-512 context to use. This must be initialized.
* \param is384 Determines which function to use. This must be
* either \c for SHA-512, or \c 1 for SHA-384.
* either \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@ -169,6 +175,9 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* \param ctx The SHA-512 context to use. This must be initialized.
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512 or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 );
@ -239,6 +248,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
@ -273,6 +286,9 @@ int mbedtls_sha512_ret( const unsigned char *input,
* be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
* be \c 0, or the function will fail to work.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
size_t ilen,

40
features/mbedtls/mbed-crypto/inc/psa/crypto.h
View File

@ -932,7 +932,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *hash,
const size_t hash_length);
size_t hash_length);
/** The type of the state data structure for multipart hash operations.
*
@ -1300,7 +1300,7 @@ psa_status_t psa_mac_verify(psa_key_handle_t handle,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
const size_t mac_length);
size_t mac_length);
/** The type of the state data structure for multipart MAC operations.
*
@ -2879,7 +2879,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p signature buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p handle.
* \retval #PSA_ERROR_NOT_SUPPORTED
@ -2895,13 +2895,13 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
psa_status_t psa_sign_hash(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public key.
@ -2941,12 +2941,12 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length);
psa_status_t psa_verify_hash(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length);
/**
* \brief Encrypt a short message with a public key.
@ -3502,10 +3502,10 @@ psa_status_t psa_key_derivation_output_bytes(
* length is determined by the curve, and sets the mandatory bits
* accordingly. That is:
*
* - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
* and process it as specified in RFC 7748 &sect;5.
* - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
* and process it as specified in RFC 7748 &sect;5.
* - Curve25519 (#PSA_ECC_CURVE_MONTGOMERY, 255 bits): draw a 32-byte
* string and process it as specified in RFC 7748 &sect;5.
* - Curve448 (#PSA_ECC_CURVE_MONTGOMERY, 448 bits): draw a 56-byte
* string and process it as specified in RFC 7748 &sect;5.
*
* - For key types for which the key is represented by a single sequence of
* \p bits bits with constraints as to which bit sequences are acceptable,

196
features/mbedtls/mbed-crypto/inc/psa/crypto_compat.h Normal file
View File

@ -0,0 +1,196 @@
/**
* \file psa/crypto_compat.h
*
* \brief PSA cryptography module: Backward compatibility aliases
*
* This header declares alternative names for macro and functions.
* New application code should not use these names.
* These names may be removed in a future version of Mbed Crypto.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*/
/*
* Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef PSA_CRYPTO_COMPAT_H
#define PSA_CRYPTO_COMPAT_H
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Mechanism for declaring deprecated values
*/
#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED)
#define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_PSA_DEPRECATED
#endif
typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
typedef MBEDTLS_PSA_DEPRECATED psa_ecc_curve_t mbedtls_deprecated_psa_ecc_curve_t;
typedef MBEDTLS_PSA_DEPRECATED psa_dh_group_t mbedtls_deprecated_psa_dh_group_t;
#define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \
( (mbedtls_deprecated_##type) ( value ) )
/*
* Deprecated PSA Crypto error code definitions (PSA Crypto API <= 1.0 beta2)
*/
#define PSA_ERROR_UNKNOWN_ERROR \
MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
#define PSA_ERROR_OCCUPIED_SLOT \
MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
#define PSA_ERROR_EMPTY_SLOT \
MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
#define PSA_ERROR_TAMPERING_DETECTED \
MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
/*
* Deprecated PSA Crypto numerical encodings (PSA Crypto API <= 1.0 beta3)
*/
#define PSA_KEY_USAGE_SIGN \
MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
#define PSA_KEY_USAGE_VERIFY \
MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
/*
* Deprecated PSA Crypto size calculation macros (PSA Crypto API <= 1.0 beta3)
*/
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
/*
* Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3)
*/
MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length )
{
return psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length );
}
MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length )
{
return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length );
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/*
* Size-specific elliptic curve and Diffie-Hellman group names
*/
#define PSA_ECC_CURVE_SECP160K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
#define PSA_ECC_CURVE_SECP192K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
#define PSA_ECC_CURVE_SECP224K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
#define PSA_ECC_CURVE_SECP256K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
#define PSA_ECC_CURVE_SECP160R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP192R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP224R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP256R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP384R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP521R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
#define PSA_ECC_CURVE_SECP160R2 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R2 )
#define PSA_ECC_CURVE_SECT163K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT233K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT239K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT283K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT409K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT571K1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
#define PSA_ECC_CURVE_SECT163R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT193R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT233R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT283R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT409R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT571R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
#define PSA_ECC_CURVE_SECT163R2 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 )
#define PSA_ECC_CURVE_SECT193R2 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 )
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
#define PSA_ECC_CURVE_CURVE25519 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY )
#define PSA_ECC_CURVE_CURVE448 \
MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY )
#define PSA_DH_GROUP_FFDHE2048 \
MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
#define PSA_DH_GROUP_FFDHE3072 \
MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
#define PSA_DH_GROUP_FFDHE4096 \
MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
#define PSA_DH_GROUP_FFDHE6144 \
MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
#define PSA_DH_GROUP_FFDHE8192 \
MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTO_COMPAT_H */

71
features/mbedtls/mbed-crypto/inc/psa/crypto_extra.h
View File

@ -32,6 +32,8 @@
#include "mbedtls/platform_util.h"
#include "crypto_compat.h"
#ifdef __cplusplus
extern "C" {
#endif
@ -39,21 +41,6 @@ extern "C" {
/* UID for secure storage seed */
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
/*
* Deprecated PSA Crypto error code definitions
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_UNKNOWN_ERROR \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
#define PSA_ERROR_OCCUPIED_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
#define PSA_ERROR_EMPTY_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
#define PSA_ERROR_TAMPERING_DETECTED \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED )
#endif
/** \addtogroup attributes
* @{
@ -342,7 +329,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
*/
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
/** DSA key pair (private and public key).
*
@ -360,7 +347,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* Add 1 to the resulting integer and use this as the private key *x*.
*
*/
#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x70020000)
#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
/** Whether a key type is an DSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_DSA(type) \
@ -384,7 +371,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
#define PSA_ALG_DSA(hash_alg) \
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
/** Deterministic DSA signature with hashing.
*
* This is the deterministic variant defined by RFC 6979 of
@ -431,9 +418,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes
* from domain parameters set by psa_set_key_domain_parameters().
*/
/* This value is a deprecated value meaning an explicit curve in the IANA
* registry. */
#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0xff01)
#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0x7e)
/**
@ -573,6 +558,50 @@ psa_status_t psa_get_key_domain_parameters(
/**@}*/
/** \defgroup psa_tls_helpers TLS helper functions
* @{
*/
#if defined(MBEDTLS_ECP_C)
#include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
* \param grpid An Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
* \param[out] bits On success, the bit size of the curve.
*
* \return The corresponding PSA elliptic curve identifier
* (`PSA_ECC_CURVE_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
size_t *bits );
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
* \param curve A PSA elliptic curve identifier
* (`PSA_ECC_CURVE_xxx`).
* \param byte_length The byte-length of a private key on \p curve.
*
* \return The corresponding Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
* \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
* \return #MBEDTLS_ECP_DP_NONE if \p byte_length is not
* correct for \p curve.
*/
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
size_t byte_length );
#endif /* MBEDTLS_ECP_C */
/**@}*/
#ifdef __cplusplus
}
#endif

80
features/mbedtls/mbed-crypto/inc/psa/crypto_sizes.h
View File

@ -190,47 +190,6 @@
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
#endif
/** Bit size associated with an elliptic curve.
*
* \param curve An elliptic curve (value of type #psa_ecc_curve_t).
*
* \return The size associated with \p curve, in bits.
* This may be 0 if the implementation does not support
* the specified curve.
*/
#define PSA_ECC_CURVE_BITS(curve) \
((curve) == PSA_ECC_CURVE_SECT163K1 ? 163 : \
(curve) == PSA_ECC_CURVE_SECT163R1 ? 163 : \
(curve) == PSA_ECC_CURVE_SECT163R2 ? 163 : \
(curve) == PSA_ECC_CURVE_SECT193R1 ? 193 : \
(curve) == PSA_ECC_CURVE_SECT193R2 ? 193 : \
(curve) == PSA_ECC_CURVE_SECT233K1 ? 233 : \
(curve) == PSA_ECC_CURVE_SECT233R1 ? 233 : \
(curve) == PSA_ECC_CURVE_SECT239K1 ? 239 : \
(curve) == PSA_ECC_CURVE_SECT283K1 ? 283 : \
(curve) == PSA_ECC_CURVE_SECT283R1 ? 283 : \
(curve) == PSA_ECC_CURVE_SECT409K1 ? 409 : \
(curve) == PSA_ECC_CURVE_SECT409R1 ? 409 : \
(curve) == PSA_ECC_CURVE_SECT571K1 ? 571 : \
(curve) == PSA_ECC_CURVE_SECT571R1 ? 571 : \
(curve) == PSA_ECC_CURVE_SECP160K1 ? 160 : \
(curve) == PSA_ECC_CURVE_SECP160R1 ? 160 : \
(curve) == PSA_ECC_CURVE_SECP160R2 ? 160 : \
(curve) == PSA_ECC_CURVE_SECP192K1 ? 192 : \
(curve) == PSA_ECC_CURVE_SECP192R1 ? 192 : \
(curve) == PSA_ECC_CURVE_SECP224K1 ? 224 : \
(curve) == PSA_ECC_CURVE_SECP224R1 ? 224 : \
(curve) == PSA_ECC_CURVE_SECP256K1 ? 256 : \
(curve) == PSA_ECC_CURVE_SECP256R1 ? 256 : \
(curve) == PSA_ECC_CURVE_SECP384R1 ? 384 : \
(curve) == PSA_ECC_CURVE_SECP521R1 ? 521 : \
(curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
(curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
(curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
(curve) == PSA_ECC_CURVE_CURVE25519 ? 255 : \
(curve) == PSA_ECC_CURVE_CURVE448 ? 448 : \
0)
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
*
* This macro returns the maximum length of the PSK supported
@ -247,21 +206,6 @@
*/
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
*
* Maximum size of an asymmetric signature.
*
* This macro must expand to a compile-time constant integer. This value
* should be the maximum size of a MAC supported by the implementation,
* in bytes, and must be no smaller than this maximum.
*/
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
PSA_BITS_TO_BYTES( \
PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
PSA_VENDOR_RSA_MAX_KEY_BITS : \
PSA_VENDOR_ECC_MAX_CURVE_BITS \
)
/** The maximum size of a block cipher supported by the implementation. */
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
@ -426,7 +370,7 @@
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
(PSA_BITS_TO_BYTES(curve_bits) * 2)
/** Sufficient signature buffer size for psa_asymmetric_sign().
/** Sufficient signature buffer size for psa_sign_hash().
*
* This macro returns a sufficient buffer size for a signature using a key
* of the specified type and size, with the specified algorithm.
@ -444,7 +388,7 @@
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
* psa_asymmetric_sign() will not fail with
* psa_sign_hash() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
* by the implementation, this macro shall return either a
@ -452,11 +396,27 @@
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
/** \def PSA_SIGNATURE_MAX_SIZE
*
* Maximum size of an asymmetric signature.
*
* This macro must expand to a compile-time constant integer. This value
* should be the maximum size of a signature supported by the implementation,
* in bytes, and must be no smaller than this maximum.
*/
#define PSA_SIGNATURE_MAX_SIZE \
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
/** Sufficient output buffer size for psa_asymmetric_encrypt().
*
* This macro returns a sufficient buffer size for a ciphertext produced using
@ -681,7 +641,7 @@
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
* psa_asymmetric_sign() will not fail with
* psa_sign_hash() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
* by the implementation, this macro shall return either a

74
features/mbedtls/mbed-crypto/inc/psa/crypto_types.h
View File

@ -63,85 +63,29 @@ typedef int32_t psa_status_t;
/** \brief Encoding of a key type.
*/
typedef uint32_t psa_key_type_t;
typedef uint16_t psa_key_type_t;
/** The type of PSA elliptic curve identifiers.
/** The type of PSA elliptic curve family identifiers.
*
* The curve identifier is required to create an ECC key using the
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
* macros.
*
* The encoding of curve identifiers is taken from the
* TLS Supported Groups Registry (formerly known as the
* TLS EC Named Curve Registry)
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
*
* This specification defines identifiers for some of the curves in the IANA
* registry. Implementations that support other curves that are in the IANA
* registry should use the IANA value and a implementation-specific identifier.
* Implemenations that support non-IANA curves should use one of the following
* approaches for allocating a key type:
*
* 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to
* #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use
* range.
* 2. Use a ::psa_key_type_t value that is vendor-defined.
*
* The first option is recommended.
* Values defined by this standard will never be in the range 0x80-0xff.
* Vendors who define additional families must use an encoding in this range.
*/
typedef uint16_t psa_ecc_curve_t;
typedef uint8_t psa_ecc_curve_t;
/** The type of PSA Diffie-Hellman group identifiers.
/** The type of PSA Diffie-Hellman group family identifiers.
*
* The group identifier is required to create an Diffie-Hellman key using the
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
* macros.
*
* The encoding of group identifiers is taken from the
* TLS Supported Groups Registry (formerly known as the
* TLS EC Named Curve Registry)
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
*
* This specification defines identifiers for some of the groups in the IANA
* registry. Implementations that support other groups that are in the IANA
* registry should use the IANA value and a implementation-specific identifier.
* Implemenations that support non-IANA groups should use one of the following
* approaches for allocating a key type:
*
* 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to
* #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use
* range.
* 2. Select a ::psa_dh_group_t value from the named groups allocated for
* GREASE in the IETF draft specification. The GREASE specification and
* values are listed below.
* 3. Use a ::psa_key_type_t value that is vendor-defined.
*
* Option 1 or 2 are recommended.
*
* The current draft of the GREASE specification is
* https://datatracker.ietf.org/doc/draft-ietf-tls-grease
*
* The following GREASE values are allocated for named groups:
* \code
* 0x0A0A
* 0x1A1A
* 0x2A2A
* 0x3A3A
* 0x4A4A
* 0x5A5A
* 0x6A6A
* 0x7A7A
* 0x8A8A
* 0x9A9A
* 0xAAAA
* 0xBABA
* 0xCACA
* 0xDADA
* 0xEAEA
* 0xFAFA
* \endcode
* Values defined by this standard will never be in the range 0x80-0xff.
* Vendors who define additional families must use an encoding in this range.
*/
typedef uint16_t psa_dh_group_t;
typedef uint8_t psa_dh_group_t;
/** \brief Encoding of a cryptographic algorithm.
*

230
features/mbedtls/mbed-crypto/inc/psa/crypto_values.h
View File

@ -282,7 +282,7 @@
*
* Zero is not the encoding of any key type.
*/
#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x00000000)
#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
/** Vendor-defined key type flag.
*
@ -291,15 +291,15 @@
* must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
* respect the bitwise structure used by standard encodings whenever practical.
*/
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x80000000)
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x70000000)
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x40000000)
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x50000000)
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x60000000)
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x70000000)
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x10000000)
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
/** Whether a key type is vendor-defined.
*
@ -313,8 +313,8 @@
* This encompasses both symmetric keys and non-key data.
*/
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK & ~(psa_key_type_t)0x10000000) == \
PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
/** Whether a key type is asymmetric: either a key pair or a public key. */
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
@ -357,7 +357,7 @@
*
* A "key" of this type cannot be used for any cryptographic operation.
* Applications may use this type to store arbitrary data in the keystore. */
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x50000001)
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
/** HMAC key.
*
@ -367,21 +367,21 @@
* HMAC keys should generally have the same size as the underlying hash.
* This size can be calculated with #PSA_HASH_SIZE(\c alg) where
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x51000000)
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
/** A secret for key derivation.
*
* The key policy determines which key derivation algorithm the key
* can be used for.
*/
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
*
@ -392,17 +392,17 @@
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
* is weak and deprecated and should only be used in legacy protocols.
*/
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
/** Key for a cipher, AEAD or MAC algorithm based on the
* Camellia block cipher. */
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x40000003)
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
/** Key for the RC4 stream cipher.
*
* Note that RC4 is weak and deprecated and should only be used in
* legacy protocols. */
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004)
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
@ -411,19 +411,19 @@
* Implementations must support 12-byte nonces, may support 8-byte nonces,
* and should reject other sizes.
*/
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x40000005)
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
/** RSA public key. */
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
/** RSA key pair (private and public key). */
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x70010000)
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x70030000)
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
/** Elliptic curve key pair.
*
* \param curve A value of type ::psa_ecc_curve_t that identifies the
@ -458,70 +458,82 @@
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
0))
/* The encoding of curve identifiers is currently aligned with the
* TLS Supported Groups Registry (formerly known as the
* TLS EC Named Curve Registry)
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* The values are defined by RFC 8422 and RFC 7027. */
#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
/** Curve25519.
/** SEC Koblitz curves over prime fields.
*
* This is the curve defined in Bernstein et al.,
* _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
* The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
* This family comprises the following curves:
* secp192k1, secp224k1, secp256k1.
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
/** Curve448
*
* This is the curve defined in Hamburg,
* _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
* The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
*/
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x17)
/** Minimum value for a vendor-defined ECC curve identifier
/** SEC random curves over prime fields.
*
* The range for vendor-defined curve identifiers is a subset of the IANA
* registry private use range, `0xfe00` - `0xfeff`.
* This family comprises the following curves:
* secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_CURVE_VENDOR_MIN ((psa_ecc_curve_t) 0xfe00)
/** Maximum value for a vendor-defined ECC curve identifier
*
* The range for vendor-defined curve identifiers is a subset of the IANA
* registry private use range, `0xfe00` - `0xfeff`.
*/
#define PSA_ECC_CURVE_VENDOR_MAX ((psa_ecc_curve_t) 0xfe7f)
#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x12)
/* SECP160R2 (SEC2 v1, obsolete) */
#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1b)
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000)
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x70040000)
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
/** SEC Koblitz curves over binary fields.
*
* This family comprises the following curves:
* sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x27)
/** SEC random curves over binary fields.
*
* This family comprises the following curves:
* sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_CURVE_SECT_R1 ((psa_ecc_curve_t) 0x22)
/** SEC additional random curves over binary fields.
*
* This family comprises the following curve:
* sect163r2.
* It is defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2b)
/** Brainpool P random curves.
*
* This family comprises the following curves:
* brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
* brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
* It is defined in RFC 5639.
*/
#define PSA_ECC_CURVE_BRAINPOOL_P_R1 ((psa_ecc_curve_t) 0x30)
/** Curve25519 and Curve448.
*
* This family comprises the following Montgomery curves:
* - 255-bit: Bernstein et al.,
* _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
* The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
* - 448-bit: Hamburg,
* _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
* The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
*/
#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x41)
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
/** Diffie-Hellman key pair.
*
* \param group A value of type ::psa_dh_group_t that identifies the
@ -556,30 +568,16 @@
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
0))
/* The encoding of group identifiers is currently aligned with the
* TLS Supported Groups Registry (formerly known as the
* TLS EC Named Curve Registry)
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* The values are defined by RFC 7919. */
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x0100)
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x0101)
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x0102)
#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
/** Minimum value for a vendor-defined Diffie Hellman group identifier
/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
*
* The range for vendor-defined group identifiers is a subset of the IANA
* registry private use range, `0x01fc` - `0x01ff`.
* This family includes groups with the following key sizes (in bits):
* 2048, 3072, 4096, 6144, 8192. A given implementation may support
* all of these sizes or only a subset.
*/
#define PSA_DH_GROUP_VENDOR_MIN ((psa_dh_group_t) 0x01fc)
/** Maximum value for a vendor-defined Diffie Hellman group identifier
*
* The range for vendor-defined group identifiers is a subset of the IANA
* registry private use range, `0x01fc` - `0x01ff`.
*/
#define PSA_DH_GROUP_VENDOR_MAX ((psa_dh_group_t) 0x01fd)
#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x03)
#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
(((type) >> 8) & 7)
/** The block size of a block cipher.
*
* \param type A cipher key type (value of type #psa_key_type_t).
@ -599,12 +597,9 @@
* \warning This macro may evaluate its argument multiple times.
*/
#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
( \
(type) == PSA_KEY_TYPE_AES ? 16 : \
(type) == PSA_KEY_TYPE_DES ? 8 : \
(type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \
(type) == PSA_KEY_TYPE_ARC4 ? 1 : \
0)
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
0u)
/** Vendor-defined algorithm flag.
*
@ -766,17 +761,17 @@
* Then you may create and use a key as follows:
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
* ```
* psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); // or VERIFY
* psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); // or VERIFY
* psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
* ```
* - Import or generate key material.
* - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing
* - Call psa_sign_hash() or psa_verify_hash(), passing
* an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each
* call to sign or verify a message may use a different hash.
* ```
* psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
* psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
* psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
* psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
* psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
* psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
* ```
*
* This value may not be used to build other algorithms that are
@ -1197,11 +1192,12 @@
*/
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
#define PSA_ALG_IS_ECDSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
PSA_ALG_ECDSA_BASE)
#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
(((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
(((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
(PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
@ -1640,7 +1636,7 @@
*
* For a key pair, this concerns the private key.
*/
#define PSA_KEY_USAGE_SIGN ((psa_key_usage_t)0x00000400)
#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00000400)
/** Whether the key may be used to verify a message signature.
*
@ -1650,7 +1646,7 @@
*
* For a key pair, this concerns the public key.
*/
#define PSA_KEY_USAGE_VERIFY ((psa_key_usage_t)0x00000800)
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00000800)
/** Whether the key may be used to derive other keys.
*/

4
features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/COMPONENT_NSPE/crypto_struct.h
View File

@ -330,14 +330,14 @@ typedef uint16_t psa_key_attributes_flag_t;
typedef struct
{
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
psa_key_id_t id;
psa_key_policy_t policy;
psa_key_bits_t bits;
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
struct psa_key_attributes_s
{

366
features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto.c
View File

@ -75,6 +75,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/rsa.h"
#include "mbedtls/sha1.h"
@ -351,6 +352,8 @@ static psa_status_t mbedtls_to_psa_error( int ret )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
return( PSA_ERROR_HARDWARE_FAILURE );
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
return( PSA_ERROR_CORRUPTION_DETECTED );
default:
return( PSA_ERROR_GENERIC_ERROR );
@ -372,71 +375,118 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_ECP_C)
static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
size_t *bits )
{
switch( grpid )
{
case MBEDTLS_ECP_DP_SECP192R1:
return( PSA_ECC_CURVE_SECP192R1 );
*bits = 192;
return( PSA_ECC_CURVE_SECP_R1 );
case MBEDTLS_ECP_DP_SECP224R1:
return( PSA_ECC_CURVE_SECP224R1 );
*bits = 224;
return( PSA_ECC_CURVE_SECP_R1 );
case MBEDTLS_ECP_DP_SECP256R1:
return( PSA_ECC_CURVE_SECP256R1 );
*bits = 256;
return( PSA_ECC_CURVE_SECP_R1 );
case MBEDTLS_ECP_DP_SECP384R1:
return( PSA_ECC_CURVE_SECP384R1 );
*bits = 384;
return( PSA_ECC_CURVE_SECP_R1 );
case MBEDTLS_ECP_DP_SECP521R1:
return( PSA_ECC_CURVE_SECP521R1 );
*bits = 521;
return( PSA_ECC_CURVE_SECP_R1 );
case MBEDTLS_ECP_DP_BP256R1:
return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
*bits = 256;
return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_BP384R1:
return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
*bits = 384;
return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_BP512R1:
return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
*bits = 512;
return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_CURVE25519:
return( PSA_ECC_CURVE_CURVE25519 );
*bits = 255;
return( PSA_ECC_CURVE_MONTGOMERY );
case MBEDTLS_ECP_DP_SECP192K1:
return( PSA_ECC_CURVE_SECP192K1 );
*bits = 192;
return( PSA_ECC_CURVE_SECP_K1 );
case MBEDTLS_ECP_DP_SECP224K1:
return( PSA_ECC_CURVE_SECP224K1 );
*bits = 224;
return( PSA_ECC_CURVE_SECP_K1 );
case MBEDTLS_ECP_DP_SECP256K1:
return( PSA_ECC_CURVE_SECP256K1 );
*bits = 256;
return( PSA_ECC_CURVE_SECP_K1 );
case MBEDTLS_ECP_DP_CURVE448:
return( PSA_ECC_CURVE_CURVE448 );
*bits = 448;
return( PSA_ECC_CURVE_MONTGOMERY );
default:
return( 0 );
}
}
static mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve )
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
size_t byte_length )
{
switch( curve )
{
case PSA_ECC_CURVE_SECP192R1:
return( MBEDTLS_ECP_DP_SECP192R1 );
case PSA_ECC_CURVE_SECP224R1:
return( MBEDTLS_ECP_DP_SECP224R1 );
case PSA_ECC_CURVE_SECP256R1:
return( MBEDTLS_ECP_DP_SECP256R1 );
case PSA_ECC_CURVE_SECP384R1:
return( MBEDTLS_ECP_DP_SECP384R1 );
case PSA_ECC_CURVE_SECP521R1:
return( MBEDTLS_ECP_DP_SECP521R1 );
case PSA_ECC_CURVE_BRAINPOOL_P256R1:
return( MBEDTLS_ECP_DP_BP256R1 );
case PSA_ECC_CURVE_BRAINPOOL_P384R1:
return( MBEDTLS_ECP_DP_BP384R1 );
case PSA_ECC_CURVE_BRAINPOOL_P512R1:
return( MBEDTLS_ECP_DP_BP512R1 );
case PSA_ECC_CURVE_CURVE25519:
return( MBEDTLS_ECP_DP_CURVE25519 );
case PSA_ECC_CURVE_SECP192K1:
return( MBEDTLS_ECP_DP_SECP192K1 );
case PSA_ECC_CURVE_SECP224K1:
return( MBEDTLS_ECP_DP_SECP224K1 );
case PSA_ECC_CURVE_SECP256K1:
return( MBEDTLS_ECP_DP_SECP256K1 );
case PSA_ECC_CURVE_CURVE448:
return( MBEDTLS_ECP_DP_CURVE448 );
case PSA_ECC_CURVE_SECP_R1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 192 ):
return( MBEDTLS_ECP_DP_SECP192R1 );
case PSA_BITS_TO_BYTES( 224 ):
return( MBEDTLS_ECP_DP_SECP224R1 );
case PSA_BITS_TO_BYTES( 256 ):
return( MBEDTLS_ECP_DP_SECP256R1 );
case PSA_BITS_TO_BYTES( 384 ):
return( MBEDTLS_ECP_DP_SECP384R1 );
case PSA_BITS_TO_BYTES( 521 ):
return( MBEDTLS_ECP_DP_SECP521R1 );
default:
return( MBEDTLS_ECP_DP_NONE );
}
break;
case PSA_ECC_CURVE_BRAINPOOL_P_R1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 256 ):
return( MBEDTLS_ECP_DP_BP256R1 );
case PSA_BITS_TO_BYTES( 384 ):
return( MBEDTLS_ECP_DP_BP384R1 );
case PSA_BITS_TO_BYTES( 512 ):
return( MBEDTLS_ECP_DP_BP512R1 );
default:
return( MBEDTLS_ECP_DP_NONE );
}
break;
case PSA_ECC_CURVE_MONTGOMERY:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 255 ):
return( MBEDTLS_ECP_DP_CURVE25519 );
case PSA_BITS_TO_BYTES( 448 ):
return( MBEDTLS_ECP_DP_CURVE448 );
default:
return( MBEDTLS_ECP_DP_NONE );
}
break;
case PSA_ECC_CURVE_SECP_K1:
switch( byte_length )
{
case PSA_BITS_TO_BYTES( 192 ):
return( MBEDTLS_ECP_DP_SECP192K1 );
case PSA_BITS_TO_BYTES( 224 ):
return( MBEDTLS_ECP_DP_SECP224K1 );
case PSA_BITS_TO_BYTES( 256 ):
return( MBEDTLS_ECP_DP_SECP256K1 );
default:
return( MBEDTLS_ECP_DP_NONE );
}
break;
default:
return( MBEDTLS_ECP_DP_NONE );
}
@ -584,6 +634,37 @@ exit:
#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
#if defined(MBEDTLS_ECP_C)
static psa_status_t psa_prepare_import_ec_key( psa_ecc_curve_t curve,
size_t data_length,
int is_public,
mbedtls_ecp_keypair **p_ecp )
{
mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
*p_ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
if( *p_ecp == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
mbedtls_ecp_keypair_init( *p_ecp );
if( is_public )
{
/* A public key is represented as:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
* So its data length is 2m+1 where n is the key size in bits.
*/
if( ( data_length & 1 ) == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
data_length = data_length / 2;
}
/* Load the group. */
grp_id = mbedtls_ecc_group_of_psa( curve, data_length );
if( grp_id == MBEDTLS_ECP_DP_NONE )
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
mbedtls_ecp_group_load( &( *p_ecp )->grp, grp_id ) ) );
}
/* Import a public key given as the uncompressed representation defined by SEC1
* 2.3.3 as the content of an ECPoint. */
@ -594,19 +675,11 @@ static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
*p_ecp = NULL;
ecp = mbedtls_calloc( 1, sizeof( *ecp ) );
if( ecp == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
mbedtls_ecp_keypair_init( ecp );
/* Load the group. */
status = mbedtls_to_psa_error(
mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
status = psa_prepare_import_ec_key( curve, data_length, 1, &ecp );
if( status != PSA_SUCCESS )
goto exit;
/* Load the public value. */
status = mbedtls_to_psa_error(
mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
@ -631,9 +704,7 @@ exit:
}
return( status );
}
#endif /* defined(MBEDTLS_ECP_C) */
#if defined(MBEDTLS_ECP_C)
/* Import a private key given as a byte string which is the private value
* in big-endian order. */
static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve,
@ -643,22 +714,11 @@ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
return( PSA_ERROR_INVALID_ARGUMENT );
*p_ecp = NULL;
ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
if( ecp == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
mbedtls_ecp_keypair_init( ecp );
/* Load the group. */
status = mbedtls_to_psa_error(
mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
status = psa_prepare_import_ec_key( curve, data_length, 0, &ecp );
if( status != PSA_SUCCESS )
goto exit;
/* Load the secret value. */
status = mbedtls_to_psa_error(
mbedtls_mpi_read_binary( &ecp->d, data, data_length ) );
@ -1145,7 +1205,7 @@ static psa_status_t psa_get_rsa_public_exponent(
psa_key_attributes_t *attributes )
{
mbedtls_mpi mpi;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint8_t *buffer = NULL;
size_t buflen;
mbedtls_mpi_init( &mpi );
@ -1249,7 +1309,7 @@ psa_status_t psa_get_key_slot_number(
static int pk_write_pubkey_simple( mbedtls_pk_context *key,
unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0;
@ -1334,7 +1394,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
mbedtls_pk_context pk;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
#if defined(MBEDTLS_RSA_C)
@ -1462,8 +1522,8 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
PSA_KEY_USAGE_SIGN |
PSA_KEY_USAGE_VERIFY |
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_DERIVE ) ) != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -1782,7 +1842,7 @@ static psa_status_t psa_validate_optional_attributes(
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_mpi actual, required;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_init( &actual );
mbedtls_mpi_init( &required );
ret = mbedtls_rsa_export( slot->data.rsa,
@ -2006,6 +2066,7 @@ exit:
/* Message digests */
/****************************************************************/
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC)
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
{
switch( alg )
@ -2037,8 +2098,10 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
return( &mbedtls_sha256_info );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
return( &mbedtls_sha384_info );
#endif
case PSA_ALG_SHA_512:
return( &mbedtls_sha512_info );
#endif
@ -2046,6 +2109,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
return( NULL );
}
}
#endif
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
@ -2088,7 +2152,9 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_free( &operation->ctx.sha512 );
break;
@ -2103,7 +2169,7 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
@ -2154,10 +2220,12 @@ psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
break;
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
@ -2179,7 +2247,7 @@ psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
@ -2226,7 +2294,9 @@ psa_status_t psa_hash_update( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
input, input_length );
@ -2247,7 +2317,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
size_t *hash_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t actual_hash_length = PSA_HASH_SIZE( operation->alg );
/* Fill the output buffer with something that isn't a valid hash
@ -2299,7 +2369,9 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
break;
@ -2340,6 +2412,58 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
return( PSA_SUCCESS );
}
psa_status_t psa_hash_compute( psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *hash, size_t hash_size,
size_t *hash_length )
{
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*hash_length = hash_size;
status = psa_hash_setup( &operation, alg );
if( status != PSA_SUCCESS )
goto exit;
status = psa_hash_update( &operation, input, input_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_hash_finish( &operation, hash, hash_size, hash_length );
if( status != PSA_SUCCESS )
goto exit;
exit:
if( status == PSA_SUCCESS )
status = psa_hash_abort( &operation );
else
psa_hash_abort( &operation );
return( status );
}
psa_status_t psa_hash_compare( psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length )
{
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_hash_setup( &operation, alg );
if( status != PSA_SUCCESS )
goto exit;
status = psa_hash_update( &operation, input, input_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_hash_verify( &operation, hash, hash_length );
if( status != PSA_SUCCESS )
goto exit;
exit:
if( status == PSA_SUCCESS )
status = psa_hash_abort( &operation );
else
psa_hash_abort( &operation );
return( status );
}
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
@ -2388,7 +2512,9 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case PSA_ALG_SHA_384:
#endif
case PSA_ALG_SHA_512:
mbedtls_sha512_clone( &target_operation->ctx.sha512,
&source_operation->ctx.sha512 );
@ -2630,7 +2756,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation,
psa_key_slot_t *slot,
const mbedtls_cipher_info_t *cipher_info )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
operation->mac_size = cipher_info->block_size;
@ -2672,14 +2798,8 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
if( key_length > block_size )
{
status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
if( status != PSA_SUCCESS )
goto cleanup;
status = psa_hash_update( &hmac->hash_ctx, key, key_length );
if( status != PSA_SUCCESS )
goto cleanup;
status = psa_hash_finish( &hmac->hash_ctx,
ipad, sizeof( ipad ), &key_length );
status = psa_hash_compute( hash_alg, key, key_length,
ipad, sizeof( ipad ), &key_length );
if( status != PSA_SUCCESS )
goto cleanup;
}
@ -2724,7 +2844,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
psa_key_slot_t *slot;
size_t key_bits;
psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY;
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
@ -2751,7 +2871,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
const mbedtls_cipher_info_t *cipher_info =
mbedtls_cipher_info_from_psa( full_length_alg,
slot->attr.type, key_bits, NULL );
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( cipher_info == NULL )
{
status = PSA_ERROR_NOT_SUPPORTED;
@ -3029,6 +3149,8 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
status = psa_mac_finish_internal( operation,
actual_mac, sizeof( actual_mac ) );
if( status != PSA_SUCCESS )
goto cleanup;
if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
status = PSA_ERROR_INVALID_SIGNATURE;
@ -3103,7 +3225,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
size_t *signature_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
@ -3161,7 +3283,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
size_t signature_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg;
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
@ -3227,7 +3349,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
size_t signature_size,
size_t *signature_length )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
mbedtls_mpi_init( &r );
@ -3282,7 +3404,7 @@ static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp,
const uint8_t *signature,
size_t signature_length )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
mbedtls_mpi_init( &r );
@ -3308,13 +3430,13 @@ cleanup:
}
#endif /* MBEDTLS_ECDSA_C */
psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length )
psa_status_t psa_sign_hash( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length )
{
psa_key_slot_t *slot;
psa_status_t status;
@ -3331,7 +3453,7 @@ psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
if( signature_size == 0 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN_HASH, alg );
if( status != PSA_SUCCESS )
goto exit;
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
@ -3412,12 +3534,12 @@ exit:
return( status );
}
psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length )
psa_status_t psa_verify_hash( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length )
{
psa_key_slot_t *slot;
psa_status_t status;
@ -3426,7 +3548,7 @@ psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
psa_drv_se_context_t *drv_context;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg );
if( status != PSA_SUCCESS )
return( status );
@ -3521,7 +3643,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle,
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_rsa_context *rsa = slot->data.rsa;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( output_size < mbedtls_rsa_get_len( rsa ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_PKCS1_V15)
@ -3600,7 +3722,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle,
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa = slot->data.rsa;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( input_length != mbedtls_rsa_get_len( rsa ) )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -3797,7 +3919,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
size_t *iv_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( operation->iv_set || ! operation->iv_required )
{
return( PSA_ERROR_BAD_STATE );
@ -3829,7 +3951,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
size_t iv_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( operation->iv_set || ! operation->iv_required )
{
return( PSA_ERROR_BAD_STATE );
@ -3857,7 +3979,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
size_t *output_length )
{
psa_status_t status;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_output_size;
if( operation->alg == 0 )
@ -5192,12 +5314,13 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
mbedtls_ecp_keypair *their_key = NULL;
mbedtls_ecdh_context ecdh;
psa_status_t status;
size_t bits = 0;
psa_ecc_curve_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
mbedtls_ecdh_init( &ecdh );
status = psa_import_ec_public_key(
mbedtls_ecc_group_to_psa( our_key->grp.id ),
peer_key, peer_key_length,
&their_key );
status = psa_import_ec_public_key( curve,
peer_key, peer_key_length,
&their_key );
if( status != PSA_SUCCESS )
goto exit;
@ -5216,8 +5339,14 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
shared_secret, shared_secret_size,
mbedtls_ctr_drbg_random,
&global_data.ctr_drbg ) );
if( status != PSA_SUCCESS )
goto exit;
if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
status = PSA_ERROR_CORRUPTION_DETECTED;
exit:
if( status != PSA_SUCCESS )
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( their_key );
mbedtls_free( their_key );
@ -5367,7 +5496,7 @@ exit:
psa_status_t psa_generate_random( uint8_t *output,
size_t output_size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
GUARD_MODULE_INITIALIZED;
while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST )
@ -5462,7 +5591,7 @@ static psa_status_t psa_generate_key_internal(
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent;
psa_status_t status;
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
@ -5500,11 +5629,12 @@ static psa_status_t psa_generate_key_internal(
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
{
psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type );
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
mbedtls_ecp_group_id grp_id =
mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( bits ) );
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id( grp_id );
mbedtls_ecp_keypair *ecp;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( domain_parameters_size != 0 )
return( PSA_ERROR_NOT_SUPPORTED );
if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )

15
features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_storage.c
View File

@ -259,7 +259,9 @@ typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
uint8_t lifetime[sizeof( psa_key_lifetime_t )];
uint8_t type[sizeof( psa_key_type_t )];
uint8_t type[4]; /* Size=4 for a 2-byte type to keep the structure more
* regular and aligned and to make potential future
* extensibility easier. */
uint8_t policy[sizeof( psa_key_policy_t )];
uint8_t data_len[4];
uint8_t key_data[];
@ -276,7 +278,7 @@ void psa_format_key_data_for_storage( const uint8_t *data,
memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
PUT_UINT32_LE( 0, storage_format->version, 0 );
PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
PUT_UINT32_LE( attr->type, storage_format->type, 0 );
PUT_UINT32_LE( (uint32_t) attr->type, storage_format->type, 0 );
PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
@ -302,6 +304,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
const psa_persistent_key_storage_format *storage_format =
(const psa_persistent_key_storage_format *)storage_data;
uint32_t version;
uint32_t type;
if( storage_data_length < sizeof(*storage_format) )
return( PSA_ERROR_STORAGE_FAILURE );
@ -332,7 +335,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
}
GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
GET_UINT32_LE( attr->type, storage_format->type, 0 );
GET_UINT32_LE( type, storage_format->type, 0 );
if( type <= (psa_key_type_t) -1 )
attr->type = (psa_key_type_t) type;
else
return( PSA_ERROR_STORAGE_FAILURE );
GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
@ -419,7 +426,7 @@ psa_status_t psa_crypto_save_transaction( void )
{
struct psa_storage_info_t p_info;
psa_status_t status;
status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
if( status == PSA_SUCCESS )
{
/* This shouldn't happen: we're trying to start a transaction while

9
features/mbedtls/mbed-crypto/platform/COMPONENT_SPE/crypto_struct_spe.h
View File

@ -330,10 +330,10 @@ typedef uint16_t psa_key_attributes_flag_t;
typedef struct
{
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
psa_key_id_t id;
psa_key_policy_t policy;
psa_key_bits_t bits;
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
@ -344,14 +344,14 @@ typedef struct
typedef struct
{
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
psa_app_key_id_t id;
psa_key_policy_t policy;
psa_key_bits_t bits;
uint16_t flags;
psa_key_attributes_flag_t flags;
} psa_client_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
struct psa_key_attributes_s
{
@ -368,6 +368,7 @@ struct psa_key_attributes_s
#else
#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
#endif
typedef struct psa_client_key_attributes_s
{
psa_client_core_key_attributes_t core;

31
features/mbedtls/mbed-crypto/src/aes.c
View File

@ -38,6 +38,7 @@
#include "mbedtls/aes.h"
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
@ -766,7 +767,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
@ -791,7 +792,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
@ -918,6 +919,18 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) );
mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) );
mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) );
mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) );
mbedtls_platform_zeroize( &RK, sizeof( RK ) );
return( 0 );
}
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
@ -986,6 +999,18 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) );
mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) );
mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) );
mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) );
mbedtls_platform_zeroize( &RK, sizeof( RK ) );
return( 0 );
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
@ -1175,7 +1200,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t blocks = length / 16;
size_t leftover = length % 16;
unsigned char tweak[16];

186
features/mbedtls/mbed-crypto/src/asn1parse.c
View File

@ -29,6 +29,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -124,7 +125,7 @@ int mbedtls_asn1_get_bool( unsigned char **p,
const unsigned char *end,
int *val )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
@ -139,17 +140,20 @@ int mbedtls_asn1_get_bool( unsigned char **p,
return( 0 );
}
int mbedtls_asn1_get_int( unsigned char **p,
const unsigned char *end,
int *val )
static int asn1_get_tagged_int( unsigned char **p,
const unsigned char *end,
int tag, int *val )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
return( ret );
/* len==0 is malformed (0 must be represented as 020100). */
/*
* len==0 is malformed (0 must be represented as 020100 for INTEGER,
* or 0A0100 for ENUMERATED tags
*/
if( len == 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
/* This is a cryptography library. Reject negative integers. */
@ -180,12 +184,26 @@ int mbedtls_asn1_get_int( unsigned char **p,
return( 0 );
}
int mbedtls_asn1_get_int( unsigned char **p,
const unsigned char *end,
int *val )
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
}
int mbedtls_asn1_get_enum( unsigned char **p,
const unsigned char *end,
int *val )
{
return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
}
#if defined(MBEDTLS_BIGNUM_C)
int mbedtls_asn1_get_mpi( unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
@ -202,7 +220,7 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
mbedtls_asn1_bitstring *bs)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Certificate type is a single byte bitstring */
if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
@ -229,13 +247,65 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
return( 0 );
}
/*
* Traverse an ASN.1 "SEQUENCE OF <tag>"
* and call a callback for each entry found.
*/
int mbedtls_asn1_traverse_sequence_of(
unsigned char **p,
const unsigned char *end,
unsigned char tag_must_mask, unsigned char tag_must_val,
unsigned char tag_may_mask, unsigned char tag_may_val,
int (*cb)( void *ctx, int tag,
unsigned char *start, size_t len ),
void *ctx )
{
int ret;
size_t len;
/* Get main sequence tag */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( ret );
}
if( *p + len != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
while( *p < end )
{
unsigned char const tag = *(*p)++;
if( ( tag & tag_must_mask ) != tag_must_val )
return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
return( ret );
if( ( tag & tag_may_mask ) == tag_may_val )
{
if( cb != NULL )
{
ret = cb( ctx, tag, *p, len );
if( ret != 0 )
return( ret );
}
}
*p += len;
}
return( 0 );
}
/*
* Get a bit string without unused bits
*/
int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
size_t *len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
return( ret );
@ -251,7 +321,51 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
return( 0 );
}
void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
{
while( seq != NULL )
{
mbedtls_asn1_sequence *next = seq->next;
mbedtls_platform_zeroize( seq, sizeof( *seq ) );
mbedtls_free( seq );
seq = next;
}
}
typedef struct
{
int tag;
mbedtls_asn1_sequence *cur;
} asn1_get_sequence_of_cb_ctx_t;
static int asn1_get_sequence_of_cb( void *ctx,
int tag,
unsigned char *start,
size_t len )
{
asn1_get_sequence_of_cb_ctx_t *cb_ctx =
(asn1_get_sequence_of_cb_ctx_t *) ctx;
mbedtls_asn1_sequence *cur =
cb_ctx->cur;
if( cur->buf.p != NULL )
{
cur->next =
mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL )
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
cur = cur->next;
}
cur->buf.p = start;
cur->buf.len = len;
cur->buf.tag = tag;
cb_ctx->cur = cur;
return( 0 );
}
/*
* Parses and splits an ASN.1 "SEQUENCE OF <tag>"
@ -261,56 +375,18 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
mbedtls_asn1_sequence *cur,
int tag)
{
int ret;
size_t len;
mbedtls_asn1_buf *buf;
/* Get main sequence tag */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( ret );
if( *p + len != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
while( *p < end )
{
buf = &(cur->buf);
buf->tag = **p;
if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 )
return( ret );
buf->p = *p;
*p += buf->len;
/* Allocate and assign next pointer */
if( *p < end )
{
cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL )
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
cur = cur->next;
}
}
/* Set final sequence entry's next pointer to NULL */
cur->next = NULL;
if( *p != end )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
memset( cur, 0, sizeof( mbedtls_asn1_sequence ) );
return( mbedtls_asn1_traverse_sequence_of(
p, end, 0xFF, tag, 0, 0,
asn1_get_sequence_of_cb, &cb_ctx ) );
}
int mbedtls_asn1_get_alg( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
@ -354,7 +430,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
mbedtls_asn1_buf *alg )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf params;
memset( &params, 0, sizeof(mbedtls_asn1_buf) );

33
features/mbedtls/mbed-crypto/src/asn1write.c
View File

@ -28,6 +28,7 @@
#if defined(MBEDTLS_ASN1_WRITE_C)
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include <string.h>
@ -131,7 +132,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
#if defined(MBEDTLS_BIGNUM_C)
int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
// Write the MPI
@ -168,7 +169,7 @@ cleanup:
int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
// Write NULL
@ -182,7 +183,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
@ -197,7 +198,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
const char *oid, size_t oid_len,
size_t par_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( par_len == 0 )
@ -216,7 +217,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( *p - start < 1 )
@ -231,9 +232,9 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
return( (int) len );
}
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do
@ -255,15 +256,25 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
return( (int) len );
}
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
}
int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val )
{
return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
}
int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
const char *text, size_t text_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
@ -339,7 +350,7 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
@ -372,7 +383,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );

167
features/mbedtls/mbed-crypto/src/bignum.c
View File

@ -46,6 +46,7 @@
#include "mbedtls/bignum.h"
#include "mbedtls/bn_mul.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -157,9 +158,10 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
/* Actually resize up in this case */
/* Actually resize up if there are currently fewer than nblimbs limbs. */
if( X->n <= nblimbs )
return( mbedtls_mpi_grow( X, nblimbs ) );
/* After this point, then X->n > nblimbs and in particular X->n > 0. */
for( i = X->n - 1; i > 0; i-- )
if( X->p[i] != 0 )
@ -198,7 +200,7 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
if( X == Y )
return( 0 );
if( Y->p == NULL )
if( Y->n == 0 )
{
mbedtls_mpi_free( X );
return( 0 );
@ -314,7 +316,7 @@ cleanup:
*/
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MPI_VALIDATE_RET( X != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
@ -457,7 +459,7 @@ static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
*/
int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j, slen, n;
mbedtls_mpi_uint d;
mbedtls_mpi T;
@ -532,7 +534,7 @@ cleanup:
static int mpi_write_hlp( mbedtls_mpi *X, int radix,
char **p, const size_t buflen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_uint r;
size_t length = 0;
char *p_end = *p + buflen;
@ -697,7 +699,7 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
*/
int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n, slen, plen;
/*
* Buffer should have space for (short) label and decimal formatted MPI,
@ -832,7 +834,7 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
const unsigned char *buf, size_t buflen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t const limbs = CHARS_TO_LIMBS( buflen );
@ -864,7 +866,7 @@ cleanup:
*/
int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t const limbs = CHARS_TO_LIMBS( buflen );
size_t const overhead = ( limbs * ciL ) - buflen;
unsigned char *Xp;
@ -991,7 +993,7 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
*/
int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, v0, t1;
mbedtls_mpi_uint r0 = 0, r1;
MPI_VALIDATE_RET( X != NULL );
@ -1148,6 +1150,107 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
return( 0 );
}
/** Decide if an integer is less than the other, without branches.
*
* \param x First integer.
* \param y Second integer.
*
* \return 1 if \p x is less than \p y, 0 otherwise
*/
static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x,
const mbedtls_mpi_uint y )
{
mbedtls_mpi_uint ret;
mbedtls_mpi_uint cond;
/*
* Check if the most significant bits (MSB) of the operands are different.
*/
cond = ( x ^ y );
/*
* If the MSB are the same then the difference x-y will be negative (and
* have its MSB set to 1 during conversion to unsigned) if and only if x<y.
*/
ret = ( x - y ) & ~cond;
/*
* If the MSB are different, then the operand with the MSB of 1 is the
* bigger. (That is if y has MSB of 1, then x<y is true and it is false if
* the MSB of y is 0.)
*/
ret |= y & cond;
ret = ret >> ( biL - 1 );
return (unsigned) ret;
}
/*
* Compare signed values in constant time
*/
int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
unsigned *ret )
{
size_t i;
/* The value of any of these variables is either 0 or 1 at all times. */
unsigned cond, done, X_is_negative, Y_is_negative;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( Y != NULL );
MPI_VALIDATE_RET( ret != NULL );
if( X->n != Y->n )
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
/*
* Set sign_N to 1 if N >= 0, 0 if N < 0.
* We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
*/
X_is_negative = ( X->s & 2 ) >> 1;
Y_is_negative = ( Y->s & 2 ) >> 1;
/*
* If the signs are different, then the positive operand is the bigger.
* That is if X is negative (X_is_negative == 1), then X < Y is true and it
* is false if X is positive (X_is_negative == 0).
*/
cond = ( X_is_negative ^ Y_is_negative );
*ret = cond & X_is_negative;
/*
* This is a constant-time function. We might have the result, but we still
* need to go through the loop. Record if we have the result already.
*/
done = cond;
for( i = X->n; i > 0; i-- )
{
/*
* If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
* X and Y are negative.
*
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
cond = ct_lt_mpi_uint( Y->p[i - 1], X->p[i - 1] );
*ret |= cond & ( 1 - done ) & X_is_negative;
done |= cond;
/*
* If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both
* X and Y are positive.
*
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
cond = ct_lt_mpi_uint( X->p[i - 1], Y->p[i - 1] );
*ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
done |= cond;
}
return( 0 );
}
/*
* Compare signed values
*/
@ -1170,7 +1273,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
*/
int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi_uint *o, *p, c, tmp;
MPI_VALIDATE_RET( X != NULL );
@ -1251,7 +1354,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
mbedtls_mpi TB;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
@ -1474,7 +1577,7 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp
*/
int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi TA, TB;
MPI_VALIDATE_RET( X != NULL );
@ -1629,9 +1732,10 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n, t, k;
mbedtls_mpi X, Y, Z, T1, T2;
mbedtls_mpi_uint TP2[3];
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@ -1639,7 +1743,17 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
mbedtls_mpi_init( &T1 );
/*
* Avoid dynamic memory allocations for constant-size T2.
*
* T2 is used for comparison only and the 3 limbs are assigned explicitly,
* so nobody increase the size of the MPI and we're safe to use an on-stack
* buffer.
*/
T2.s = 1;
T2.n = sizeof( TP2 ) / sizeof( *TP2 );
T2.p = TP2;
if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
{
@ -1655,7 +1769,6 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
k = mbedtls_mpi_bitlen( &Y ) % biL;
if( k < biL - 1 )
@ -1687,6 +1800,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
Y.p[t], NULL);
}
T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
T2.p[2] = X.p[i];
Z.p[i - t - 1]++;
do
{
@ -1696,11 +1813,6 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
T1.p[1] = Y.p[t];
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
T2.p[2] = X.p[i];
}
while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
@ -1736,7 +1848,8 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
cleanup:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
mbedtls_mpi_free( &T1 );
mbedtls_platform_zeroize( TP2, sizeof( TP2 ) );
return( ret );
}
@ -1765,7 +1878,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
*/
int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MPI_VALIDATE_RET( R != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@ -1927,7 +2040,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *E, const mbedtls_mpi *N,
mbedtls_mpi *_RR )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t wbits, wsize, one = 1;
size_t i, j, nblimbs;
size_t bufsize, nbits;
@ -2142,7 +2255,7 @@ cleanup:
*/
int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t lz, lzt;
mbedtls_mpi TA, TB;
@ -2204,7 +2317,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t const limbs = CHARS_TO_LIMBS( size );
size_t const overhead = ( limbs * ciL ) - size;
unsigned char *Xp;
@ -2235,7 +2348,7 @@ cleanup:
*/
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
@ -2488,7 +2601,7 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi XX;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( f_rng != NULL );

9
features/mbedtls/mbed-crypto/src/ccm.c
View File

@ -38,6 +38,7 @@
#include "mbedtls/ccm.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -74,7 +75,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
const unsigned char *key,
unsigned int keybits )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
CCM_VALIDATE_RET( ctx != NULL );
@ -156,7 +157,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
unsigned char q;
size_t len_left, olen;
@ -366,7 +367,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
unsigned char i;
int diff;
@ -479,7 +480,7 @@ int mbedtls_ccm_self_test( int verbose )
unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
size_t i;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ccm_init( &ctx );

5
features/mbedtls/mbed-crypto/src/chacha20.c
View File

@ -33,6 +33,7 @@
#include "mbedtls/chacha20.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <stddef.h>
#include <string.h>
@ -325,7 +326,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
unsigned char* output )
{
mbedtls_chacha20_context ctx;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CHACHA20_VALIDATE_RET( key != NULL );
CHACHA20_VALIDATE_RET( nonce != NULL );
@ -536,7 +537,7 @@ int mbedtls_chacha20_self_test( int verbose )
{
unsigned char output[381];
unsigned i;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{

15
features/mbedtls/mbed-crypto/src/chachapoly.c
View File

@ -30,6 +30,7 @@
#include "mbedtls/chachapoly.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -122,7 +123,7 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
const unsigned char key[32] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
CHACHAPOLY_VALIDATE_RET( key != NULL );
@ -135,7 +136,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
mbedtls_chachapoly_mode_t mode )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char poly1305_key[64];
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
@ -191,7 +192,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
@ -240,7 +241,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
unsigned char mac[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char len_block[16];
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
CHACHAPOLY_VALIDATE_RET( mac != NULL );
@ -304,7 +305,7 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
unsigned char *output,
unsigned char tag[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
if( ret != 0 )
@ -354,7 +355,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
int diff;
@ -492,7 +493,7 @@ int mbedtls_chachapoly_self_test( int verbose )
{
mbedtls_chachapoly_context ctx;
unsigned i;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[200];
unsigned char mac[16];

27
features/mbedtls/mbed-crypto/src/cipher.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <stdlib.h>
#include <string.h>
@ -504,7 +505,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
CIPHER_VALIDATE_RET( ctx != NULL );
@ -526,6 +527,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx );
if ( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{
@ -561,11 +566,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
}
#endif
if ( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % block_size ) )
{
@ -624,11 +624,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*/
if( 0 != ilen )
{
if( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
@ -1134,7 +1129,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len )
{
unsigned char check_tag[16];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
@ -1211,7 +1206,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
CIPHER_VALIDATE_RET( ctx != NULL );
@ -1455,7 +1450,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
@ -1471,7 +1466,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CCM_C)
if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
@ -1487,7 +1482,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ( ( iv_len != ctx->cipher_info->iv_size ) ||

3
features/mbedtls/mbed-crypto/src/cipher_wrap.c
View File

@ -32,6 +32,7 @@
#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher_internal.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
@ -1916,7 +1917,7 @@ static int chacha20_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_chacha20_update( ctx, length, input, output );
if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )

13
features/mbedtls/mbed-crypto/src/cmac.c
View File

@ -50,6 +50,7 @@
#include "mbedtls/cmac.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -136,7 +137,7 @@ static int cmac_multiply_by_u( unsigned char *output,
static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
unsigned char* K1, unsigned char* K2 )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size;
@ -315,7 +316,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen, block_size;
if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
@ -393,7 +394,7 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
unsigned char *output )
{
mbedtls_cipher_context_t ctx;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@ -427,7 +428,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
const unsigned char *input, size_t in_len,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
@ -894,7 +895,7 @@ exit:
static int test_aes128_cmac_prf( int verbose )
{
int i;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
for( i = 0; i < NB_PRF_TESTS; i++ )
@ -921,7 +922,7 @@ static int test_aes128_cmac_prf( int verbose )
int mbedtls_cmac_self_test( int verbose )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_AES_C)
/* AES-128 */

251
features/mbedtls/mbed-crypto/src/ctr_drbg.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -56,76 +57,15 @@
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
/* Indicate that the entropy nonce length is not set explicitly.
* See mbedtls_ctr_drbg_set_nonce_len(). */
ctx->reseed_counter = -1;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
}
/*
* Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
* NIST tests to succeed (which require known length fixed entropy)
*/
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
* mbedtls_ctr_drbg_seed_entropy_len(ctx, f_entropy, p_entropy,
* custom, len, entropy_len)
* implements
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
* security_strength) -> initial_working_state
* with inputs
* custom[:len] = nonce || personalization_string
* where entropy_input comes from f_entropy for entropy_len bytes
* and with outputs
* ctx = initial_working_state
*/
int mbedtls_ctr_drbg_seed_entropy_len(
mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len,
size_t entropy_len )
{
int ret;
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
mbedtls_aes_init( &ctx->aes_ctx );
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
ctx->entropy_len = entropy_len;
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
/*
* Initialize with an empty key
*/
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );
}
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
{
return( ret );
}
return( 0 );
}
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy,
custom, len,
MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
}
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
{
if( ctx == NULL )
@ -150,6 +90,32 @@ void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
ctx->entropy_len = len;
}
int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
size_t len )
{
/* If mbedtls_ctr_drbg_seed() has already been called, it's
* too late. Return the error code that's closest to making sense. */
if( ctx->f_entropy != NULL )
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
#if SIZE_MAX > INT_MAX
/* This shouldn't be an issue because
* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
* configuration, but make sure anyway. */
if( len > INT_MAX )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
#endif
/* For backward compatibility with Mbed TLS <= 2.19, store the
* entropy nonce length in a field that already exists, but isn't
* used until after the initial seeding. */
/* Due to the capping of len above, the value fits in an int. */
ctx->reseed_counter = (int) len;
return( 0 );
}
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
int interval )
{
@ -354,7 +320,7 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
size_t add_len )
{
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( add_len == 0 )
return( 0 );
@ -383,7 +349,7 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/* CTR_DRBG_Reseed with derivation function (SP 800-90A &sect;10.2.1.4.2)
* mbedtls_ctr_drbg_reseed(ctx, additional, len)
* mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len)
* implements
* CTR_DRBG_Reseed(working_state, entropy_input, additional_input)
* -> new_working_state
@ -391,51 +357,57 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
* ctx contains working_state
* additional[:len] = additional_input
* and entropy_input comes from calling ctx->f_entropy
* for (ctx->entropy_len + nonce_len) bytes
* and with output
* ctx contains new_working_state
*/
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len )
static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t len,
size_t nonce_len )
{
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
/*
* Gather entropy_len bytes of entropy to seed state
*/
if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
ctx->entropy_len ) )
/* Gather entropy_len bytes of entropy to seed state. */
if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
}
seedlen += ctx->entropy_len;
/*
* Add additional data
*/
if( additional && len )
/* Gather entropy for a nonce if requested. */
if( nonce_len != 0 )
{
if( 0 != ctx->f_entropy( ctx->p_entropy, seed, nonce_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
}
seedlen += nonce_len;
}
/* Add additional data if provided. */
if( additional != NULL && len != 0 )
{
memcpy( seed + seedlen, additional, len );
seedlen += len;
}
/*
* Reduce to 384 bits
*/
/* Reduce to 384 bits. */
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
goto exit;
/*
* Update state
*/
/* Update state. */
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
goto exit;
ctx->reseed_counter = 1;
@ -445,6 +417,81 @@ exit:
return( ret );
}
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len )
{
return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
}
/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
* is sufficient to achieve the maximum security strength given the key
* size and entropy length. If there is enough entropy in the initial
* call to the entropy function to serve as both the entropy input and
* the nonce, don't make a second call to get a nonce. */
static size_t good_nonce_len( size_t entropy_len )
{
if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
return( 0 );
else
return( ( entropy_len + 1 ) / 2 );
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
* mbedtls_ctr_drbg_seed(ctx, f_entropy, p_entropy, custom, len)
* implements
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
* security_strength) -> initial_working_state
* with inputs
* custom[:len] = nonce || personalization_string
* where entropy_input comes from f_entropy for ctx->entropy_len bytes
* and with outputs
* ctx = initial_working_state
*/
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
size_t nonce_len;
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
mbedtls_aes_init( &ctx->aes_ctx );
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
if( ctx->entropy_len == 0 )
ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
/* ctx->reseed_counter contains the desired amount of entropy to
* grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
* If it's -1, indicating that the entropy nonce length was not set
* explicitly, use a sufficiently large nonce for security. */
nonce_len = ( ctx->reseed_counter >= 0 ?
(size_t) ctx->reseed_counter :
good_nonce_len( ctx->entropy_len ) );
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
/* Initialize with an empty key. */
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );
}
/* Do the initial seeding. */
if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len,
nonce_len ) ) != 0 )
{
return( ret );
}
return( 0 );
}
/* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
* mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len)
* implements
@ -538,13 +585,13 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
exit:
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( 0 );
return( ret );
}
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
size_t output_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
@ -666,6 +713,15 @@ static const unsigned char nonce_pers_nopr[16] =
{ 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
static const unsigned char result_pr[16] =
{ 0x95, 0x3c, 0xa5, 0xbd, 0x44, 0x1, 0x34, 0xb7,
0x13, 0x58, 0x3e, 0x6a, 0x6c, 0x7e, 0x88, 0x8a };
static const unsigned char result_nopr[16] =
{ 0x6c, 0x25, 0x27, 0x95, 0xa3, 0x62, 0xd6, 0xdb,
0x90, 0xfd, 0x69, 0xb5, 0x42, 0x9, 0x4b, 0x84 };
#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static const unsigned char result_pr[16] =
{ 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
@ -673,6 +729,7 @@ static const unsigned char result_pr[16] =
static const unsigned char result_nopr[16] =
{ 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
static size_t test_offset;
static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
@ -708,8 +765,12 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_printf( " CTR_DRBG (PR = TRUE) : " );
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
(void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
CHK( mbedtls_ctr_drbg_seed( &ctx,
ctr_drbg_self_test_entropy,
(void *) entropy_source_pr,
nonce_pers_pr, 16 ) );
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
@ -729,8 +790,12 @@ int mbedtls_ctr_drbg_self_test( int verbose )
mbedtls_ctr_drbg_init( &ctx );
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
(void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
CHK( mbedtls_ctr_drbg_seed( &ctx,
ctr_drbg_self_test_entropy,
(void *) entropy_source_nopr,
nonce_pers_nopr, 16 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );

15
features/mbedtls/mbed-crypto/src/dhm.c
View File

@ -37,6 +37,7 @@
#include "mbedtls/dhm.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -137,7 +138,7 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
unsigned char **p,
const unsigned char *end )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( p != NULL && *p != NULL );
DHM_VALIDATE_RET( end != NULL );
@ -239,7 +240,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( P != NULL );
DHM_VALIDATE_RET( G != NULL );
@ -260,7 +261,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( input != NULL );
@ -396,7 +397,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GYb;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL );
@ -473,7 +474,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *p, *end;
#if defined(MBEDTLS_PEM_PARSE_C)
@ -627,7 +628,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
*/
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
DHM_VALIDATE_RET( dhm != NULL );
@ -679,7 +680,7 @@ static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_param
*/
int mbedtls_dhm_self_test( int verbose )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_dhm_context dhm;
mbedtls_dhm_init( &dhm );

21
features/mbedtls/mbed-crypto/src/ecdh.c
View File

@ -36,6 +36,7 @@
#include "mbedtls/ecdh.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -80,7 +81,7 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If multiplication is in progress, we already generated a privkey */
#if defined(MBEDTLS_ECP_RESTARTABLE)
@ -121,7 +122,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point P;
mbedtls_ecp_point_init( &P );
@ -199,7 +200,7 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
mbedtls_ecp_group_id grp_id )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
if( ret != 0 )
@ -307,7 +308,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
void *p_rng,
int restart_enabled )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t grp_len, pt_len;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
@ -414,7 +415,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
const unsigned char **buf,
const unsigned char *end )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( buf != NULL );
@ -451,7 +452,7 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If it's not our key, just import the public part as Qp */
if( side == MBEDTLS_ECDH_THEIRS )
@ -475,7 +476,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( key != NULL );
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
@ -530,7 +531,7 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
void *p_rng,
int restart_enabled )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif
@ -602,7 +603,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *buf, size_t blen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
@ -652,7 +653,7 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
void *p_rng,
int restart_enabled )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx *rs_ctx = NULL;
#endif

20
features/mbedtls/mbed-crypto/src/ecdsa.c
View File

@ -51,6 +51,7 @@
#endif
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
/* Parameter validation macros based on platform_util.h */
#define ECDSA_VALIDATE_RET( cond ) \
@ -229,7 +230,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
const unsigned char *buf, size_t blen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n_size = ( grp->nbits + 7 ) / 8;
size_t use_size = blen > n_size ? n_size : blen;
@ -297,7 +298,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
*p_sign_tries = 0;
do
{
if( *p_sign_tries++ > 10 )
if( (*p_sign_tries)++ > 10 )
{
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
@ -310,7 +311,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
*p_key_tries = 0;
do
{
if( *p_key_tries++ > 10 )
if( (*p_key_tries)++ > 10 )
{
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
@ -363,6 +364,7 @@ modn:
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
@ -429,7 +431,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context rng_ctx;
mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
@ -599,7 +601,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
const mbedtls_mpi *r, const mbedtls_mpi *s,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi e, s_inv, u1, u2;
mbedtls_ecp_point R;
mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
@ -723,7 +725,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
unsigned char *p = buf + sizeof( buf );
size_t len = 0;
@ -752,7 +754,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
void *p_rng,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
ECDSA_VALIDATE_RET( ctx != NULL );
ECDSA_VALIDATE_RET( hash != NULL );
@ -845,7 +847,7 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
const unsigned char *sig, size_t slen,
mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + slen;
size_t len;
@ -925,7 +927,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
*/
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECDSA_VALIDATE_RET( ctx != NULL );
ECDSA_VALIDATE_RET( key != NULL );

33
features/mbedtls/mbed-crypto/src/ecjpake.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/ecjpake.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -110,7 +111,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
const unsigned char *secret,
size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECJPAKE_VALIDATE_RET( ctx != NULL );
ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
@ -159,7 +160,7 @@ static int ecjpake_write_len_point( unsigned char **p,
const int pf,
const mbedtls_ecp_point *P )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
/* Need at least 4 for length plus 1 for point */
@ -199,7 +200,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
const char *id,
mbedtls_mpi *h )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char buf[ECJPAKE_HASH_BUF_LEN];
unsigned char *p = buf;
const unsigned char *end = buf + sizeof( buf );
@ -249,7 +250,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
const unsigned char **p,
const unsigned char *end )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V, VV;
mbedtls_mpi r, h;
size_t r_len;
@ -324,7 +325,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point V;
mbedtls_mpi v;
mbedtls_mpi h; /* later recycled to hold r */
@ -382,7 +383,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
const unsigned char **p,
const unsigned char *end )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( end < *p )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@ -422,7 +423,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( end < *p )
@ -457,7 +458,7 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
const unsigned char *buf,
size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
const unsigned char *end = buf + len;
@ -495,7 +496,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
const unsigned char *end = buf + len;
@ -553,7 +554,7 @@ static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *B,
const mbedtls_ecp_point *C )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi one;
mbedtls_mpi_init( &one );
@ -575,7 +576,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
const unsigned char *end = buf + len;
mbedtls_ecp_group grp;
@ -639,7 +640,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi b; /* Blinding value, then s + N * blinding */
mbedtls_mpi_init( &b );
@ -668,7 +669,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point G; /* C: GA, S: GB */
mbedtls_ecp_point Xm; /* C: Xc, S: Xs */
mbedtls_mpi xm; /* C: xc, S: xs */
@ -750,7 +751,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point K;
mbedtls_mpi m_xm2_s, one;
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
@ -956,7 +957,7 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
const unsigned char *xm1, size_t len1,
const unsigned char *xm2, size_t len2 )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
@ -1004,7 +1005,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
*/
int mbedtls_ecjpake_self_test( int verbose )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecjpake_context cli;
mbedtls_ecjpake_context srv;
unsigned char buf[512], pms[32];

77
features/mbedtls/mbed-crypto/src/ecp.c
View File

@ -81,6 +81,7 @@
#include "mbedtls/ecp.h"
#include "mbedtls/threading.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -634,7 +635,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
*/
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( P != NULL );
ECP_VALIDATE_RET( Q != NULL );
@ -662,7 +663,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src
*/
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( pt != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
@ -708,7 +709,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
const char *x, const char *y )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( P != NULL );
ECP_VALIDATE_RET( x != NULL );
ECP_VALIDATE_RET( y != NULL );
@ -903,7 +904,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
int format, size_t *olen,
unsigned char *buf, size_t blen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( pt != NULL );
ECP_VALIDATE_RET( olen != NULL );
@ -936,7 +937,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
const unsigned char **buf, size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( buf != NULL );
@ -1031,7 +1032,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
*/
static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( grp->modp == NULL )
return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
@ -1088,7 +1089,7 @@ static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp,
const mbedtls_mpi *A,
const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) );
MOD_MUL( *X );
cleanup:
@ -1108,7 +1109,7 @@ static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp,
const mbedtls_mpi *A,
const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
MOD_SUB( *X );
cleanup:
@ -1129,7 +1130,7 @@ static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
const mbedtls_mpi *A,
const mbedtls_mpi *B )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
MOD_ADD( *X );
cleanup:
@ -1140,7 +1141,7 @@ static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
size_t count )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
MOD_ADD( *X );
cleanup:
@ -1162,7 +1163,7 @@ cleanup:
*/
static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi Zi, ZZi;
if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
@ -1214,7 +1215,7 @@ cleanup:
static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *T[], size_t T_size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi *c, u, Zi, ZZi;
@ -1303,7 +1304,7 @@ static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *Q,
unsigned char inv )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char nonzero;
mbedtls_mpi mQY;
@ -1337,7 +1338,7 @@ cleanup:
static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *P )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi M, S, T, U;
#if defined(MBEDTLS_SELF_TEST)
@ -1433,7 +1434,7 @@ cleanup:
static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
#if defined(MBEDTLS_SELF_TEST)
@ -1521,7 +1522,7 @@ cleanup:
static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l, ll;
size_t p_size;
int count = 0;
@ -1693,7 +1694,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
unsigned char w, size_t d,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t j = 0;
const unsigned char T_size = 1U << ( w - 1 );
@ -1829,7 +1830,7 @@ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point T[], unsigned char T_size,
unsigned char i )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char ii, j;
/* Ignore the "sign" bit and scale down */
@ -1862,7 +1863,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Txi;
size_t i;
@ -1942,7 +1943,7 @@ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
unsigned char w,
unsigned char *parity_trick )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi M, mm;
mbedtls_mpi_init( &M );
@ -1988,7 +1989,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char parity_trick;
unsigned char k[COMB_MAX_D + 1];
mbedtls_ecp_point *RR = R;
@ -2083,7 +2084,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char w, p_eq_g, i;
size_t d;
unsigned char T_size, T_ok;
@ -2215,7 +2216,7 @@ cleanup:
*/
static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
@ -2241,7 +2242,7 @@ cleanup:
static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l;
size_t p_size;
int count = 0;
@ -2296,7 +2297,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
const mbedtls_mpi *d )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
@ -2344,7 +2345,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
unsigned char b;
mbedtls_ecp_point RP;
@ -2484,7 +2485,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
*/
static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi YY, RHS;
/* pt coordinates must be normalized for our checks */
@ -2537,7 +2538,7 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
{
@ -2569,7 +2570,7 @@ int mbedtls_ecp_muladd_restartable(
const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point mP;
mbedtls_ecp_point *pmP = &mP;
mbedtls_ecp_point *pR = R;
@ -2803,6 +2804,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
{
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
int count = 0;
unsigned cmp = 0;
/*
* Match the procedure given in RFC 6979 (deterministic ECDSA):
@ -2827,9 +2829,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
*/
if( ++count > 30 )
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
if( ret != 0 )
{
goto cleanup;
}
}
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 );
}
#endif /* ECP_SHORTWEIERSTRASS */
@ -2846,7 +2853,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( d != NULL );
ECP_VALIDATE_RET( G != NULL );
@ -2882,7 +2889,7 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET( key != NULL );
ECP_VALIDATE_RET( f_rng != NULL );
@ -2966,7 +2973,7 @@ cleanup:
*/
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q;
mbedtls_ecp_group grp;
ECP_VALIDATE_RET( pub != NULL );
@ -3012,7 +3019,7 @@ cleanup:
*/
int mbedtls_ecp_self_test( int verbose )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_ecp_group grp;
mbedtls_ecp_point R, P;

19
features/mbedtls/mbed-crypto/src/ecp_curves.c
View File

@ -29,6 +29,7 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -669,7 +670,7 @@ static int ecp_mod_p256k1( mbedtls_mpi * );
*/
static int ecp_use_curve25519( mbedtls_ecp_group *grp )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) );
@ -709,7 +710,7 @@ cleanup:
static int ecp_use_curve448( mbedtls_ecp_group *grp )
{
mbedtls_mpi Ns;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_init( &Ns );
@ -900,7 +901,7 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
*/
static int ecp_mod_p192( mbedtls_mpi *N )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_uint c = 0;
mbedtls_mpi_uint *p, *end;
@ -991,7 +992,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
* (see fix_negative for the motivation of C)
*/
#define INIT( b ) \
int ret; \
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
signed char c = 0, cc; \
uint32_t cur; \
size_t i = 0, bits = (b); \
@ -1027,7 +1028,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
*/
static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* C = - c * 2^(bits + 32) */
#if !defined(MBEDTLS_HAVE_INT64)
@ -1185,7 +1186,7 @@ cleanup:
*/
static int ecp_mod_p521( mbedtls_mpi *N )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P521_WIDTH + 1];
@ -1234,7 +1235,7 @@ cleanup:
*/
static int ecp_mod_p255( mbedtls_mpi *N )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P255_WIDTH + 2];
@ -1291,7 +1292,7 @@ cleanup:
*/
static int ecp_mod_p448( mbedtls_mpi *N )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
@ -1353,7 +1354,7 @@ cleanup:
static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];

23
features/mbedtls/mbed-crypto/src/entropy.c
View File

@ -36,6 +36,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -236,7 +237,7 @@ cleanup:
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
const unsigned char *data, size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@ -258,7 +259,9 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
*/
static int entropy_gather_internal( mbedtls_entropy_context *ctx )
{
int ret, i, have_one_strong = 0;
int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
int i;
int have_one_strong = 0;
unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
size_t olen;
@ -306,7 +309,7 @@ cleanup:
*/
int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@ -325,7 +328,8 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
{
int ret, count = 0, i, done;
int ret, count = 0, i, thresholds_reached;
size_t strong_size;
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
@ -363,12 +367,17 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
goto exit;
done = 1;
thresholds_reached = 1;
strong_size = 0;
for( i = 0; i < ctx->source_count; i++ )
{
if( ctx->source[i].size < ctx->source[i].threshold )
done = 0;
thresholds_reached = 0;
if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
strong_size += ctx->source[i].size;
}
}
while( ! done );
while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );

3
features/mbedtls/mbed-crypto/src/entropy_poll.c
View File

@ -36,6 +36,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_TIMING_C)
#include "mbedtls/timing.h"
@ -121,7 +122,7 @@ int mbedtls_platform_entropy_poll( void *data,
{
FILE *file;
size_t read_len;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) data);
#if defined(HAVE_GETRANDOM)

13
features/mbedtls/mbed-crypto/src/gcm.c
View File

@ -39,6 +39,7 @@
#include "mbedtls/gcm.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -168,7 +169,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
const unsigned char *key,
unsigned int keybits )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
GCM_VALIDATE_RET( ctx != NULL );
@ -246,7 +247,7 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
for( i = 15; i >= 0; i-- )
{
lo = x[i] & 0xf;
hi = x[i] >> 4;
hi = ( x[i] >> 4 ) & 0xf;
if( i != 15 )
{
@ -280,7 +281,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
const unsigned char *add,
size_t add_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char work_buf[16];
size_t i;
const unsigned char *p;
@ -365,7 +366,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char ectr[16];
size_t i;
const unsigned char *p;
@ -476,7 +477,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
size_t tag_len,
unsigned char *tag )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( iv != NULL );
@ -508,7 +509,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
size_t i;
int diff;

3
features/mbedtls/mbed-crypto/src/hkdf.c
View File

@ -29,13 +29,14 @@
#include <string.h>
#include "mbedtls/hkdf.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char prk[MBEDTLS_MD_MAX_SIZE];
ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );

40
features/mbedtls/mbed-crypto/src/hmac_drbg.c
View File

@ -35,6 +35,7 @@
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -74,7 +75,7 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
unsigned char sep[1];
unsigned char K[MBEDTLS_MD_MAX_SIZE];
int ret;
int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
@ -127,7 +128,7 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
const unsigned char *data, size_t data_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@ -159,7 +160,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
{
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
{
size_t total_entropy_len;
@ -251,7 +252,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const unsigned char *custom,
size_t len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t md_size;
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
@ -273,16 +274,19 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
/*
* See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
* each hash function, then according to SP800-90A rev1 10.1 table 2,
* min_entropy_len (in bits) is security_strength.
*
* (This also matches the sizes used in the NIST test vectors.)
*/
ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
32; /* better (256+) -> 256 bits */
if( ctx->entropy_len == 0 )
{
/*
* See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
* each hash function, then according to SP800-90A rev1 10.1 table 2,
* min_entropy_len (in bits) is security_strength.
*
* (This also matches the sizes used in the NIST test vectors.)
*/
ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
32; /* better (256+) -> 256 bits */
}
if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
1 /* add nonce */ ) ) != 0 )
@ -303,7 +307,7 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx
}
/*
* Set entropy length grabbed for reseeds
* Set entropy length grabbed for seeding
*/
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
{
@ -326,7 +330,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t out_len,
const unsigned char *additional, size_t add_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
size_t left = out_len;
@ -395,7 +399,7 @@ exit:
*/
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
#if defined(MBEDTLS_THREADING_C)
@ -431,7 +435,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
#if defined(MBEDTLS_FS_IO)
int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];

35
features/mbedtls/mbed-crypto/src/md.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/md.h"
#include "mbedtls/md_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/md2.h"
#include "mbedtls/md4.h"
@ -119,12 +120,14 @@ const mbedtls_md_info_t mbedtls_sha256_info = {
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
const mbedtls_md_info_t mbedtls_sha384_info = {
"SHA384",
MBEDTLS_MD_SHA384,
48,
128,
};
#endif
const mbedtls_md_info_t mbedtls_sha512_info = {
"SHA512",
@ -141,8 +144,10 @@ static const int supported_digests[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
#if !defined(MBEDTLS_SHA512_NO_SHA384)
MBEDTLS_MD_SHA384,
#endif
#endif
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
@ -210,8 +215,10 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
if( !strcmp( "SHA384", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
#endif
if( !strcmp( "SHA512", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
#endif
@ -249,8 +256,10 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
return( &mbedtls_sha256_info );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( &mbedtls_sha384_info );
#endif
case MBEDTLS_MD_SHA512:
return( &mbedtls_sha512_info );
#endif
@ -305,7 +314,9 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
mbedtls_sha512_free( ctx->md_ctx );
break;
@ -371,7 +382,9 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
break;
@ -438,7 +451,9 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
break;
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
#endif
case MBEDTLS_MD_SHA512:
ALLOC( sha512 );
break;
@ -497,8 +512,10 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
#endif
@ -541,8 +558,10 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
#endif
@ -585,8 +604,10 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
#endif
@ -630,8 +651,10 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
#endif
@ -643,7 +666,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
#if defined(MBEDTLS_FS_IO)
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
FILE *f;
size_t n;
mbedtls_md_context_t ctx;
@ -683,7 +706,7 @@ cleanup:
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
unsigned char *ipad, *opad;
size_t i;
@ -738,7 +761,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
@ -762,7 +785,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ipad;
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
@ -781,7 +804,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
unsigned char *output )
{
mbedtls_md_context_t ctx;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( md_info == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@ -838,8 +861,10 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
#endif
#if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
#endif
case MBEDTLS_MD_SHA512:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
#endif

7
features/mbedtls/mbed-crypto/src/md2.c
View File

@ -35,6 +35,7 @@
#include "mbedtls/md2.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -170,7 +171,7 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
const unsigned char *input,
size_t ilen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
while( ilen > 0 )
@ -212,7 +213,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx,
int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
unsigned char x;
@ -250,7 +251,7 @@ int mbedtls_md2_ret( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md2_context ctx;
mbedtls_md2_init( &ctx );

7
features/mbedtls/mbed-crypto/src/md4.c
View File

@ -35,6 +35,7 @@
#include "mbedtls/md4.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -253,7 +254,7 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
const unsigned char *input,
size_t ilen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
@ -323,7 +324,7 @@ static const unsigned char md4_padding[64] =
int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
@ -371,7 +372,7 @@ int mbedtls_md4_ret( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md4_context ctx;
mbedtls_md4_init( &ctx );

7
features/mbedtls/mbed-crypto/src/md5.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/md5.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -259,7 +260,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t fill;
uint32_t left;
@ -318,7 +319,7 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx,
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
uint32_t high, low;
@ -386,7 +387,7 @@ int mbedtls_md5_ret( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md5_context ctx;
mbedtls_md5_init( &ctx );

3
features/mbedtls/mbed-crypto/src/nist_kw.c
View File

@ -39,6 +39,7 @@
#include "mbedtls/nist_kw.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <stdint.h>
#include <string.h>
@ -116,7 +117,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
unsigned int keybits,
const int is_wrap )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values( cipher,

3
features/mbedtls/mbed-crypto/src/oid.c
View File

@ -31,6 +31,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
#include <stdio.h>
#include <string.h>
@ -732,7 +733,7 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pb
int mbedtls_oid_get_numeric_string( char *buf, size_t size,
const mbedtls_asn1_buf *oid )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n;
unsigned int value;
char *p;

11
features/mbedtls/mbed-crypto/src/pem.c
View File

@ -34,6 +34,7 @@
#include "mbedtls/md5.h"
#include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -85,7 +86,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen,
mbedtls_md5_context md5_ctx;
unsigned char md5sum[16];
size_t use_len;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md5_init( &md5_ctx );
@ -146,7 +147,7 @@ static int pem_des_decrypt( unsigned char des_iv[8],
{
mbedtls_des_context des_ctx;
unsigned char des_key[8];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_des_init( &des_ctx );
@ -174,7 +175,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8],
{
mbedtls_des3_context des3_ctx;
unsigned char des3_key[24];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_des3_init( &des3_ctx );
@ -204,7 +205,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
{
mbedtls_aes_context aes_ctx;
unsigned char aes_key[32];
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_aes_init( &aes_ctx );
@ -439,7 +440,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
unsigned char *buf, size_t buf_len, size_t *olen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *encode_buf = NULL, *c, *p = buf;
size_t len = 0, use_len, add_len = 0;

18
features/mbedtls/mbed-crypto/src/pk.c
View File

@ -30,6 +30,7 @@
#include "mbedtls/pk_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
@ -297,7 +298,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
mbedtls_ecp_restart_is_enabled() &&
ctx->pk_info->verify_rs_func != NULL )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
return( ret );
@ -354,7 +355,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
if( type == MBEDTLS_PK_RSASSA_PSS )
{
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_rsassa_pss_options *pss_opts;
#if SIZE_MAX > UINT_MAX
@ -420,7 +421,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
mbedtls_ecp_restart_is_enabled() &&
ctx->pk_info->sign_rs_func != NULL )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
return( ret );
@ -604,7 +605,8 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
psa_ecc_curve_t curve_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
int ret;
size_t bits;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* export the private key material in the format PSA wants */
if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
@ -615,13 +617,13 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
return( ret );
curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
/* prepare the key attributes */
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
psa_set_key_bits( &attributes, bits );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
/* import private key into PSA */

53
features/mbedtls/mbed-crypto/src/pk_wrap.c
View File

@ -27,6 +27,7 @@
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk_internal.h"
#include "mbedtls/error.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
@ -83,7 +84,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
size_t rsa_len = mbedtls_rsa_get_len( rsa );
@ -248,7 +249,7 @@ static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init( &ecdsa );
@ -266,7 +267,7 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init( &ecdsa );
@ -340,7 +341,7 @@ static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *sig, size_t sig_len,
void *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
/* Should never happen */
@ -365,7 +366,7 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
void *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
eckey_restart_ctx *rs = rs_ctx;
/* Should never happen */
@ -490,7 +491,7 @@ static int ecdsa_can_do( mbedtls_pk_type_t type )
static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
unsigned char *to, size_t to_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t unpadded_len, padding_len;
if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
@ -524,7 +525,7 @@ static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end
static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
unsigned char *sig, size_t int_size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t tmp_size;
if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
@ -541,11 +542,12 @@ static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
return( 0 );
}
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
mbedtls_ecdsa_context *ctx = ctx_arg;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t key_handle = 0;
psa_status_t status;
@ -556,9 +558,10 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
unsigned char *p;
mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
psa_algorithm_t psa_sig_md, psa_md;
psa_ecc_curve_t curve = mbedtls_psa_translate_ecc_group(
( (mbedtls_ecdsa_context *) ctx )->grp.id );
const size_t signature_part_size = ( ( (mbedtls_ecdsa_context *) ctx )->grp.nbits + 7 ) / 8;
size_t curve_bits;
psa_ecc_curve_t curve =
mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
if( curve == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@ -578,7 +581,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
psa_sig_md = PSA_ALG_ECDSA( psa_md );
psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, psa_sig_md );
status = psa_import_key( &attributes,
@ -605,9 +608,9 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
goto cleanup;
}
if( psa_asymmetric_verify( key_handle, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size )
if( psa_verify_hash( key_handle, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size )
!= PSA_SUCCESS )
{
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
@ -630,7 +633,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
@ -658,7 +661,7 @@ static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *sig, size_t sig_len,
void *rs_ctx )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
ret = mbedtls_ecdsa_read_signature_restartable(
@ -774,6 +777,8 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
md_alg, (unsigned int) hash_len, hash, sig ) );
@ -802,7 +807,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32];
size_t sig_len = 0;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
@ -923,7 +928,7 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type )
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
size_t n_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( (size_t)( *p - start ) < n_len )
@ -975,7 +980,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
size_t buf_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const size_t rs_len = *sig_len / 2;
unsigned char *p = sig + buf_len;
@ -1017,10 +1022,12 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
return( mbedtls_psa_err_translate_pk( status ) );
buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
psa_reset_key_attributes( &attributes );
if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* make the signature */
status = psa_asymmetric_sign( *key, alg, hash, hash_len,
sig, buf_len, sig_len );
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, buf_len, sig_len );
if( status != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( status ) );

7
features/mbedtls/mbed-crypto/src/pkcs12.c
View File

@ -37,6 +37,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -53,7 +54,7 @@
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char **p = &params->p;
const unsigned char *end = params->p + params->len;
@ -145,7 +146,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
((void) output);
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
#else
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[16];
mbedtls_arc4_context ctx;
((void) mode);
@ -250,7 +251,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
const unsigned char *salt, size_t saltlen,
mbedtls_md_type_t md_type, int id, int iterations )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int j;
unsigned char diversifier[128];

3
features/mbedtls/mbed-crypto/src/pkcs5.c
View File

@ -38,6 +38,7 @@
#if defined(MBEDTLS_PKCS5_C)
#include "mbedtls/pkcs5.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
@ -59,7 +60,7 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf prf_alg_oid;
unsigned char *p = params->p;
const unsigned char *end = params->p + params->len;

149
features/mbedtls/mbed-crypto/src/pkparse.c
View File

@ -31,6 +31,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -130,7 +131,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *pwd )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
@ -157,7 +158,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
*/
int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
@ -188,7 +189,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
mbedtls_asn1_buf *params )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ( end - *p < 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
@ -243,7 +244,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
*/
static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = params->p;
const unsigned char * const end = params->p + params->len;
const unsigned char *end_field, *end_curve;
@ -433,7 +434,7 @@ cleanup:
static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
mbedtls_ecp_group_id *grp_id )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
mbedtls_ecp_group_init( &grp );
@ -460,7 +461,7 @@ cleanup:
*/
static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
if( params->tag == MBEDTLS_ASN1_OID )
@ -500,7 +501,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g
static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
mbedtls_ecp_keypair *key )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
(const unsigned char *) *p, end - *p ) ) == 0 )
@ -528,7 +529,7 @@ static int pk_get_rsapubkey( unsigned char **p,
const unsigned char *end,
mbedtls_rsa_context *rsa )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
@ -583,7 +584,7 @@ static int pk_get_pk_alg( unsigned char **p,
const unsigned char *end,
mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf alg_oid;
memset( params, 0, sizeof(mbedtls_asn1_buf) );
@ -615,7 +616,7 @@ static int pk_get_pk_alg( unsigned char **p,
int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
mbedtls_pk_context *pk )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
mbedtls_asn1_buf alg_params;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
@ -677,6 +678,32 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
}
#if defined(MBEDTLS_RSA_C)
/*
* Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
*
* The value zero is:
* - never a valid value for an RSA parameter
* - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
*
* Since values can't be omitted in PKCS#1, passing a zero value to
* rsa_complete() would be incorrect, so reject zero values early.
*/
static int asn1_get_nonzero_mpi( unsigned char **p,
const unsigned char *end,
mbedtls_mpi *X )
{
int ret;
ret = mbedtls_asn1_get_mpi( p, end, X );
if( ret != 0 )
return( ret );
if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
return( 0 );
}
/*
* Parse a PKCS#1 encoded private RSA key
*/
@ -729,54 +756,84 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
}
/* Import N */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
NULL, 0, NULL, 0 ) ) != 0 )
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
NULL, NULL ) ) != 0 )
goto cleanup;
p += len;
/* Import E */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
NULL, 0, p, len ) ) != 0 )
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
NULL, &T ) ) != 0 )
goto cleanup;
p += len;
/* Import D */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
p, len, NULL, 0 ) ) != 0 )
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
&T, NULL ) ) != 0 )
goto cleanup;
p += len;
/* Import P */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
NULL, 0, NULL, 0 ) ) != 0 )
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
NULL, NULL ) ) != 0 )
goto cleanup;
p += len;
/* Import Q */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
NULL, 0, NULL, 0 ) ) != 0 )
goto cleanup;
p += len;
/* Complete the RSA private key */
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
NULL, NULL ) ) != 0 )
goto cleanup;
/* Check optional parameters */
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
/*
* The RSA CRT parameters DP, DQ and QP are nominally redundant, in
* that they can be easily recomputed from D, P and Q. However by
* parsing them from the PKCS1 structure it is possible to avoid
* recalculating them which both reduces the overhead of loading
* RSA private keys into memory and also avoids side channels which
* can arise when computing those values, since all of D, P, and Q
* are secret. See https://eprint.iacr.org/2020/055 for a
* description of one such attack.
*/
/* Import DP */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
goto cleanup;
/* Import DQ */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
goto cleanup;
/* Import QP */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
goto cleanup;
#else
/* Verify existance of the CRT params */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
goto cleanup;
#endif
/* rsa_complete() doesn't complete anything with the default
* implementation but is still called:
* - for the benefit of alternative implementation that may want to
* pre-compute stuff beyond what's provided (eg Montgomery factors)
* - as is also sanity-checks the key
*
* Furthermore, we also check the public part for consistency with
* mbedtls_pk_parse_pubkey(), as it includes size minima for example.
*/
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
{
goto cleanup;
}
if( p != end )
{
@ -811,7 +868,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
const unsigned char *key,
size_t keylen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done;
size_t len;
mbedtls_asn1_buf params;
@ -1164,7 +1221,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info;
#if defined(MBEDTLS_PEM_PARSE_C)
size_t len;
@ -1376,7 +1433,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p;
#if defined(MBEDTLS_RSA_C)
const mbedtls_pk_info_t *pk_info;

48
features/mbedtls/mbed-crypto/src/pkwrite.c
View File

@ -31,6 +31,7 @@
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -38,7 +39,9 @@
#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
@ -75,7 +78,7 @@
static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
mbedtls_rsa_context *rsa )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_mpi T;
@ -114,7 +117,7 @@ end_of_export:
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
@ -142,7 +145,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const char *oid;
size_t oid_len;
@ -154,12 +157,32 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
return( (int) len );
}
/*
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
*/
static int pk_write_ec_private( unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
if( ret != 0 )
goto exit;
ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
exit:
mbedtls_platform_zeroize( tmp, byte_length );
return( ret );
}
#endif /* MBEDTLS_ECP_C */
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
PK_VALIDATE_RET( p != NULL );
@ -207,7 +230,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0, par_len = 0, oid_len;
mbedtls_pk_type_t pk_type;
@ -250,18 +273,20 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
psa_key_type_t key_type;
psa_key_handle_t handle;
psa_ecc_curve_t curve;
size_t bits;
handle = *((psa_key_handle_t*) key->pk_ctx );
if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
key_type = psa_get_key_type( &attributes );
bits = psa_get_key_bits( &attributes );
psa_reset_key_attributes( &attributes );
curve = PSA_KEY_TYPE_GET_CURVE( key_type );
if( curve == 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len );
ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
if( ret != 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
@ -293,7 +318,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0;
@ -424,9 +449,8 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
len += par_len;
/* privateKey: write as MPI then fix tag */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
*c = MBEDTLS_ASN1_OCTET_STRING;
/* privateKey */
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
/* version */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
@ -537,7 +561,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
@ -562,7 +586,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si
int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
size_t olen = 0;

5
features/mbedtls/mbed-crypto/src/platform.c
View File

@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
/* The compile time configuration of memory allocation via the macros
* MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO takes precedence over the runtime
@ -86,7 +87,7 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
#include <stdarg.h>
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
va_list argp;
va_start( argp, fmt );
@ -131,7 +132,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
#include <stdarg.h>
int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Avoid calling the invalid parameter handler by checking ourselves */
if( s == NULL || n == 0 || fmt == NULL )

5
features/mbedtls/mbed-crypto/src/poly1305.c
View File

@ -30,6 +30,7 @@
#include "mbedtls/poly1305.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include <string.h>
@ -423,7 +424,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
unsigned char mac[16] )
{
mbedtls_poly1305_context ctx;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
POLY1305_VALIDATE_RET( key != NULL );
POLY1305_VALIDATE_RET( mac != NULL );
POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
@ -529,7 +530,7 @@ int mbedtls_poly1305_self_test( int verbose )
{
unsigned char mac[16];
unsigned i;
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
for( i = 0U; i < 2U; i++ )
{

Some files were not shown because too many files have changed in this diff Show More